I don't think you can have two connection brokers without complicating things (clustering and SQL server involved).
If you have ESX clustering, you have your redundancy covered. No need for two web servers (or two brokers). ESX does HA with fewer headaches than any other way - use it. Here's the general traffic flow (I think...): 1. Client hits web server. 2. Web server shows available apps 3. User clicks on app 4. Web server downloads .RDP file for app. The .RDP file points to the broker as the server address. 5. User's RDP app attempts to launch app from broker. 6. The broker sends the client a RDP "redirect" to the appropriate session host. 7. The user's RDP then opens a connection to the session host and launches the app. It has been a while, but I think this is how it worked in 2008 R2 and RDP versions up through 7. I've just started looking at 2012. I think RDP version 8 changes this up a bit. -----Original Message----- From: Michael Leone [mailto:[email protected]] Sent: Thursday, March 21, 2013 2:04 PM To: NT System Admin Issues Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! On Thu, Mar 21, 2013 at 1:24 PM, Ken Cornetet <[email protected]> wrote: > For traffic handling, you don't need two web servers for 4 session hosts. You > don't need 2 web servers for 40 session hosts. Well, it's more for redundancy, than actual traffic balancing. Speaking of which ... does that mean for my situation I would want 2 connection brokers, rather than 2 web servers? Am I correct in assuming that the user actually hits the connection broker, which then passes to the web server (since we would want our users to be able to access via web browser), which then communicates back and forth with the session host? So I would want 2 connection brokers (which would be tied to my Cisco ACE appliance), so that if one goes down, complete access to the application itself does not. Similarly, I would want 2 web servers, and then the 3-4 session hosts (altho only the connection brokers would be connected to the ACE appliance) (also: in my case, the application being published is really just a front end itself; it communicates with SQL servers for it's data. There is no data in the application itself) > For HA, I presume you are using an ESX cluster. Yep. ESXi 5.0 Update 2 cluster (hopefully soon be 5.1). > > > -----Original Message----- > From: Michael Leone [mailto:[email protected]] > Sent: Thursday, March 21, 2013 1:07 PM > To: NT System Admin Issues > Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! > > On Wed, Mar 20, 2013 at 7:53 PM, James Hill <[email protected]> wrote: >> Get a cert from a public CA. Far less hassle and they are very inexpensive. > > These are internals apps, so they won't be accessed by the public, or over a > public Internet (well, perhaps over VPN). And being a government agency, we > can get certs for free from another agency. > >> Why do you want to separate the web front end? > > Load balancing by our hardware Cisco ACE appliance. Also it then enables use > to send the session to any available session host. > Separating out the web front end from the back end RDSH servers (aka the > server farm) is also the current configuration we have with our Citrix > environment, and is I believe the recommended design for something like this. > (I am told). > > What we want, or will have, is 2 web front ends and 3-4 back end session > hosts. > >> >> James. >> >> -----Original Message----- >> From: Michael Leone [mailto:[email protected]] >> Sent: Thursday, 21 March 2013 4:40 AM >> To: NT System Admin Issues >> Subject: Re: Advice on setting up a Win2012 RDS environment - Progress! >> >> SO I am making progress! I had already installed the RDS as a role, >> but that didn't configure the deployment. So I went to Server >> Manager, clicked on RDS, and clicked on Deploy. It then went into >> what seemed like an install of RDS as a service (which had failed >> before). This time, however, the deploy step went through without >> error. I rebooted at the end, and after I logged back in, I was able >> to install an app (Notepad++), and then I was able to add it to a >> Quick Session Collection, publish it as a RemoteApp, and I was able to >> access it remotely. >> >> w00t! >> >> Definite progress. So now I need to make my own collection, add an >> app to it. Then investigate how to use a separate web server front >> end for it (to separate the RDS hosts from the web access). >> >> And probably give it our self-signed internal certificate, to stop it >> complaining about untrusted publishers of the app. >> >> So I am definitely further along than I was. >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ >> <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
