Session Broker and TS Gateway

  • Thread starter Thread starter Dylan
  • Start date Start date
D

Dylan

Guest
I've followed the step-by-step guide for TS Session broker and TS Gateway but
was wondering how to make both work together. With TS Session Broker, all TS
servers are published on the DNS with the same farm name in a round robin
fashion but TS Gateway manages TS servers with security group. HOw can one
publish just the Gateway server to public facing and still achive load
balancing using TS Session Broker without publish IP of the TS servers?

Thanks.
 
Re: Session Broker and TS Gateway

On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote:
> I've followed the step-by-step guide for TS Session broker and TS Gateway but
> was wondering how to make both work together.  With TS Session Broker, all TS
> servers are published on the DNS with the same farm name in a round robin
> fashion but TS Gateway manages TS servers with security group.  HOw can one
> publish just the Gateway server to public facing and still achive load
> balancing using TS Session Broker without publish IP of the TS servers?
>
> Thanks.

You can use a "dummy" Terminal Server - one that is set to not accept
incoming connections - to handle all initial connection requests and
query the Session Broker to determine the best terminal server for
redirection. This dummy server will experience low loads, so it may be
a good idea to put it on the same physical machine as the Gateway and/
or the Session Broker. However, I am not certain about whether this is
going to bypass TS RAPs or not - I need to do some more testing myself.
 
Re: Session Broker and TS Gateway

That takes care of the session broker part but how does it work with TS
Gateway? Session broker will route and hand off the connection to the proper
TS server but how does TS gateway play into this? If I don't want to assign
NAT to the TS servers, public RDP request will not be able to connect to TS
servers with only private IP assigned without going through TS Gateway
server, or am I not thinking right?


"kdavydychev" wrote:

> On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote:
> > I've followed the step-by-step guide for TS Session broker and TS Gateway but
> > was wondering how to make both work together. With TS Session Broker, all TS
> > servers are published on the DNS with the same farm name in a round robin
> > fashion but TS Gateway manages TS servers with security group. HOw can one
> > publish just the Gateway server to public facing and still achive load
> > balancing using TS Session Broker without publish IP of the TS servers?
> >
> > Thanks.
>
> You can use a "dummy" Terminal Server - one that is set to not accept
> incoming connections - to handle all initial connection requests and
> query the Session Broker to determine the best terminal server for
> redirection. This dummy server will experience low loads, so it may be
> a good idea to put it on the same physical machine as the Gateway and/
> or the Session Broker. However, I am not certain about whether this is
> going to bypass TS RAPs or not - I need to do some more testing myself.
>
 
Re: Session Broker and TS Gateway

TSGateway acts as a man in the middle for all terminal servers. The clients
only talk to TSGateway and the terminal servers only talk to TSGateway.
Clients and TS never talk directly to each other.

--
Jeff Pitsch
Microsoft MVP - Terminal Services

"Dylan" <Dylan@discussions.microsoft.com> wrote in message
news:BAF04419-1DBD-46A9-9717-D80350FDD75C@microsoft.com...
> That takes care of the session broker part but how does it work with TS
> Gateway? Session broker will route and hand off the connection to the
> proper
> TS server but how does TS gateway play into this? If I don't want to
> assign
> NAT to the TS servers, public RDP request will not be able to connect to
> TS
> servers with only private IP assigned without going through TS Gateway
> server, or am I not thinking right?
>
>
> "kdavydychev" wrote:
>
>> On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote:
>> > I've followed the step-by-step guide for TS Session broker and TS
>> > Gateway but
>> > was wondering how to make both work together. With TS Session Broker,
>> > all TS
>> > servers are published on the DNS with the same farm name in a round
>> > robin
>> > fashion but TS Gateway manages TS servers with security group. HOw can
>> > one
>> > publish just the Gateway server to public facing and still achive load
>> > balancing using TS Session Broker without publish IP of the TS servers?
>> >
>> > Thanks.
>>
>> You can use a "dummy" Terminal Server - one that is set to not accept
>> incoming connections - to handle all initial connection requests and
>> query the Session Broker to determine the best terminal server for
>> redirection. This dummy server will experience low loads, so it may be
>> a good idea to put it on the same physical machine as the Gateway and/
>> or the Session Broker. However, I am not certain about whether this is
>> going to bypass TS RAPs or not - I need to do some more testing myself.
>>
 
Re: Session Broker and TS Gateway

Yes, TSGateway works that way. I understand that. My question is how do
TSGateway work with TS Session Broker.

"Jeff Pitsch" wrote:

> TSGateway acts as a man in the middle for all terminal servers. The clients
> only talk to TSGateway and the terminal servers only talk to TSGateway.
> Clients and TS never talk directly to each other.
>
> --
> Jeff Pitsch
> Microsoft MVP - Terminal Services
>
> "Dylan" <Dylan@discussions.microsoft.com> wrote in message
> news:BAF04419-1DBD-46A9-9717-D80350FDD75C@microsoft.com...
> > That takes care of the session broker part but how does it work with TS
> > Gateway? Session broker will route and hand off the connection to the
> > proper
> > TS server but how does TS gateway play into this? If I don't want to
> > assign
> > NAT to the TS servers, public RDP request will not be able to connect to
> > TS
> > servers with only private IP assigned without going through TS Gateway
> > server, or am I not thinking right?
> >
> >
> > "kdavydychev" wrote:
> >
> >> On Sep 5, 3:38 pm, Dylan <Dy...@discussions.microsoft.com> wrote:
> >> > I've followed the step-by-step guide for TS Session broker and TS
> >> > Gateway but
> >> > was wondering how to make both work together. With TS Session Broker,
> >> > all TS
> >> > servers are published on the DNS with the same farm name in a round
> >> > robin
> >> > fashion but TS Gateway manages TS servers with security group. HOw can
> >> > one
> >> > publish just the Gateway server to public facing and still achive load
> >> > balancing using TS Session Broker without publish IP of the TS servers?
> >> >
> >> > Thanks.
> >>
> >> You can use a "dummy" Terminal Server - one that is set to not accept
> >> incoming connections - to handle all initial connection requests and
> >> query the Session Broker to determine the best terminal server for
> >> redirection. This dummy server will experience low loads, so it may be
> >> a good idea to put it on the same physical machine as the Gateway and/
> >> or the Session Broker. However, I am not certain about whether this is
> >> going to bypass TS RAPs or not - I need to do some more testing myself.
> >>
>
>
>
 
Re: Session Broker and TS Gateway

TS Gateway never talks to Session Broker - they are two completely
separate entities. The Session Broker only communicates with the
actual Terminal Servers, and is not aware that there even is a Gateway.
 
Re: Session Broker and TS Gateway

So that brings up my original question, can they work together to provide
security as well as load balancing? Since gateway server serves as proxy
server between the client and the TS servers and doesn't provide load
balance, I like to incorporate session broker for its function of load
balancing as well as the ability to reconnect to disconnected session. Is it
possible to have both roles work together to achieve this? As I understand
it, gateway server works with TS servers base on hostname but session broker
works base on unique farm name, correct? When I initiate a rdp connection to
one of the TS server that is part of the farm by specify its hostname in
mstsc, the session doesn't get re-route to another TS server that's also part
of the farm and had my disconnect session. I'm assuming its because I didn't
use the farm name to connect so session broker doesn't acknowledge my
connection therefore does not redirect me to the disconnected session. If
that's the case, rdp traffic coming through gateway server should be treated
the same way, without querying session broker, so my connection would go to
the TS server that the gateway server allocates?

"kdavydychev" wrote:

> TS Gateway never talks to Session Broker - they are two completely
> separate entities. The Session Broker only communicates with the
> actual Terminal Servers, and is not aware that there even is a Gateway.
>
 

Similar threads

I
SameSite cookie updates in ASP.net, or how the .Net Framework from December changed my cookie usage.
Replies
0
Views
315
IIS
I
M
4 datacenter challenges and how Windows Server 2016 software defined networking can help
Replies
0
Views
485
Microsoft Windows Server
M
EDN Admin
Implement a RD session broker plugin (IWTSSBPlugin)
Replies
0
Views
110
EDN Admin
EDN Admin
RSchwarz
Server Performance Advisor (Spa) 3.0
Replies
0
Views
554
RSchwarz
RSchwarz
K
The server failed to retrieve the SID of Session BRoker
Replies
7
Views
374
Thorsten
T
Back
Top