RDS 2012 Connection Broker Clarification

Hi Josh, you are correct about scenario 1. RD Gateway servers are optional, but if you are using them and HA for Connection Broker, and have configured your RDCB HA FQDN to point to the RDCB virtual server, LTM will load balance those connections.

When users connect directly to the Session Host servers, those servers connect directly to the Connection Broker for a session token. LTM will honor the session token when persisting connections. The HA configuration for Connection Broker never comes into play in this scenario.

thanks

Mike

Mike,

Thanks for the clarification. If the HA configuration for the CB never comes into play, then why does Scenario 1 ask me to create a VS for the RDSCB servers? How do the Session Host servers know how to communicate with the CB VIP? Do I need to somehow tell the Session Host servers what the VIP for CB is?

Thanks,

Josh

I see what you mean. The RDCB HA configuration should really be part of scenario 2, since it's only used by the RD Gateway servers.

You need to define the RD Connection Broker farm name in your Remote Desktop configuration. The FQDN you use for the farm name should resolve to the IP address of your Connection Broker virtual server on LTM.

We'll clarify this in the deployment guide.

Ok, so the users connect directly to the Connection Broker virtual server, not the Session Host virtual server. Then, the CB somehow redirects users to the session host nodes. Correct?

Thanks again for the help.

The users connect to the RD Gateway servers, which then look up the Connection Broker farm name to find the correct Session Host server to connect to. This lookup from Gateway to Connection Broker will pass through the LTM RDCB VIP if you have the farm name configured to resolve to it.

Users connecting directly to the Session Host servers will possible get redirected to another server IF they already have an existing session on that server. In this case the Session Host communicates directly with the Connection Broker to get the session token, not through the LTM RDCB VIP.

Mike,

I feel like I am beating a dead horse here. But, I'm going to give this one more shot. I appreciate your help! We don't want or need RD Gateway servers. We have 2 connection brokers and 3 session host nodes.

• We have HA RDCB configured with a DNS round-robin name of "rds.mydomain.com."
• We created VS on the LTM that contains the three Session Host servers on TCP/3389. rds.mydomain.com resolves to the VIP. The pool uses MS RDP persistence.

When a user RDP's to the session host VS, the user RDP client connects to one of the three servers, but then re-directs to another one of the three servers. It would seem like the connection broker is handling the persistence and not the BIG-IP.

Is this configuation correct? Do I need a VS for the Connection Broker hosts as well? If so, how does this VS come into play. We don't see a way to configure a connection broker host/VIP in the RDS configuration.

Thanks again for your help. I feel like the guide is mixing 2008R2 and 2012R2 configuration and it's slightly confusing.

You don't need a virtual server for Connection Broker if you aren't using RD Gateway. The Session Host servers contact the Connection Broker directly for a persistence token that is passed to the client. When the client connects again through the Session Host virtual server, the LTM MSRDP profile will read that token and send the client to the proper Session Host server without making a load balancing decision.

Ok, so it sounds like our config is pretty much correct. Here is what I am actually seeing:

• Start a new/fresh RDP session to rds.example.com
• LTM directs me to SH-01
• Close (not logoff) this session
• Start another RDP session to rds.example.com
• RDP client first informs me that I am connecting to SH-03
• Click Ok (SSL Cert)
• RDP client now informs me that I am connecting/being redirected to SH-01 (the server where my session is open)

A single MSRDP persistence record exists on the LTM. Am I understanding correctly that the redirection from SH-03 to SH-01 shouldn't happen since the MSRDP persistence record already exists on the LTM? Should the LTM direct me straight to SH-01 since that is where my active session is?

Thanks

In my experience, you should get a redirection. The "second" client gets the token as part of the redirection after it has tried to connect to the "wrong" RDSH server, and presents the token to the LTM, which tries to match it to the persistence table. I don't think the second client has the token on its initial connection, because at that time it's seen as a new session.

Ok, thanks for the help, Mike.