Mission-critical servers require load-balancing
techniques to ensure high availability and scalability. You may scale
servers vertically by increasing memory and processors, or by adding
additional network interfaces. Horizontal scaling means adding more
identical servers, grouping them into one cluster, and then
distributing the traffic evenly or based on certain algorithm between
the member servers. It’s a common practice in large enterprises to use
network load balancers and have multiple mission-critical
servers such as Web, File Transfer Protocol (FTP), Proxy, and other
application servers. Terminal Services are no less mission-critical
considering the fact that hundreds of remote users and branch offices
may be accessing applications from a central location and also saving
the data. In this topic, we’ll discuss the Terminal Service Session
Broker load balancing and NLB.
Terminal Service Load-Balancing Techniques
You
can achieve load balancing in the Terminal Services environment using
the TS Session Broker role service of Windows 2008. TS Session Broker
maintains the track of a user session, and stores the session state
information such as user names, name of the server, where the session
is running, and the session IDs. This information is used to redirect a
disconnected session back to the server where the user’s session
exists. TS Session Broker can also evenly distribute the load among the
members of a terminal server farm. However, this requires an additional
load-balancing mechanism such as a DNS round robin or a dedicated
hardware-based load balancer to ensure the connection requests are
distributed evenly.
Microsoft
offers NLB to perform the distribution of connection requests. Apart
from providing network-based load balancing, NLB also offers failed
server detection.
Configuring Load Balancing
If
you have not installed the Terminal Service Session Broker role
service, you need to install the same to configure load balancing.
To install Terminal Service Session Broker role:
1. | Click Start | Administrative Tools | Server Manager.
|
2. | Click on Roles on the left pane.
|
3. | Click on Add Roles under Roles Summary.
|
4. | Click Next on the review page.
|
5. | Select Terminal Services from the list of roles.
|
6. | Select the TS Session Broker role and then click Next.
|
7. | Click Install.
|
8. | Click Close to complete the installation of TS Session Broker role service.
|
To configure TS Session Broker:
1. | Click Start | Administrative Tools | Terminal Services | Terminal Services Configuration (see Figure 1).
|
2. | Double-click on Member of farm in the TS Session Broker option under Edit Settings in the center pane.
|
3. | Select Join a farm in TS Session Broker (see Figure 2).
|
4. | Provide the IP address of the server that is running TS Session Broker service in the TS Session Broker Server name or IP address text box.
|
5. | Type a name of the server farm in the Farm name in TS Session Broker
text box. This farm name will be used to add more servers to the farm.
Ensure you use the same name so that all the new servers join the same
farm correctly.
|
6. | Select the check box Participate in Session Broker Load-Balancing.
|
7. | Down-click from the pull-down list to select Relative weight of this server in the farm. The higher the number the more load the server will take. You
may use this relative weight number to assign weights to servers
participating in this farm, to distribute load based on the server
capabilities (memory, CPU, number of processors, and so forth).
|
8. | Select the check box Use IP address redirection. Leaving it deselected will make the farm use token redirection.
|
9. | Select the check box IP address
of the server interface that will be used to participate in the farm.
This is required when you have multiple interfaces and want the
specific interface (network) to participate in the load balancing.
|
10. | Click OK to complete the TS Session Broker configuration.
|
Adding Local Group on the TS Session Broker
The
Session Directory Computers name for the local group has remained
through the beta. This refers to the new TS Session Broker compared
with the previous versions of Windows.
To add a terminal server to the Session Directory Computers local group:
1. | Click Start | Administrative Tools | Computer Management.
|
2. | Expand Local Users and Groups, and then click Groups.
|
3. | Right-click on the Session Directory Computers groups, and then select properties (on the right pane).
|
4. | Click Add.
|
5. | Select the Computers option and then click OK from the Select Users, Computers, or Groups dialog box.
|
6. | Add the computer account of the terminal server.
|
7. | Click OK.
|
Installing NLB
To install NLB service:
1. | Click Start | Administrative Tools | Server Manager | Features.
|
2. | In the Features Summary on the right pane, click on Add Features.
|
3. | Select Windows Network Load Balancing in the Add Features wizard.
|
4. | Follow the prompts (Next, Install, Close) to complete the installation.
|
To create a NLB cluster:
1. | Click Start | Administrative Tools | Network Load Balancing Manager (see Figure 3). The command prompt to open NLB manager is nlbmgr.
|
2. | On the left pane, right-click on Network Load Balancing Clusters and select New Cluster (see Figure 4).
|
3. | Type the IP address of the host and click Connect.
|
4. | Click on the Interface IP to select a specific interface for the new cluster.
|
5. | Click on the drop-down list to select the Priority (see Figure 5). Cluster traffic that is not handled by a port role will be handled by the server (host) that has low priority. Click Next.
|
5. | Click on Add and type the cluster IP address in the Cluster IP Addresses (see Figure 6) screen. Members of the cluster will share this cluster IP. Cluster heartbeats use the first listed IP address.
|
6. | You may leave the Full Internet name blank as it’s not required in the NLB with Terminal Services scenario (see Figure 7).
|
7. | Select Unicast under Cluster operation mode.
The media access control (MAC) address of the cluster is used instead
of the server’s network interface MAC when you select the Unicast
option. This is the recommended cluster operation mode.
|
8. | Select the Cluster IP address in the Add/Edit Port rule screen (see Figure 8).
|
9. | Modify the port range to From (3389) and To (3389). This is the port number used by RDP.
|
10. | Select TCP under Protocols.
|
11. | Select Multiple host under Filtering mode. This means multiple hosts in the cluster will handle the traffic for this rule.
|
12. | Select Single under Affinity. This is applicable only for Multiple host mode. If you are using TS Session broker, select none.
|
13. | Click Finish to complete the cluster creation.
|
Terminal Service Session Broker Redirection Modes
TS
Session Broker supports IP address and routing token redirection modes.
Redirecting a client to the terminal server where an active session
exists for the user is very important and is done by TS Session Broker.
IP Address Redirection This is the default redirection mode. First the client queries the TS Session Broker. Then TS Session Broker redirects the client
to the appropriate server where an active session exists for the client
using the IP address of the server. IP address-based connectivity
between the client and server is the requirement to use this mode. In
the scenarios using DNS round-robin NLB or a hardware balancer with no
support for routing token redirection, IP address redirection is the
preferred mode.
Routing Token Redirection
To use this mode, the network balancer deployed in your network should
support routing token redirection. Instead of using the IP address of
the terminal server, a token embedded with the IP address is sent to
the client. After a disconnection when the client attempts to reconnect
to the server, the token is used to redirect the client to the
appropriate terminal server where an active session exists for the
client. Additional restrictions while using this redirection mode
includes use of the IP address of the network adapter attached to the
load balancer and configuration of the IP address as the terminal
server IP address.
DNS Registration
The
DNS round-robin feature along with the TS Session Broker service can be
utilized to load-balance terminal service sessions in your network. You
need to register the terminal servers first. To use the DNS round-robin
feature you need to create host records for the terminal services and
map it to the terminal server farm IP address.
To configure DNS for TS Session Broker load balancing:
1. | Click Start | Administrative Tools | DNS.
|
2. | Click on the Server name and expand.
|
3. | Click on the Forward Lookup Zones and expand.
|
4. | Right-click on the domain name (syngress.local in this exercise) and click on New Host (A or AAA)...
|
5. | Type FARM_1 (name of the farm we created earlier through NLB manager) in the Name (uses parent domain name if blank) text box (see Figure 9).
|
6. | Type the IP address of the cluster (192.168.4.250).
|
7. | Click on Add Host.
|
8. | Right-click on the domain name and click on New Host (A or AAA)...
|
9. | Type FARM_1 in the Name (uses parent domain if blank) text box.
|
10. | Type the IP address of the member server (192.168.4.73).
|
11. | Repeat the steps to add another member server (192.168.4.51) with the same name (FARM_1).
|
12. | Click Done to complete the DNS configuration for the cluster farm.
|
The new DNS zone information will look similar to the one shown in the Figure 10.
Configuring Load Balancing Through Group Policy
TS
Session Broker load balancing can be configured through Active
Directory (AD) Group Policy Object (GPO). You have to group terminal
servers into an organizational unit (OU) and configure TS Session
Broker parameters that apply on the GPO in the OU. It’s preferred to
have Terminal Server role service installed and configured for the TS
Session Broker settings to be effective.
Add the Group Policy management console (Start | Administrative Tools | Server Manager | Features | Add Features and add Group Policy Management Console) before you create GPO and configure TS Session Broker settings.
To configure load balancing through group policy of Active Directory (AD):
1. | Click Start | Administrative Tools | Group Policy Management.
|
2. | Expand the forest and locate the domain name (syngress.local).
|
3. | Right-click and select Create a GPO in this domain, and Link it here.
|
4. | Type the name of the Group Policy Object (e.g., TerminalServices), in the Name text box and click OK.
|
5. | Click on the new GPO created (TerminalServices).
|
6. | On the right pane click the Settings tab.
|
7. | Under Computer Configuration, right-click and select Edit.
|
8. | Expand the Policies folder under Computer Configuration.
|
9. | Expand Administrative Templates.
|
10. | Expand Windows components.
|
11. | Expand Terminal Services.
|
12. | Expand Terminal Server.
|
13. | Select TS Session Broker folder (as shown in the Figure 11).
|
14. | Double-click on Configure TS Session Broker farm name parameter on the right-pane.
|
15. | Select Enabled.
|
16. | Type FARM_1 in the TS Session Broker farm name (FARM_1 was created earlier through NLB manager) as shown in the Figure 12.
|
17. | Click OK.
|
18. | Double-click on Use TS Session Broker load balancing.
|
19. | Select Enabled (see Figure 13).
|
20. | |
21. | Double-click on Use IP Address Redirection. Click on Enabled.
(This is required only when your setup has dedicated hardware-based
load-balancing appliances. This hardware balancer should support token
redirection mode).
|
