How to publish Session Broker to Internet?

Hi,

What options are there for presenting a 2008 Terminal Server Session Broker
to the Internet?

I am not using TS Gateway or Web Access for the time being, but would like
to connect directly to the servers via RDP.

When I configure Session Broker I can specify IP addresses to be used for
each Terminal Server. If I specify Internal IP addresses, and publish the TS,
then external clients will attempt to reconnect to one of those Internal IP
addresses, which obviously won't work.

I could add the external IP to the local adapter in order to present those
IPs as well as the local IPs, but that seems a bit messy, and will result in
timeouts. Is this what you do?

Is it possible to present DNS names instead of IP addresses? and then use a
split-DNS to resolve the names correctly both internally and externally?

Are there any software solutions that can interpret the Routing Tokens that
SB can be configured to use? Can I do it with ISA? 2004? I imagine ISA would
need to be able to decode/recode the Session Broker packets on the way
through to set alternate IP addresses for the TS farm - is this possible?

I saw a blog post about doing it with IAG using a "Socket Forwarder". Is a
socket forwarder a function of IAG, or a separate utility? Could it be used
to resolve the issue? We don't have IAG.

Thanks for any suggestions,
Simon.

 

Hi!

We recommend on using TSG for the scenario you mention below. However - ISA
should work, not sure what is different in the newer versions.

Just out of curiosity - why opt for a different setup instead of TSG?

Tahnks,
Geanina

"Simon Gadsby" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Hi,
>
> What options are there for presenting a 2008 Terminal Server Session Broker
> to the Internet?
>
> I am not using TS Gateway or Web Access for the time being, but would like
> to connect directly to the servers via RDP.
>
> When I configure Session Broker I can specify IP addresses to be used for
> each Terminal Server. If I specify Internal IP addresses, and publish the TS,
> then external clients will attempt to reconnect to one of those Internal IP
> addresses, which obviously won't work.
>
> I could add the external IP to the local adapter in order to present those
> IPs as well as the local IPs, but that seems a bit messy, and will result in
> timeouts. Is this what you do?
>
> Is it possible to present DNS names instead of IP addresses? and then use a
> split-DNS to resolve the names correctly both internally and externally?
>
> Are there any software solutions that can interpret the Routing Tokens that
> SB can be configured to use? Can I do it with ISA? 2004? I imagine ISA would
> need to be able to decode/recode the Session Broker packets on the way
> through to set alternate IP addresses for the TS farm - is this possible?
>
> I saw a blog post about doing it with IAG using a "Socket Forwarder". Is a
> socket forwarder a function of IAG, or a separate utility? Could it be used
> to resolve the issue? We don't have IAG.
>
> Thanks for any suggestions,
> Simon.
> <!--colorc--><!--/colorc-->

 

Hi Geanina,

I have just added the two external IPs to the internal hosts, and ensured
that the terminal servers can see each other on these IPs - this appears to
be working fine, although there is a slight timeout delay with redirection
sometimes.

We will no doubt put in TSG at some point, but it is a different model and I
want the change to be as seemless as possible for users. But although TSG
will apparently load balance correctly to back-end terminal servers, it has
issues because 1) it becomes a single point of failure, and 2) it relies on
traffic over https, which is not as reliable as direct TS.

I don't understand why you can't configure different connection addresses
based on source address rules or something natively on the terminal server.
The routing token solution is just messy. Surely ISA at a minimum should be
able to do this without having to buy a 2rd party load balancer. This is
definitely something I would recommend as an enhancement. I have not looked
at the R2 stuff in enough detail, but last time I checked it was no better.

Simon.


"Geanina[MSFT]" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Hi!
>
> We recommend on using TSG for the scenario you mention below. However - ISA
> should work, not sure what is different in the newer versions.
>
> Just out of curiosity - why opt for a different setup instead of TSG?
>
> Tahnks,
> Geanina
>
> "Simon Gadsby" wrote:
> <!--coloro:green--><span style="color:green <!--/coloro-->
> > Hi,
> >
> > What options are there for presenting a 2008 Terminal Server Session Broker
> > to the Internet?
> >
> > I am not using TS Gateway or Web Access for the time being, but would like
> > to connect directly to the servers via RDP.
> >
> > When I configure Session Broker I can specify IP addresses to be used for
> > each Terminal Server. If I specify Internal IP addresses, and publish the TS,
> > then external clients will attempt to reconnect to one of those Internal IP
> > addresses, which obviously won't work.
> >
> > I could add the external IP to the local adapter in order to present those
> > IPs as well as the local IPs, but that seems a bit messy, and will result in
> > timeouts. Is this what you do?
> >
> > Is it possible to present DNS names instead of IP addresses? and then use a
> > split-DNS to resolve the names correctly both internally and externally?
> >
> > Are there any software solutions that can interpret the Routing Tokens that
> > SB can be configured to use? Can I do it with ISA? 2004? I imagine ISA would
> > need to be able to decode/recode the Session Broker packets on the way
> > through to set alternate IP addresses for the TS farm - is this possible?
> >
> > I saw a blog post about doing it with IAG using a "Socket Forwarder". Is a
> > socket forwarder a function of IAG, or a separate utility? Could it be used
> > to resolve the issue? We don't have IAG.
> >
> > Thanks for any suggestions,
> > Simon.
> > <!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->