Load Balancing Terminal Servers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Using a load-balancing solution with Terminal Server distributes sessions across multiple servers for improved performance. Terminal Services Session Directory, which is available with Windows Server 2003, Enterprise Edition, works with your load-balancing solution. Session Directory is a database that tracks user sessions that are running on load-balanced terminal servers. It provides information when a user reconnects (after disconnecting intentionally or because of a network failure) to ensure that the user reconnects to the same session rather than starting a new session. Session Directory, which can support several thousand sessions, is also cluster-aware, so that you can support users who have concurrent sessions on different terminal server farms without confusion

Note

  • Load-balancing solutions that do not allow direct client network access to servers in the load-balanced farm need to support redirection tokens to work with Session Directory.

To implement load balancing and Session Directory with Terminal Server, you need to have the following in place:

  • A load-balancing solution.

  • Two or more terminal servers logically grouped into a Terminal Server farm.

  • A Session Directory server.

Setting Up a Terminal Server Load-Balanced Farm

In general, set up your terminal server load-balanced farm and your load-balancing solution as you would in any other situation. Consult the documentation for your load-balancing solution.

There are a few things to consider for Terminal Server:

  • Split network traffic between two network adapters — one used for Terminal Server, and the other for access to other network resources and infrastructure — placed on different subnets. By allowing RDP traffic only over the Terminal Services adapter, you can have more consistent traffic analysis and better security. More information about this is available later in this section.

  • For easier administration, place load-balanced terminal servers into an organizational unit (OU) and apply Group Policy settings to that OU. If you have more than one Terminal Server load-balanced farm in your organization, place each in its own OU inside your Terminal Server OU so that you can apply Terminal Server–specific settings to the overall OU, but manage the separate farms individually.

  • Configure your home directories and other user data storage in such a way that your users can easily access their data in the event of their being on a different server the next time they log on. For more information about how to do this, see "Planning Per-User Requirements" later in this chapter.

  • Consider placing your terminal server farm and your clients on the same network backbone with your user profile servers and at least one domain controller. This allows for faster logon times.

Network Separation

Network separation is the separation of RDP traffic from other network traffic protocols. By dedicating one network adapter to Terminal Server traffic and the RDP, and one network adapter to application traffic, you can realize better overall performance on the Terminal Server load-balanced farms. This arrangement reduces the risk of having a network adapter bottleneck on the servers. Also, you can provide additional security by assigning different IP addresses and subnets to application traffic and to the RDP traffic. You can then constrain these separate routes as necessary by using routers, or switches and firewalls. This also tends to provide better auditing of users and traffic occurring on the network.

You can use IP packet filtering to achieve network separation. For more information about IP packet filtering, see "Designing a TCP/IP Network" in Deploying Network Services of this kit. You can specify the network adapter on which you want to place the RDP traffic on the Network Adapter tab of the TSCC. For more information about Terminal Server configuration tools, see "Designing the Terminal Server Configuration" later in this chapter.

Selecting a Host Server for Session Directory

The Session Directory server can be any server on the network that is running the Terminal Server Session Directory service. It is best if the Session Directory server is a highly available network server that is not running Terminal Server. However, you can place the Session Directory on a member of the cluster, if necessary. The Session Directory requires very little CPU, memory, and hard drive resources, so you can use a low-end member server to host the Session Directory service.

Important

  • Running the Session Directory service on a domain controller is not recommended. On a member server, the Session Directory Computers group is a local group, but on a domain controller this group is a domain local group and is available on all domain controllers. The Session Directory Computers group is discussed in the following section.

One Session Directory host server can service multiple load-balanced clusters, and it is cluster-aware so it can handle users who have sessions running on different clusters seamlessly. You can also cluster the Session Directory itself for improved reliability.

Configuring Session Directory

After you choose a server on which to host Session Directory, you must start and configure the Session Directory service and configure the servers it will serve. You must configure the Session Directory host server to accept connections from authorized computers and you must configure the load-balanced servers to use Session Directory.

Host server configuration

When the Session Directory service starts, by default it creates the Session Directory Computers group (if one does not already exist). The group is empty and you need to add to this group the load-balanced terminal servers that will use this Session Directory server.

Session directory settings

If you are load balancing several terminal servers and using Session Directory, you can configure the servers to use Session Directory through TSCC (under Server Settings), Group Policy, or WMI.

Set the following settings to configure your load-balanced Terminal Server farm to use the session directory server:

  • Terminal Server IP Address Redirection. When the client computer cannot connect directly to the terminal server, you can use the Terminal Server IP Address Redirection Group Policy setting to mask the IP address of the destination server in a load-balanced farm.

    Notes

    • You can only configure this setting through Group Policy or WMI.

    • This policy setting is enabled by default. Disable this setting only if both of the following are true:

Your load-balancing solution does not allow direct connectivity from the client computer to the terminal server (for example, if your load-balancing solution is also a router).

Your load-balancing solution supports the use of Session Directory routing tokens.

  • Join Session Directory. Enable this setting and apply it to your load-balanced Terminal Server OU to allow your server farm to use Session Directory. When you enable this setting, you must set the Session Directory Server and Session Directory Cluster Name settings.

  • Session Directory Server. Enable this setting and enter the Domain Name System (DNS) name, IP address, or fully qualified domain name of the Session Directory server.

  • Session Directory Cluster Name. Enable this setting and enter the DNS name for the load-balanced farm.

  • Network adapter and IP address session directory should redirect users to. If your load-balanced farm is configured so that network traffic is separated between two or more network adapters, use the drop-down list in TSCC to choose the network adapter on the load-balanced server to which client computers should be directed.

    Note

    • You can only configure this setting through TSCC or WMI.

Implementing a Load-Balancing Solution with Session Directory

After you install and configure the terminal servers, you can set up your load-balancing solution and the Session Directory service if you are planning to use this service. To set up load balancing, consult the documentation for your solution. To use Group Policy to configure and manage your load-balanced Terminal Server farm centrally, create an OU and add each computer in the farm to the OU.

To set up Session Directory, you need to set up both the Session Directory host server and the servers that will be using Session Directory.

To set up the Session Directory host computer

  1. Right-click My Computer and click Manage.

  2. Navigate to Services and Applications/Services, double-click Terminal Services Session Directory, and set the Startup type to Automatic.

    This service is off by default, and it is set to Manual. Starting this service and setting it to Automatic ensures that the service starts when the host server is turned on.

  3. Add the computer group containing the load-balanced Terminal Server farm to the Session Directory Computers group that is created when the Session Directory service starts.

    Note

    • By default, the Session Directory Computers group is empty. You can also create this group prior to starting the Session Directory service.

  4. Configure the servers that will use the Session Directory service according to your plans from the previous section.