3
DEPLOYMENT GUIDE
Microsoft Remote Desktop Services
Prerequisites and configuration notes
h The BIG-IP LTM system must be running version 10.1 or later. We recommend using BIG-IP version 11.4 or later. For more
information on the BIG-IP system, see http://www.f5.com/products/bigip/.
h You must be using Windows Server 2008 R2 or 2012 or 2012 R2 Remote Desktop Services. If you are using a previous version
see the Deployment Guide index at: http://www.f5.com/solutions/resources/deployment-guides.html.
h For more information on Microsoft Windows Server, including Windows Remote Desktop Services, see one of the following links:
» Windows Server 2012: technet.microsoft.com/library/hh831447
» Windows Server 2008 R2: technet.microsoft.com/en-us/library/dd647502%28WS.10%29.aspx
h You should be familiar with both the BIG-IP LTM system and Windows Server Remote Desktop (RD) Services. For more
information on configuring these products, consult the appropriate documentation.
h The BIG-IP LTM offers the ability to mix IPv4 and IPv6 addressing; for instance, you might want to use IPv6 addressing on your
internal networks even though connections from clients on the Internet use IPv4.
h Although our examples and diagrams show external users connecting to the BIG-IP system in a routed configuration, the steps
described in this document are equally valid for a one-armed configuration, and both topologies may be used simultaneously.
h The third-party Web site information in this guide is provided to help you find the technical information you need. The URLs are
subject to change without notice.
h Be sure to see Appendix A: Configuring WMI monitoring of the RDS servers on page 24 and Appendix B: Using X-Forwarded-
For to log the client IP address in IIS 7.0, 7.5, and 8 (optional) on page 26 for optional configuration procedures.
h There is now an iApp template developed by F5 for Remote Desktop Session Host, which greatly simplifies the configuration.
For details, see https://devcentral.f5.com/wiki/iApp.Microsoft-Remote-Desktop-Session-Host-iApp.ashx.
Configuration example
This deployment guide details four configuration scenarios:
• Scenario 1: Configuring the BIG-IP LTM for Remote Desktop Access with RD Session Host on page 5
In this scenario, we configure a BIG-IP LTM for use with Remote Desktop Access. Users connect through the BIG-IP LTM to
an RD Session Host server farm using the Remote Desktop Protocol (RDP), with an RD Connection Broker server managing
persistence. The BIG-IP LTM provides advanced load balancing to farm members, while honoring RD Connection Broker routing
tokens. This is the path labeled 1 in the following diagram.
• Scenario 2: Configuring the BIG-IP LTM for Remote Desktop Access with RD Gateway on page 8
In this scenario, we extend and modify the deployment to add a farm of RD Gateway Servers. While still using the Remote
Desktop Connection client, users' RDP sessions are now encapsulated in HTTPS, which is more likely to be allowed through
firewalls. When the HTTPS sessions arrive at the BIG-IP, they are decrypted and passed to a farm of RD Gateway servers using
HTTP. The RD Gateway Servers remove the HTTP, and forward the RDP sessions to the destination Remote Desktop server
specified by the client. This is the path labeled 2 in the following diagram. Optionally, you can deploy a virtual server to act as
a reverse proxy in a perimeter or DMZ network. This virtual server forwards Remote Desktop Gateway HTTP traffic to a virtual
server on the internal BIG-IP, which then forwards the RDP sessions to the destination Remote Desktop server. The reverse proxy
virtual server is secured by an iRule that allows clients to connect to only the published Remote Desktop Services. Publishing
Remote Desktop Gateway in this manner simplifies deployment and precludes exposing required services in the DMZ network.
• Scenario 3: Configuring the BIG-IP LTM for the Remote Desktop Connection Broker service on page 14
If you have configured high availability for RD Connection Broker (available in Windows Server 2012 and 2012 R2 only), BIG-IP
LTM load balances requests from the Remote Desktop Gateway servers to the Connection Broker service between all members
of the RD Connection Broker farm.
• Scenario 4: Adding Remote Desktop Web Access to BIG-IP LTM on page 16
In this scenario, we extend the deployment again to include RD Web Access Servers and RemoteApp. Users browse to a web
page via HTTPS; their sessions are decrypted on the BIG-IP LTM and passed to a farm of RD Web Access servers over HTTP. By
selecting applications that have been published on that page, users initiate new connections to individual RemoteApp resources,
while still using the BIG-IP LTM and RD Gateway Server farm to encapsulate their connection in HTTPS. This is the path labeled 3 in
the following diagram.
This guide has been archived. For a list of current guides, see https://f5.com/solutions/deployment-guides