Configuring Remote Desktop with HAProxy
The main purpose of the connection broker, formerly "session broker", is to reconnect a user to his existing session. Since Windows 2008, the connection broker has a load-balancing mechanism. HAProxy also provides this persistence feature with added security by acting as a reverse proxy to break the TCP connection between the client and the server.
Configuring RDS without a connection broker
It is possible to load-balance terminal services without relying on a connection broker component. In this case, HAProxy performs the persistence and session resumption using the mstshash cookie stored in a stick-table.
peers hapee peer hapee1 192.168.1.1:3389 peer hapee2 192.168.1.2:3389 frontend ft_rdp mode tcp bind 192.168.13.128:3389 name rdp timeout client 1h log global option tcplog tcp-request inspect-delay 2s tcp-request content accept if RDP_COOKIE default_backend bk_rdp backend bk_rdp mode tcp balance leastconn timeout server 1h timeout connect 4s log global option tcplog stick-table type string len 32 size 10k expire 8h peers hapee stick on rdp_cookie(mstshash) option tcp-check tcp-check connect port 3389 ssl default-server inter 3s rise 2 fall 3 server srv01 192.168.13.13:3389 weight 10 check server srv02 192.168.13.14:3389 weight 10 check
It is possible to read the content from the stick table to know which user has been assigned to which server:
$ hapee-lb-cmd <<<"show table bk_rdp"
# table: bk_rdp, type: string, size:10240, used:5 0x21c7eac: key=Administrator use=0 exp=83332288 server_id=1 0x21c7eac: key=test-001 use=0 exp=83332288 server_id=2
RDP clients do not behave the same way when sending mstshash cookie. See below.
Next upConfiguring Remote Desktop Gateway