You can use HAProxy to load-balance Remote Desktop Gateway. It is an HTTPs based service which you can load-balance in two ways:

  • SSL bridging mode

  • SSL pass-through

To install Remote Desktop Gateway on your platform, follow the instructions from Microsoft Technet:

Using SSL bridging mode

In this mode, HAProxy deciphers the traffic in the front end and ciphers it on the server connection:

frontend fe_rdp_tsc
  bind 192.168.13.128:443 name rdp_web ssl crt 2013.haproxylab.net
  mode http
  capture request header Host len 32
  log global
  option httplog
  timeout client 300s
  maxconn 1000
  acl path_rdweb path_beg -i /RDWeb/
  http-request redirect location /RDWeb/ if { path -i / /RDWeb }
  http-request deny unless path_rdweb
  default_backend be_rdp_tsc

backend be_rdp_tsc
  balance leastconn
  mode http
  log global
  option httplog
  timeout connect 4s
  timeout server 300s
  option httpchk GET /RDWeb
  cookie RDPWEB insert nocache
  default-server inter 3s    rise 2  fall 3
  server srv01 192.168.13.11:443 maxconn 1000 weight 10 ssl check cookie srv01
  server srv02 192.168.13.12:443 maxconn 1000 weight 10 ssl check coo kie srv02

Note

In this mode, it is also possible to set up a configuration to protect against brute force.

Using SSL pass-through

In this mode, HAProxy establishes a TCP connection between the client and the server and lets them communicate together:

frontend fe_rdp_tsc
  bind 192.168.13.128:443 name rdp_web
  mode tcp
  log global
  option tcplog
  timeout client 300s
  maxconn 1000
  default_backend be_rdp_tsc

backend be_rdp_tsc
  balance source
  mode tcp
  log global
  option tcplog
  timeout connect 4s
  timeout server 300s
  option httpchk GET /RDWeb
  default-server inter 3s rise 2 fall 3
  server srv01 192.168.13.11:443 maxconn 1000 weight 10 check check-ssl
  server srv02 192.168.13.12:443 maxconn 1000 weight 10 check check-ssl