Guest Dylan Posted September 5, 2008 Posted September 5, 2008 I've followed the step-by-step guide for TS Session broker and TS Gateway but was wondering how to make both work together. With TS Session Broker, all TS servers are published on the DNS with the same farm name in a round robin fashion but TS Gateway manages TS servers with security group. HOw can one publish just the Gateway server to public facing and still achive load balancing using TS Session Broker without publish IP of the TS servers? Thanks.
Guest kdavydychev Posted September 6, 2008 Posted September 6, 2008 Re: Session Broker and TS Gateway On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote: > I've followed the step-by-step guide for TS Session broker and TS Gateway but > was wondering how to make both work together. With TS Session Broker, all TS > servers are published on the DNS with the same farm name in a round robin > fashion but TS Gateway manages TS servers with security group. HOw can one > publish just the Gateway server to public facing and still achive load > balancing using TS Session Broker without publish IP of the TS servers? > > Thanks. You can use a "dummy" Terminal Server - one that is set to not accept incoming connections - to handle all initial connection requests and query the Session Broker to determine the best terminal server for redirection. This dummy server will experience low loads, so it may be a good idea to put it on the same physical machine as the Gateway and/ or the Session Broker. However, I am not certain about whether this is going to bypass TS RAPs or not - I need to do some more testing myself.
Guest Dylan Posted September 8, 2008 Posted September 8, 2008 Re: Session Broker and TS Gateway That takes care of the session broker part but how does it work with TS Gateway? Session broker will route and hand off the connection to the proper TS server but how does TS gateway play into this? If I don't want to assign NAT to the TS servers, public RDP request will not be able to connect to TS servers with only private IP assigned without going through TS Gateway server, or am I not thinking right? "kdavydychev" wrote: > On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote: > > I've followed the step-by-step guide for TS Session broker and TS Gateway but > > was wondering how to make both work together. With TS Session Broker, all TS > > servers are published on the DNS with the same farm name in a round robin > > fashion but TS Gateway manages TS servers with security group. HOw can one > > publish just the Gateway server to public facing and still achive load > > balancing using TS Session Broker without publish IP of the TS servers? > > > > Thanks. > > You can use a "dummy" Terminal Server - one that is set to not accept > incoming connections - to handle all initial connection requests and > query the Session Broker to determine the best terminal server for > redirection. This dummy server will experience low loads, so it may be > a good idea to put it on the same physical machine as the Gateway and/ > or the Session Broker. However, I am not certain about whether this is > going to bypass TS RAPs or not - I need to do some more testing myself. >
Guest Jeff Pitsch Posted September 8, 2008 Posted September 8, 2008 Re: Session Broker and TS Gateway TSGateway acts as a man in the middle for all terminal servers. The clients only talk to TSGateway and the terminal servers only talk to TSGateway. Clients and TS never talk directly to each other. -- Jeff Pitsch Microsoft MVP - Terminal Services "Dylan" <Dylan@discussions.microsoft.com> wrote in message news:BAF04419-1DBD-46A9-9717-D80350FDD75C@microsoft.com... > That takes care of the session broker part but how does it work with TS > Gateway? Session broker will route and hand off the connection to the > proper > TS server but how does TS gateway play into this? If I don't want to > assign > NAT to the TS servers, public RDP request will not be able to connect to > TS > servers with only private IP assigned without going through TS Gateway > server, or am I not thinking right? > > > "kdavydychev" wrote: > >> On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote: >> > I've followed the step-by-step guide for TS Session broker and TS >> > Gateway but >> > was wondering how to make both work together. With TS Session Broker, >> > all TS >> > servers are published on the DNS with the same farm name in a round >> > robin >> > fashion but TS Gateway manages TS servers with security group. HOw can >> > one >> > publish just the Gateway server to public facing and still achive load >> > balancing using TS Session Broker without publish IP of the TS servers? >> > >> > Thanks. >> >> You can use a "dummy" Terminal Server - one that is set to not accept >> incoming connections - to handle all initial connection requests and >> query the Session Broker to determine the best terminal server for >> redirection. This dummy server will experience low loads, so it may be >> a good idea to put it on the same physical machine as the Gateway and/ >> or the Session Broker. However, I am not certain about whether this is >> going to bypass TS RAPs or not - I need to do some more testing myself. >>
Guest Dylan Posted September 8, 2008 Posted September 8, 2008 Re: Session Broker and TS Gateway Yes, TSGateway works that way. I understand that. My question is how do TSGateway work with TS Session Broker. "Jeff Pitsch" wrote: > TSGateway acts as a man in the middle for all terminal servers. The clients > only talk to TSGateway and the terminal servers only talk to TSGateway. > Clients and TS never talk directly to each other. > > -- > Jeff Pitsch > Microsoft MVP - Terminal Services > > "Dylan" <Dylan@discussions.microsoft.com> wrote in message > news:BAF04419-1DBD-46A9-9717-D80350FDD75C@microsoft.com... > > That takes care of the session broker part but how does it work with TS > > Gateway? Session broker will route and hand off the connection to the > > proper > > TS server but how does TS gateway play into this? If I don't want to > > assign > > NAT to the TS servers, public RDP request will not be able to connect to > > TS > > servers with only private IP assigned without going through TS Gateway > > server, or am I not thinking right? > > > > > > "kdavydychev" wrote: > > > >> On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote: > >> > I've followed the step-by-step guide for TS Session broker and TS > >> > Gateway but > >> > was wondering how to make both work together. With TS Session Broker, > >> > all TS > >> > servers are published on the DNS with the same farm name in a round > >> > robin > >> > fashion but TS Gateway manages TS servers with security group. HOw can > >> > one > >> > publish just the Gateway server to public facing and still achive load > >> > balancing using TS Session Broker without publish IP of the TS servers? > >> > > >> > Thanks. > >> > >> You can use a "dummy" Terminal Server - one that is set to not accept > >> incoming connections - to handle all initial connection requests and > >> query the Session Broker to determine the best terminal server for > >> redirection. This dummy server will experience low loads, so it may be > >> a good idea to put it on the same physical machine as the Gateway and/ > >> or the Session Broker. However, I am not certain about whether this is > >> going to bypass TS RAPs or not - I need to do some more testing myself. > >> > > >
Guest kdavydychev Posted September 9, 2008 Posted September 9, 2008 Re: Session Broker and TS Gateway TS Gateway never talks to Session Broker - they are two completely separate entities. The Session Broker only communicates with the actual Terminal Servers, and is not aware that there even is a Gateway.
Guest Dylan Posted September 9, 2008 Posted September 9, 2008 Re: Session Broker and TS Gateway So that brings up my original question, can they work together to provide security as well as load balancing? Since gateway server serves as proxy server between the client and the TS servers and doesn't provide load balance, I like to incorporate session broker for its function of load balancing as well as the ability to reconnect to disconnected session. Is it possible to have both roles work together to achieve this? As I understand it, gateway server works with TS servers base on hostname but session broker works base on unique farm name, correct? When I initiate a rdp connection to one of the TS server that is part of the farm by specify its hostname in mstsc, the session doesn't get re-route to another TS server that's also part of the farm and had my disconnect session. I'm assuming its because I didn't use the farm name to connect so session broker doesn't acknowledge my connection therefore does not redirect me to the disconnected session. If that's the case, rdp traffic coming through gateway server should be treated the same way, without querying session broker, so my connection would go to the TS server that the gateway server allocates? "kdavydychev" wrote: > TS Gateway never talks to Session Broker - they are two completely > separate entities. The Session Broker only communicates with the > actual Terminal Servers, and is not aware that there even is a Gateway. >
Recommended Posts