You can use HAProxy to load-balance Remote Desktop Gateway. It is an HTTPs based service which you can load-balance in two ways:

  • SSL bridging mode

  • SSL pass-through

To install Remote Desktop Gateway on your platform, follow the instructions from Microsoft Technet:

Using SSL bridging mode

In this mode, HAProxy deciphers the traffic in the front end and ciphers it on the server connection:

frontend fe_rdp_tsc
    bind 192.168.13.128:443 name rdp_web ssl crt 2013.haproxylab.net
    mode http
    capture request header Host len 32
    log global
    option httplog
    timeout client 300s
    maxconn 1000
    acl path_rdweb path_beg -i /RDWeb/
    http-request redirect location /RDWeb/ if { path -i / /RDWeb }
    http-request deny unless path_rdweb
    default_backend be_rdp_tsc

backend be_rdp_tsc
    balance leastconn
    mode http
    log global
    option httplog
    timeout connect 4s
    timeout server 300s
    option httpchk GET /RDWeb
    cookie RDPWEB insert nocache
    default-server inter 3s    rise 2  fall 3
    server srv01 192.168.13.11:443 maxconn 1000 weight 10 ssl check cookie srv01
    server srv02 192.168.13.12:443 maxconn 1000 weight 10 ssl check cookie srv02

Note

In this mode, it is also possible to set up a configuration to protect against brute force.

Using SSL pass-through

In this mode, HAProxy establishes a TCP connection between the client and the server and lets them communicate together:

frontend fe_rdp_tsc
    bind 192.168.13.128:443 name rdp_web
    mode tcp
    log global
    option tcplog
    timeout client 300s
    maxconn 1000
    default_backend be_rdp_tsc

backend be_rdp_tsc
    balance source
    mode tcp
    log global
    option tcplog
    timeout connect 4s
    timeout server 300s
    option httpchk GET /RDWeb
    default-server inter 3s rise 2 fall 3
    server srv01 192.168.13.11:443 maxconn 1000 weight 10 check check-ssl
    server srv02 192.168.13.12:443 maxconn 1000 weight 10 check check-ssl