The main purpose of the connection broker, formerly "session broker", is to reconnect a user to his existing session. Since Windows 2008, the connection broker has a load-balancing mechanism. HAProxy also provides this persistence feature with added security by acting as a reverse proxy to break the TCP connection between the client and the server.

Configuring RDS without a connection broker

It is possible to load-balance terminal services without relying on a connection broker component. In this case, HAProxy performs the persistence and session resumption using the mstshash cookie stored in a stick-table.

peers hapee
    peer hapee1 192.168.1.1:3389
    peer hapee2 192.168.1.2:3389


frontend ft_rdp
    mode tcp
    bind 192.168.13.128:3389 name rdp
    timeout client 1h
    log global
    option tcplog
    tcp-request inspect-delay 2s
    tcp-request content accept if RDP_COOKIE
    default_backend bk_rdp

backend bk_rdp
    mode tcp
    balance leastconn
    timeout server 1h
    timeout connect 4s
    log global
    option tcplog
    stick-table type string len 32 size 10k expire 8h peers hapee
    stick on rdp_cookie(mstshash)
    option tcp-check
    tcp-check connect port 3389 ssl
    default-server inter 3s rise 2 fall 3
    server srv01 192.168.13.13:3389 weight 10 check
    server srv02 192.168.13.14:3389 weight 10 check

It is possible to read the content from the stick table to know which user has been assigned to which server:

$ hapee-lb-cmd <<<"show table bk_rdp"
# table: bk_rdp, type: string, size:10240, used:5
0x21c7eac: key=Administrator use=0 exp=83332288 server_id=1
0x21c7eac: key=test-001 use=0 exp=83332288 server_id=2

Note

RDP clients do not behave the same way when sending mstshash cookie. See below.