ALOHA Documentation 10.5
Configuring Remote Desktop with HAProxy
The main purpose of the connection broker, formerly "session broker", is to reconnect a user to his existing session. Since Windows 2008, the connection broker has a load-balancing mechanism. HAProxy also provides this persistence feature with added security by acting as a reverse proxy to break the TCP connection between the client and the server.
Configuring RDS without a connection broker
It is possible to load-balance terminal services without relying on a connection broker component. In this case, HAProxy performs the persistence and session resumption using the mstshash cookie stored in a stick-table.
peer hapee1 192.168.1.1:3389
peer hapee2 192.168.1.2:3389
bind 192.168.13.128:3389 name rdp
timeout client 1h
tcp-request inspect-delay 2s
tcp-request content accept if RDP_COOKIE
timeout server 1h
timeout connect 4s
stick-table type string len 32 size 10k expire 8h peers hapee
stick on rdp_cookie(mstshash)
tcp-check connect port 3389 ssl
default-server inter 3s rise 2 fall 3
server srv01 192.168.13.13:3389 weight 10 check
server srv02 192.168.13.14:3389 weight 10 check
It is possible to read the content from the stick table to know which user has been assigned to which server:
$ hapee-lb-cmd <<<"show table bk_rdp"
# table: bk_rdp, type: string, size:10240, used:5
0x21c7eac: key=Administrator use=0 exp=83332288 server_id=1
0x21c7eac: key=test-001 use=0 exp=83332288 server_id=2
RDP clients do not behave the same way when sending mstshash cookie. See below.
Next up Configuring Remote Desktop Gateway