RDS 2008 R2 and F5 Load Balancing

Question

Hi all&nbsp;
 &nbsp;
I am planning the following RDS 2008 R2 Solution&nbsp;
2,500 concurrent users&nbsp;
RDS Gateway as clients are on different secure network to servers, firewalled and NAT&nbsp;
RDS BRokers for connection management (2 of ideally to avoiod single point of failure)&nbsp;
Dedicated Recdirectors to take connection load of main session hosts servers&nbsp;
Web Servers for Remote App capability&nbsp;
 &nbsp;
I need this all load balanced and my hosting team have suggest F5 LTMs.&nbsp;
I have read the usual RDS guide from F5 http://www.f5.com/pdf/deployment-gu...ces-dg.pdf&nbsp;
It talks about a few scenarios that I would like to use but does not tell you whether you can use multiple scenarios, even if they need to be on seperate virtual F5s.&nbsp;
I want the two RD Gateways load balanced which seems ok as per Scenario 2.&nbsp;
I also want the web servers load balanced as per Scenario 3, seperate Virtual F5.&nbsp;
But Scenario 1 talks about load balancing the RDS Broker/Session Host servers.  Can this be done as well as the other Scenarios?  Does this work for multiple RDS Brokers without the need for MS Clustering?&nbsp;
Anyone done any F5 with large RDS farms before?&nbsp;
 &nbsp;
many thanks&nbsp;
 &nbsp;
 &nbsp;
 &nbsp;
 &nbsp;

mikeshimkus_111 · Answer

Hi fox, in Windows 2008 R2 F5 cannot be used to load balance the connection broker servers.  This guidance is only applicable to Windows 2012 connection broker using the new HA feature. 
&nbsp;  
&nbsp; You can deploy RD Gateway, RD Web Access, and RD Session Host load balancing on the same BIG-IP at the same time. 
&nbsp; Thanks 
&nbsp; Mike

fox_129626 · Answer

thanks for the reply.&nbsp;
 &nbsp;
I have to use 2008 r2, not allowed to use nice new HA in 2012 RDS yet.&nbsp;
 &nbsp;
So Lets assume I use F5 on my internal network to host the name of my RDS Gateway farm, the name of my web servers (dns alias).&nbsp;
 &nbsp;
Are you saying with F5 I don't need a broker server or that with 2008 R2 I can only use 1 of them.  I really don't want to use native MS clustering to have 2 broker servers.&nbsp;
 &nbsp;
I always thought the broker server was needed to manage your connections and to reconnect to existing connections ETC.&nbsp;
 &nbsp;
many thanks&nbsp;

mikeshimkus_111 · Answer

You do need the Connection Broker set up in your environment.  BIG-IP will honor the broker token, assuming you have selected the MSRDP persistence profile on your RD Session Host virtual server; however, no connections from Session Host to Connection Broker will pass through the LTM.  The Session Host servers will simply talk directly to the Connection Broker, however you have that set up.  I think you will need clustering to have multiple CB servers in 2008, though.

fox_129626 · Answer

ah ok that is a shame that I need MS clustering on the brokers.&nbsp;
 &nbsp;
on the broker token I assume you mean the connection broker redirection mode, select "token redirection" ?&nbsp;
 &nbsp;
If I select two session host servers, put them in drain mode to make them dedicated redirectors, then put them in as the servers the gateways go to I assume I get the following client to server flow.&nbsp;
 &nbsp;
RDP client to RD Gateway farm name---&gt;443 through Firewall--&gt;F5--&gt; selected RD Gateway---&gt; Gateway RDP to one of the Dedicated Redirectors---&gt;Broker to check for best server or alreay connected session ---------  then back the same way to the client within the token&nbsp;
 &nbsp;
Is that how you see it?&nbsp;
 &nbsp;
really appreciate this&nbsp;
 &nbsp;
 &nbsp;

mikeshimkus_111 · Answer

Yes, that should work.  In the case where you are only connecting to the RD Gateway servers through the BIG-IP, you don't even need to use the MSRDP persistence profile.  The RD Gateway servers, not BIG-IP, will use the token to send the client to the correct RD Session Host server.

Forum Discussion

RDS 2008 R2 and F5 Load Balancing

6 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

NGINXaaS for Azure: Load Balancing

What is Load Balancing?

Deploying F5 BIG-IP with Azure Cross-region load balancer

Load Balancing WebSockets