If you would like to read the other parts of this article series please go to:
- Free Fault Tolerant Load Balancing using Citrix NetScaler Express (Part 1)
- Free Fault Tolerant Load Balancing using Citrix NetScaler Express (Part 2) – Citrix StoreFront/Web Interface and XML Broker
Introduction
In the first article of this article series I described the installation and configuration of a high available/fault tolerance free NetScaler VPX Express set-up. This set-up can be used to load balance all kind of services for free. In the second part I described how to load balance the Citrix StoreFront/Web Interface and Citrix XML Desktop Delivery Controller (XML) services.
Microsoft Remote Desktop Web Access
The first component we will set-up as fault tolerant load balancing infrastructure is the Microsoft Remote Desktop Web Access. This component is actually based on IIS, so we need to load balance this based on an HTTP/HTTPS protocol. The first step is to enter the service within the Citrix NetScaler configuration via Traffic Management – Load Balancing – Server under the Configuration tab. Choose the Add button. In the below image there are already servers available from my second article .
Figure 1: Adding Servers
Within the Create Server window we need to specify the server name and the corresponding IP address. Logically you need to redo this step for all the servers that will be part of the load balance group. For this article I will add two servers, VBN-SRV016 (192.168.21.216) and VBN-SRV017 (192.168.21.217).
Figure 2: Create Server window
In another scenario we would set-up a monitor to check if the service is still responding. However the RD Web Access is just plain HTTP/HTTPS traffic. Within NetScaler these monitors are already available by default so we don’t need to create one and we can directly continue with creating the services. The services are created at Traffic Management – Load Balancing – Service again within the Configuration tab. Again use the Add button to set-up the service.
Figure 3: Create Services
Provide a logical name for the Service Name. I use RDWASRV_<<SERVERNAME>> as a naming convention. Because we already added the server ealier, we can select existing server and select the server in the drop-down box. Choose the corresponding protocol. As I used HTTP in the previous article, I will now use a secured connection. For HTTPS you select SSL_BRIDGE and the corresponding port (by default 443).
Figure 4: Basic Settings Load Balancing Service
After pressing OK the service is created. After that we are changing the monitor binding. Select the > symbol at the end of 1 Service to Load Balancing Monitor Binding.
Figure 5: Load Balance Service created, changing monitors
By default the tcp-default monitor is bind to a service, to change this default behavior choose Add Binding.
Figure 6: Service Load Balancing Monitor Binding
Click the > symbol at the Select Monitor option.
Figure 7: Selecting Monitor Binding
A list of available monitors will be shown. Select the monitor HTTPS.
Figure 8: Select https monitor
Leave the other settings default and choose the Bind button.
Figure 9: https monitor selected
Now the Load Balancing Service is fully configured. Repeat these steps for the other servers that will be part of the load balancing infrastructure.
Figure 10: https monitor selected
After the creation of the services, we are ready to set-up the actual virtual server which will be the access point of the RD Web Access users. To set-up the virtual server go to Configuration then Traffic Management – Load Balancing – Virtual Servers and start the process via the Add button.
Figure 11: Virtual Servers
Provide a name for the virtual server. Again you name it whatever you like, but a name that explains the functionality makes sense over time. Select protocol SSL_BRIDGE as Protocol and IP Address as IP Address type. Next you need to enter the IP address for the virtual server, followed by providing the port number the virtual server will be accessed.
Figure 12: Create Virtual Server
When the OK button is pressed, the virtual server will be created. After, the creation services should be assigned to this virtual server. Choose the > symbol after No Load Balancing Virtual Service Binding.
Figure 13: Add services after virtual server creation
Press the > symbol at Select Service to add services to the virtual server.
Figure 14: Select Service Binding
A list of configure services is shown. Pick the services you have just configured for this virtual server. In my case these are VBN-SRV016 and VBN-SRV017.
Figure 15: Select the required services
The services are now selected and can be connect to the virtual server using the Bind button.
Figure 16: Service Binding selected
After binding the services persistance is automatically configured on SSLSESSION. If required you can change the persistance setting using the pencil icon, but this is optional.
Figure 17: Virtual Server configuration finished
The last step is to create a DNS record to the Virtual Server IP address. For this article I created this for internal access, so I can add it to my local DNS.
Figure 18: Creating DNS record for the virtual server
Microsoft Remote Desktop Connection Broker
Another component within the Remote Desktop infrastructure that is a real good candidate for load balancing through the free NetScaler Express edition is the Remote Desktop Connection Broker. In this paragraph I will describe the steps to set-up a load balanced RD Connection Broker via the NetScaler VPX Express.
The first step is to add the servers running the RD Connection Broker role into the NetScaler configuration. For this article I’m using the same servers as I used for the RD Web Access set-up, so I can skip this step. See the RD Web Access steps on how to add a server in the NetScaler Express via Traffic Management – Load Balancing – Servers under Configuration.
Unfortunately there is no special monitor available within the NetScaler for monitoring the RD Connection Broker component. The NetScaler has a specific RDP script available, but that is only functioning for machines that are hosting the RD Session Host.
Figure 19: RDP monitoring available within the NetScaler, but cannot be used for the RD Connection Broker
So we can skip the monitor part for this component and directly start creating the services for the RD Connection Broker role. Go to Traffic Management – Load Balancing – Services within Configuration followed by the Add button.
Figure 20: Load Balancing – Services
Provide a logical name for the service. I’m using the convention RDCBSRV_<<SERVERNAME>>, but you can fill in whatever you need. As we already added the servers earlier we now can choose the existing server option and select the corresponding server. Next select RDP as the protocol with port 3389.
Figure 21: Add Load Balancing Service
When the service is created we normally add a specific monitor, but as just mentioned there is no monitor available. The only option available is using the default tcp-default monitor, which checks that port 3389 is responding. Repeat this step for the other servers hosting the RD Connection Broker role.
Figure 22: No specific monitor needs to be added
After pressing the Done button the service is fully created and is available for the next step – creating the virtual server.
Figure 23: Services created
Creating the Virtual Server is done via Traffic Management – Load Balancing – Virtual Servers again within the Configuration tab.
Figure 24: Creating Virtual Servers
Creating the Virtual Server starts with providing a name for the virtual server. This name is just for administrative purposes, so fill in a logical name. Secondly the protocol needs to be set to RDP and use IP address as IP Address type. Fill in the IP address the virtual server will be accessed to. At last check if the port number is port 3389.
Figure 25: Create Load Balancing Virtual Server
After the basic settings we need to assign the corresponding services to the virtual server. Choose the > symbol at No Load Balancing Virtual Service Binding.
Figure 26: Basic Settings Virtual Server, add services
The Service Binding window will open. Select the > symbol to select the services.
Figure 27: Select Service
Select the services that are hosting the role.
Figure 28: Select the services
The services are now selected and available to bind to the virtual server.
Figure 29: Services to bind to the virtual server
After adding the services, we need to use the OK button to continue with the next step.
Figure 30: Service binded, press OK for the next step
After pressing OK the Traffic Settings appear, just accept the default values by pressing Done.
Figure 31: Traffic Settings are set
After some time the Virtual Server will be changed to green and is load balancing service available.
Figure 32: Virtual Server is up and running
To make sure that settings are retained when a NetScaler is reboot, don’t forget to save your configuration using the floppy disk icon.
Figure 33: Saving the configuration
The last step is to create a DNS record so the service can be reached on a FQDN. Choose a logical name and assign it to the IP address of the Virtual Server. Remember that this FQDN needs to be configured within the RD Connection Broker configuration, so use the same name you are already using (that will probably change the DNS records) or write down the FQDN and use this in the RDCB wizard.
Figure 34: Creating a DNS record
Remote Desktop Gateway
The last component that should be load balanced is the RD Gateway component. However for this component all communication will flow via the load balancer. While the NetScaler VPX Express is limited to 10 Mbit it’s not a good idea to use the free version of the NetScaler VPX Express for this functionality as you will run out of the bandwidth restrictions pretty quickly. However if you upgrade to official versions you can use the NetScaler to load balance the RD Gateway. For this article this component is not suitable, so I won’t go into details about this set-up.
Summary
In the first part I described the step to install and configure a Citrix NetScaler VPX Express, a high available and fault tolerant infrastructure. In the second part we described how to use the NetScaler infrastructure to load balance Citrix StoreFront/Web Interface and the Citrix Delivery Controller components. In this third and last article we built a load balance environment for Remote Desktop Web Access and Remote Desktop Connection Broker. The NetScaler VPX series offers lots of possibilities, where I showed some examples of configuration that can be arranged with the free VPX express edition.
If you would like to read the other parts of this article series please go to:
Thank you so much for this article! I followed it and it was the simplest to configure compared to other tutorials where we had to create content switching servers and other policies.
I basically got everything working perfectly except for two exceptions:
1. I cannot get the RD Client on Android devices to connect!
2. I also want to load balance on UDP 3391 since using UDP will provide the user with a faster and more smooth RDP experience. I have no idea how to accomplish this with the vServer set to SSL-Bridge mode.
Any help is appreciated!
Simon
Hi Simon,
Don’t have experience with the Android client, so unfortunate I cannot help you with this. In this timeframe I wrote the article UDP was not in the picture, Marius Sandbu wrote an article about it https://msandbu.wordpress.com/2014/04/30/load-balancing-rds-gateway-2012-r2-with-netscaler/.
Hi Wilco. This is a very helpful article. I have a question. It appears that our RDWeb service IIS access page is also running on our RD Broker servers (there are two of them). So would I just use the same backend servers for the both the RDWAS and RDCB load balancing services? Much appreciated.
Hi Sang. Yes, you can use one Load Balancing rule for both services (as they both are on the same servers) or set-up two rules with the same back-end servers. The result will be the same.
Please forgive me ahead of time. I am not familiar with RD Web Access. According to the instruction, there will be TWO virtual-servers/VIPs. One to RD Web and the other to RD Connection Broker. Is this correct?
Our current setup today is as follow:
– Our user is connecting to the RD Web Access to access their RDP session and Remote App
– The URL is something like this https://FQDN/RDWeb
What is the purpose of load-balancing the RD Connection Broker?
We initially load-balanced only the RD Web Access portion using SSL and although we can access and login to the portal, user was not able to launch RDP or RemoteApp session.
Thanks
Your questions are a bit out of scope of this article. You would like to load balance the Connection Broker for high availability (if one server fails the other will take over) and load balancing in larger environments. I suggest you search for some basic articles about RDS to become familiar or search for a local expert to help you with the set-up.