I have been working with Remote Desktop Services (aka Terminal Services) since Windows Server 2003, however, Microsoft support has ended on July 14th 2015 for Server 2003, Windows Server 2003 R2, SBS 2003 and SBS 2003 R2, but still you plan on not upgrading?
Remote Desktop Services High Availability Challenges
As more organizations begin to adopt Desktop Virtualization in Windows Server 2012 R2, users are becoming increasingly dependent on Remote Desktop Services to securely access corporate resources from virtually anywhere while they stay productive when they are away from the office. To ensure the highest levels of availability, system engineers should identify and eliminate any potential single points of failure in the solution.
Remote Desktop Services Role Highly Available
Microsoft Remote Desktop Services – High Availability. (Image Source: Microsoft)
- Remote Desktop Session Host (RD Session Host)
- Remote Desktop Connection Broker (RD Connection Broker)
- Remote Desktop Virtualization Host (RD Virtualization Host)
- Remote Desktop Web Access (RD Web Access)
- Remote Desktop Licensing (RD Licensing) and Remote Desktop Gateway (RD Gateway)
Remote Desktop Services includes several components designed to eliminate single point of failure.
RD Gateway: High availability of the RD Gateway role service is achieved by deploying it in Windows Network Load Balancing (WNLB) cluster to load balance the RD Gateway traffic, or you could also use DNS round robin in place of an NLB cluster to make the RD Gateway role service highly available. One disadvantage with DNS round robin (DNSRR) is that it cannot act as a fail-over cluster. Therefore, if one server fails, clients might continue to attempt connection to the failed server. The optimal and effective solution is to use a third-party load balancer such as KEMP!
RD Web Access: High availability of the RD Web Access role service is achieved by deploying it in an active-active mode. Multiple RD Web Access servers can be configured as part of a Windows Network Load Balancing (WNLB) cluster to achieve this, or you could also use DNS round robin in place of an NLB cluster to make the RD Web Access role service highly available.
RD Connection Broker: One of the biggest improvements to high availability in Windows Server 2012 Remote Desktop Services is the RD Connection Broker (Active/Active). This RD Connection Broker will start automatically load balancing sessions for the RD Session Host servers farm in your deployment. In previous versions, the RD Connection Broker was only supported (Active/Passive) clustering. That provided basic redundancy, but it did not allow you to scale out as load increased.
RD Session Host: A high availability solution for the RD Session Host server consists of high availability of the hardware, as well as high availability of the Remote Desktop Session Host role service. You create a farm of multiple RD Session Host servers.
RD Virtualization Host: This role is installed on the Hyper-V host for virtual desktops. Setting up a failover cluster environment with multiple Hyper-V hosts will ensure that in the event of a hardware failure on a Hyper-V host, the virtual machines will fail over to another Hyper-V host and automatically start on a second node.
RD Licensing: A high availability solution for the RD Licensing role consists of high availability of the hardware, as well as high availability of the Remote Desktop Licensing role service. You can deploy multiple RD Licensing servers.
Microsoft Remote Desktop Services – High Availability Deployment. (Image Credit: Charbel Nemnom)
Windows Network Load Balancing Clusters
It’s time to graduate and say goodbye to Windows NLB. NLB suffers from many serious drawbacks and should be avoided in production if possible. NLB cluster uses layer two broadcasts for heartbeat communication, which generates an excessive amount of noise on the network. NLB also lacks application awareness, which may result in network traffic being delivered to a RDS host that is not capable of handling those requests. In addition, NLB requires static ARP configuration for Multicast mode over routed subnet, and finally you need to make sure that MAC address spoofing is enabled on the appropriate vmNIC or vmNICs if NLB is used inside a Virtual Machine. Have I complaint enough about NLB so… it’s time to move!
In today’s blog post, I will show you how to effectively Load Balance your Remote Desktop Session Host servers with #KEMP virtual LoadMaster.
KEMP Load Balancers and Remote Desktop Services
The KEMP LoadMaster load balancer is an excellent solution for providing high availability for Windows Server 2012 R2 Remote Desktop Services. Using the LoadMaster to provide load balancing for RDSH server clusters provides numerous benefits over Windows NLB. With RDS functions enabled on LoadMaster users are able to maintain persistence even in the absence of a RD Connection Broker, including better service health checks, granular traffic delivery and accurate load balancing that can monitors resource consumption on RD Session Hosts to ensure that servers are not overloaded with connections.
It is important to realize that starting with Windows Server 2012, in most cases, Remote Desktop Services is deployed using the Scenario-Based Deployment as part of the Server Manager. In these cases you will automatically get an RD Connection Broker as part of your RDS deployment. However, there are certain scenarios when you don’t require to use RD Connection Broker such as public Kiosk deployments for example, these kiosks will be located in public areas, such as libraries, schools and airports, and will run a restricted set of applications. One set of requirements for these Kiosk machines is to ensure that it’s secured and users cannot interactively exit, shutdown, logoff, lock or switch user accounts.
N.B. For more details on using RD Session Host without RD Connection Broker, please refer to the following Microsoft link.
Before we start with the deployment, you need to disable RD Connection Broker Load balancing to avoid overlap between RD Connection Broker and KEMP Session Broker. You can do that in Group Policy Object on the OU where your RD Session Host servers are located and set the following GPO to disabled:
Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker\Use RD Connection Broker load balancing
Installing Virtual LoadMaster using Hyper-V Manager
The Virtual LoadMaster (VLM) is packaged as .VHDX file for ease of deployment. This image can be freely downloaded from KEMP Technologies website for a 30 day evaluation period. To download the VLM please follow the detailed instructions here.
Importing the Virtual LoadMaster Into Hyper-V
Click the Import Virtual Machine menu option in Hyper-V Manager console, and follow the import virtual machine wizard by selecting the LoadMaster VLM folder. The virtual machine should be imported and should now appear within the Virtual
Machines pane in the Hyper-V Manager.
Configure the Network Adapter Settings
Ensure that the Enable spoofing of MAC addresses checkbox is selected, and Static MAC address is selected as well.
The LoadMaster is now fully installed and ready to be used. Please refer to the LoadMaster documentation for step by step Licensing and Configuration which can be downloaded from the http://www.KEMPtechnologies.com/documentation page.
Configure The LoadMaster For Remote Desktop Session Host Service
Configure the LoadMaster settings by following the steps below in the LoadMaster Web UI:
1. Add New –> Virtual Services.
2. Enter the relevant IP address in the Virtual Address (VIP).
3. Enter 3389 as the Port.
4. Enter a recognizable Service Name, such as RDSH-LB.
5. Click Add this Virtual Service.
6. We can set an Alternate Address as well in case the primary Virtual IP Address is not reachable.
7. Expand the Real Servers section.
8. Click Add New to add the RD Session Host servers as Real Servers.
9. Enter the Real Server IP Address.
10. Enter 3389 as the Port.
11. Click Add This Real Server.
12. Repeat step 11 above until all Real RDSH Servers have been added.
13. When all of the RDS server have been added, you can check the status of the Virtual Service by selecting Statistics in the main menu, and then click on Real Servers. The status will be displayed. Confirm that the Status is Up.
14. The next step is to configure the load balancing method. Click Modify on the relevant Virtual Service.
15. Expand the Standard Options section.
16. Deselect the Transparency mode. We do not require Layer 7 transparency for our deployment.
17. Select Session Broker as the Persistence Mode. (The LoadMaster is able to redirect a user to an existing session based on the persistence token. This is perfect in our scenario, because we deployed RD session host farm without an RD Connection Broker.
18. Set the Scheduling Method to Weighted Least Connection. This to ensure that user sessions are equally spread over the RD Session Host servers.
The load-balanced RD Session Host configuration is completed.
Test The Load-Balanced RD Session Host
Fire up your kiosk machines and enjoy the accurate load balancing
In the main menu of the LoadMaster Web UI, select Statistics.
Click the Real Servers button.
Click the Virtual Services button.
Last but not least, do you want to take any RD Session Host into maintenance mode? very simple, you can select the desired real server and click Disable. The LoadMaster will stop redirecting users sessions to that server.
The Virtual LoadMaster is Highly Available
As we discussed at the beginning of this article, the RDS roles services are highly available now, but the Virtual LoadMaster is still a single point of failure, you need to avoid that by leveraging Hyper-V Cluster and make this VM highly available as well. in the event of a hardware failure on a Hyper-V host, the virtual LoadMaster will fail over to another Hyper-V host and automatically start. Thus will make sure the load balancer is always available and serving your users’ request.
Remote Desktop Services is a compelling virtual desktop solution that can be used to provide secure desktop and RemoteApp access with unrivaled ease of use. The users become more dependent on it for their productivity and day to day job, therefore building a scalable and highly available Remote Desktop Access solution is critical. You want to avoid using Windows NLB for Remote Desktop Services in production and implement the KEMP LoadMaster load balancer to provide load balancing and high availability solution. This will ensure the best experience for users and administrators alike.
As a free gift! KEMP has just launched FreeLoadBalancer, where you are able to download a free version of their popular KEMP LoadMaster. The free version is available for unlimited use and is perfect for certain scenarios, such as Windows Network Load Balancing (WNLB) replacement. It is an ideal Load Balancer for smaller environments, especially since this has a load more features and is a Layer 7 Load Balancer compare to Windows Network Load Balancing. Are you still using NLB in production? What are you still waiting for
Hope this helps some of you out there.
Until the next time… Enjoy your Day!