Windows Server 2008 RC0 TS Session Broker Load Balancing Step-By-Step Guide

Windows Server 2008 RC0 TS Session Broker Load Balancing Step-By-Step Guide

Microsoft Corporation

Published: September 2007

Author: Tessa Wooley

Editor: Linda Caputo

Abstract

Terminal Services Session Broker (TSSession Broker) is a role service in WindowsServer®2008 that enables you to load balance sessions in a terminal server farm, and allows a user to reconnect to an existing session in a load-balanced terminal server farm. The new TSSession Broker Load Balancing feature enables you to easily distribute the session load between servers in a load-balanced terminal server farm.

1

Copyright Information

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release, and is the confidential and proprietary information of Microsoft Corporation. It is disclosed pursuant to a non-disclosure agreement between the recipient and Microsoft. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

© 2007 Microsoft Corporation. All rights reserved.

Active Directory, Microsoft, MS-DOS, Visual Basic, Visual Studio, Windows, WindowsNT, and Windows Server are either registered trademarks or trademarks of MicrosoftCorporation in the UnitedStates and/or other countries.

All other trademarks are property of their respective owners.

1

Contents

Windows Server 2008 RC0 TS Session Broker Load Balancing Step-by-Step Guide

What new functionality does this feature provide?

About using DNS round robin

TS Session Broker Load Balancing system requirements

Checklist: Deploying TS Session Broker Load Balancing

Install the TS Session Broker role service

Installation prerequisites

Installation procedure

Add each terminal server in the farm to the Session Directory Computers local group

Configure TS Session Broker settings for terminal servers in the farm

Configure TS Session Broker settings by using Group Policy

Configure TS Session Broker settings by using Terminal Services Configuration

Configure DNS for TSSession Broker Load Balancing

Additional information

Configure dedicated redirectors (optional)

Deny logons to a terminal server in a load-balanced farm

Additional references

1

Windows Server 2008 RC0 TS Session Broker Load Balancing Step-by-Step Guide

Terminal Services Session Broker (TSSession Broker) is a role service in WindowsServer®2008 that enables you to load balance sessions between terminal servers in a farm, and allows a user to reconnect to an existing session in a load-balanced terminal server farm. TSSession Broker stores session state information that includes session IDs, their associated user names, and the name of the server where each session resides.

This step-by-step guide describes how to configure the new TSSession Broker Load Balancing feature.

Note

In Windows Server2008, the name of the Terminal Services Session Directory feature was changed to TSSession Broker.

What new functionality does this feature provide?

The new TSSession Broker Load Balancing feature enables you to evenly distribute the session load between servers in a load-balanced terminal server farm. With TSSession Broker Load Balancing, new user sessions are redirected to the terminal server with the fewest sessions.

TSSession Broker is a two phased load-balancing mechanism. In the first phase, initial connections are distributed by a preliminary load-balancing mechanism, such as Domain Name System (DNS) round robin. After a user authenticates, the terminal server that accepted the initial connection queries the TSSession Broker server to determine where to redirect the user.

In the second phase, the terminal server where the initial connection was made redirects the user to the terminal server that was specified by TSSession Broker. The redirection behavior is as follows:

A user with an existing session will connect to the server where their session exists.

A user without an existing session will connect to the terminal server that has the fewest sessions.

TSSession Broker Load Balancing sets a limit of 16 for the maximum number of pending logon requests to a particular terminal server. This helps to prevent the scenario where a single server is overwhelmed by new logon requests; for example, if you add a new server to the farm, or if you enable user logons on a server where they were previously denied.

The TSSession Broker Load Balancing feature also enables you to assign a relative weight value to each server. By assigning a relative weight value, you can help to distribute the load between more powerful and less powerful servers in the farm. For more information, see Configure TS Session Broker settings by using Terminal Services Configuration.

Additionally, a new "server draining" mechanism is provided that enables you to prevent new users from logging on to a terminal server that is scheduled to be taken down for maintenance. This mechanism provides for the ability to take a server offline without disrupting the user experience. If new logons are denied on a terminal server in the farm, TSSession Broker will allow users with existing sessions to reconnect, but will redirect new users to terminal servers that are configured to allow new logons. For more information, see Deny logons to a terminal server in a load-balanced farm.

You can enable TSSession Broker Load Balancing through Terminal Services Configuration, Group Policy, or Windows Management Instrumentation (WMI). If you are using DNS round robin to distribute initial connections, you must also configure DNS entries for each terminal server in the farm.

Note

While any load-balancing mechanism can be used to distribute the initial connections, DNS round robin is the easiest mechanism to deploy. Deploying TSSession Broker Load Balancing with a network level load-balancing solution such as Network Load Balancing (NLB) or a hardware load balancer avoids the limitations of DNS, while still taking advantage of TSSession Broker session-based load balancing, the per server limit on the number of pending logon requests, and the new "server draining" feature. The limitations of DNS round robin include the caching of DNS requests on the client, which can result in clients using the same IP address for each initial connection request, and the potential for a 30-second timeout delay if a user is redirected to a terminal server that is offline, but still listed in DNS.

About using DNS round robin

To configure DNS round robin, you must create a host resource record for each terminal server in the farm that maps to the terminal server farm name in DNS. (The farm name is the virtual name that clients will use to connect to the terminal server farm.) DNS uses round robin to rotate the order of the resource records that are returned to the client. This functionality helps to distribute initial connections across servers in the farm. The initial connection behavior is as follows:

1.An incoming Terminal Services client queries DNS and receives a list of IP addresses for the farm.

2.The client tries to connect to the first IP address in the list that was returned by DNS.

If the connection fails, the client will automatically try to connect to the next IP address (after a 30-second timeout delay). This provides a degree of fault tolerance if one of the terminal servers is unavailable.

Note

For information about how to configure dedicated redirectors that redirect user sessions but do not accept user logons, see Configure dedicated redirectors (optional).

TS Session Broker Load Balancing system requirements

To participate in TSSession Broker Load Balancing, the following system requirements apply:

The TSSession Broker server and the terminal servers in the farm must be running Windows Server2008.

Note

Windows Server2003-based terminal servers cannot use the TSSession Broker Load Balancing feature.

You must configure all terminal servers in the load-balanced farm identically, with the same available programs.

For clients to use TSSession Broker Load Balancing, they must be running Remote Desktop Connection (RDC) version5.2 or later.

Checklist: Deploying TS Session Broker Load Balancing

To deploy TSSession Broker Load Balancing, you must complete the following tasks.

Note

This step-by-step guide describes how to configure TSSession Broker Load Balancing by using DNS round robin to distribute the initial connections. If you prefer, you can use NLB or a hardware load balancer to spread the initial connection and authentication load between multiple terminal servers in the farm.

Install the TS Session Broker role service

You must install the TSSession Broker role service on the server that you want to use to track user session information for a load-balanced terminal server farm. You can use a single TSSession Broker server to track user sessions across multiple farms, as there is minimal performance overhead.

The Windows Server2008-based server where you install the TSSession Broker role service does not have to be a terminal server or have Remote Desktop enabled. It is considered a best practice to install the TSSession Broker role service on a back-end infrastructure server, such as a file server. If you install the role service on a server that is not a terminal server, the Terminal Services Session Broker service will not be affected when you need to perform maintenance on terminal servers in the farm.

When you install the TSSession Broker role service, the following changes occur on the local computer:

The Terminal Services Session Broker service is installed. By default, the service is set to Started and to Automatic.

The Session Directory Computers local group is created.

Installation prerequisites

The server where you install TSSession Broker must be a member of a domain.

Note

If you install the TSSession Broker role service on a domain controller, the Session Directory Computers group will be a domain local group and will be available on all domain controllers.

Installation procedure

Membership in the local Administrators group is the minimum required to complete this procedure.

To install TSSession Broker

Add each terminal server in the farm to the Session Directory Computers local group

For terminal servers to use TSSession Broker, you must add the computer account for each terminal server in the farm to the Session Directory Computers local group on the TSSession Broker server.

Membership in the local Administrators group is the minimum required to complete this procedure.

Important

You must perform this procedure on the server where you installed the TSSession Broker role service.

To add terminal servers to the Session Directory Computers local group

Configure TS Session Broker settings for terminal servers in the farm

You can configure a terminal server to join a farm in TSSession Broker and to participate in TSSession Broker Load Balancing by using Group Policy or the Terminal Services Configuration tool. However, you must use Terminal Services Configuration to configure the following settings:

The IP addresses to be used for reconnection.

The relative weight of the server when using TSSession Broker Load Balancing.

For information about how to configure the settings by using Group Policy, see Configure TS Session Broker settings by using Group Policy. Configuring the settings by using Group Policy is a recommended best practice.

For information about how to configure the settings by using Terminal Services Configuration, see Configure TS Session Broker settings by using Terminal Services Configuration.

Important

Group Policy settings take precedence over configuration settings in the Terminal Services Configuration snap-in and those that are made by using the Terminal Services WMI provider.

Configure TS Session Broker settings by using Group Policy

To assign TSSession Broker settings through Group Policy, it is a best practice to group the terminal servers that are in the same terminal server farm into a single organizational unit (OU) in Active Directory Domain Services (ADDS). Then, configure the TSSession Broker settings in a Group Policy object (GPO) that applies to the OU.

Note

For the TSSession Broker settings to be effective on a server, the server must have the Terminal Server role service installed.

The following procedure describes how to configure TSSession Broker Group Policy settings by using the Group Policy Management Console (GPMC) on a Windows Server2008-based domain controller.

To change Group Policy settings for a domain or an OU, you must be logged on as a member of the Domain Admins, Enterprise Admins, or the Group Policy Creator Owners group, or have been delegated the appropriate control over Group Policy to complete this procedure.

To apply TSSession Broker settings to an ActiveDirectory OU

Note