- Published on : 24 May 2019 at 18:02 UTC
When you want to provide secure remote access to your RDS infrastructure, you will need to implement the RD gateway.
However, it will also prevent this gateway is a single point of failure, because if it fails, remote access to your RDS infrastructure will no longer be possible.
To prevent this from happening, you will need to use at least 2 RD gateways in your RDS infrastructure.
- Configuration used
- Installing RD Gateways
- Installing NLB (Network Load Balancing)
- Create authorization policies
- Configure the gateways farm
- Distribute network load with NLB
- Certificate import on your RD Gateways
- Add your gateway servers in the server manager
- Add your gateway servers to your RDS deployment
- SSL certificate import for RDS gateways (RDS deployment)
- RD gateways test
In this tutorial, we will use :
- an Active Directory server that also act as a certificate authority
- a RDS server with the main RDS services as explained in this tutorial : RDS - Deploy a RDS infrastructure (session-based desktops)
- 2 servers running Windows Server 2012 where we will install RD gateways
- a client PC running Windows 8 Pro
Note : all these servers and these clients are obviously linked to our Active Directory
To get started, start the Add Roles and Features wizard on your future RD gateways servers.
Select the "Remote Desktop Services" role.
Select the "Remote Desktop Gateway" role service.
When the installation is complete on both servers, click Close.
To manage network load balancing and also perform fault tolerance, install the "Network Load Balancing" (NLB) feature on your 2 RDS gateway servers.
The installation is complete.
To configure the connection authorization and resource access policies on your RD gateway servers, refer to our tutorial : RDS - Deploy the RD gateway to provide secure access from the outside.
Important : these policies must be identical on both RD gateway servers, otherwise your users may encounter errors depending on the server through which their connection will pass.
In order for the high availability of your RD gateway servers to be possible, you must tell these 2 gateway servers that they are part of the same server farm.
For this, on your 2 RD gateway servers, right-click "Properties" on their name.
Then, in the "Farms" tab, add the domain names of your gateway servers one by one by clicking "Add" each time.
For the moment, their status is : Not registered.
Once you apply these settings, their status will change to OK.
If this isn't the case, don't panic.
Enter the same thing on the 2nd gateway server and click Apply.
Once the parameters have been applied on the 2 servers, click if necessary on "Refresh Status" and the state of your servers will be : OK.