Blog Post

Security, Compliance, and Identity Blog
7 MIN READ

RD Connection Broker High Availability in Windows Server 2012

MicrosoftSecurityandComplianceTeam's avatar
Sep 08, 2018
First published on CloudBlogs on Jun, 27 2012
Hello, this is Jingyuan, Munindra, and Sriram from the Remote Desktop Virtualization team. There have been a couple of posts recently about the new Remote Desktop Services features in Windows Server 2012. This post provides an in-depth look into one of those features, the new high availability feature of RD Connection Broker known as the Active/Active Broker, and includes deployment steps and performance results. This post is intended for administrators who are deploying virtual machine-based or session-based desktop deployments with RD Connection Broker and who want to have high availability and scalability in their deployment. Introduction In previous releases, the RD Connection Broker role service has supported an active/passive clustering model. This provided high availability in the case of component failure, but it did not address high scale requirements. The Active/Active Broker feature in Windows Server 2012 eliminates the need for clustering and provides a fully active/active model; with this model two RD Connection Broker servers can be combined under a single DNS entry to provide both fault tolerance and load balancing. This prevents the RD Connection Broker server from being a single point of failure and also allows “scale out” as load demands. The following diagram shows an Active/Active Broker deployment with one RD Virtualization Host server and one RD Session Host server. The RD Connection Broker servers are using a SQL database for storing data, and RDP clients are connecting to the RD Connection Broker servers using DNS Round Robin. The end nodes (RD Virtualization Host, RD Session Host, and RD Web Access) are configured with the full list of all the fully qualified domain names (FQDNs) of the RD Connection Broker servers, and they can connect to any of the RD Connection Broker servers in the setup. How to enable this feature The starting point for enabling this feature is to have a single RD Connection Broker server deployment for either virtual machine-based or session-based deployment. After there is a single RD Connection Broker server deployment, it can be configured for Active/Active Broker setup, and then other RD Connection Broker servers can be added to this setup. The following prerequisite steps are required before enabling this feature:
  1. You must have a SQL Server setup that can be used by the RD Connection Broker servers to store data. At least SQL Server 2008 R2 must be used, and the minimum recommended SQL Server SKU for this is Standard with at least 4GB of RAM . For more information about the sizing guidance of SQL Server 2012, see http://msdn.microsoft.com/en-us/library/ms143506.aspx .
  2. The RD Connection Broker servers must have full permissions on the SQL Server. To do so you can create a security group, add all the RD Connection Broker servers to it, and give this group full permission to the SQL Server by using SQL Server Management Studio’s “Security” configuration.
  3. Configure the Windows Firewall on the SQL Server computer to “Allow SQL Server Access” as described in http://msdn.microsoft.com/en-us/library/cc646023.aspx . You can create the exception for “sqlservr.exe."
  4. Pre-create a folder to store the SQL database files. This folder can be local on the SQL Server computer or a UNC path of a network location.
  5. Install SQL Client on all the RD Connection Broker servers so that they can communicate with the SQL Server. For more information about installing the SQL Client, see http://msdn.microsoft.com/en-us/library/ms131321.aspx .
  6. Assign static IP addresses to all the RD Connection Broker servers that will be a part of the Active/Active Broker deployment, and create a DNS Round Robin entry with these IP addresses.
  7. If you have an RD Gateway server in the deployment, ensure that you create a Remote Desktop resource authorization policy (RD RAP) with an RD Gateway-managed group that includes the DNS RR name of the RD Connection Broker server. This will allow access to the RD Connection Broker servers through the gateway for clients that are connecting by using the DNS RR name. In the following screenshot, the DNS RR name is assumed as ha-rdcb.contoso.com.
After the prerequisites are complete, follow these steps to configure the Active/Active Broker:
  1. On the existing RD Connection Broker server, open Server Manager.
  2. Add other servers as RD Connection Broker servers to the list of servers in Server Manager.
  3. On the Remote Desktop Overview page, right-click the RD Connection Broker icon, and then click Configure High Availability .
  4. Enter the following three settings:
    1. The connection string to the SQL database containing the name of the database to be created for the RD Connection Broker server. This is the string that RD Connection Broker servers will use to connect to the RD Connection Broker database on the SQL Server. Example: DRIVER=SQL Server Native Client 11.0;SERVER=<SQL Server Name>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker;DATABASE=<DB Name>
    2. The folder in which the database file is to be stored. If a local path is used, that folder should be on the SQL Server computer. Example: C:DbFiles
    3. The DNS Round Robin entry name containing IP addresses of all the RD Connection Broker servers. This will be used by RDP clients to connect to the RD Connection Broker servers.
  5. After clicking OK, the SQL database for the RD Connection Broker server will be created, all RD Connection Broker server data from the local computer will be migrated to the external SQL Server, and from then on the RD Connection Broker server will start using the SQL Server. After successfully configuring the server for high availability, you will see the following screen:
  6. To add other RD Connection Broker servers to the deployment, right-click the RD Connection Broker icon, and then click Add RD Connection Broker Server . This will also install the RD Connection Broker role service on the server if it is not already installed.
At the end of this process, the deployment will be running with all the RD Connection Broker servers that were added, including the original one, in full Active/Active Broker mode. The end nodes (RDVH, RDSH, RDWA) will get configured with all the RD Connection Broker server names, and they will randomly choose one to connect to. The RDP clients will use the DNS Round Robin name configured to connect to the RD Connection Broker servers randomly. The RD Connection Broker servers will use the SQL database to store all data. If any RD Connection Broker server fails to communicate with SQL at any time, it will immediately disconnect all end nodes (RDVH, RDSH, RDWA), and they will try to connect to other RD Connection Broker servers in the deployment. An RD Connection Broker server can be removed by clicking Remove RD Connection Broker Server . It is recommended that you also manually remove that RD Connection Broker server’s IP address from the DNS Round Robin list to prevent RDP clients from connecting to that RD Connection Broker server. The Active/Active Broker configuration can also be done by using the Windows PowerShell command Set-RDConnectionBrokerHighAvailability method, which is part of the RemoteDesktop module. The parameters are the same as the ones required for the GUI based setup explained earlier in this post. Following is an example of this command: PS C:> ipmo remotedesktop PS C:> Get-Command Set-RDConnectionBrokerHighAvailability -Syntax Set-RDConnectionBrokerHighAvailability [[-ConnectionBroker] <string>] [-DatabaseConnectionString] <string> [-DatabaseFilePath] <string> [-ClientAccessName] <string> [<CommonParameters>] PS C:> Set-RDConnectionBrokerHighAvailability –DatabaseConnectionString "DRIVER=SQL Server Native Client 11.0;SERVER=<SQL Server Name>;Trusted_Connection=Yes;APP=Remote Desktop Services Connection Broker; DATABASE=<DB Name>" -DatabaseFilePath "C:DbFiles<DbName>.mdf" -ClientAccessName "<DNS RR Name>" One key difference between the input parameters for the GUI setup and the Windows PowerShell command is the DB file path. The GUI expects the path to the folder where DB files will be stored whereas the Windows PowerShell command expects the full path to the database file (.mdf file), even though the file might not exist during setup and will be created by SQL during the database creation. Subsequently, the “ Add-RDServer ” command can be used to add new RD Connection Broker servers to this deployment. Benefits of Active/Active Broker The primary benefit of Active/Active Broker is high availability. The deployment will keep working as long as there is one running RD Connection Broker server in the deployment. Individual RD Connection Broker servers can be taken down for maintenance at any time without disrupting the deployment. The addition and removal of RD Connection Broker servers is also very easy. For data high availability, you can use SQL Server high availability solutions such as Database Mirroring and AlwaysOn Failover Cluster. We will provide more details on this in a subsequent blog post. In addition to high availability, Active/Active Broker also provides scalability benefits. In our test we have seen that an Active/Active Broker deployment provides significant reduction in connection time compared to a single RD Connection Broker server, and the benefit increases for larger deployments. The following graph shows the average connection time for 20 parallel connections with an increasing size of the deployment for an Active/Active Broker setup with two RD Connection Broker servers, as compared to a single RD Connection Broker server deployment. Test machine’s configuration:
  • HP Z400 Quad Core as SQL Server
  • HP Z400 Quad Core as 1 st RD Connection Broker server, same server used for single RD Connection Broker server deployment
  • Dell 755 Core2 Quad as 2 nd RD Connection Broker server
  • All servers running a pre-RC build of Windows Server 2012
This connection time only includes time spent for the RD Connection Broker server, and doesn’t include the time to prepare the virtual machine and client to eventually connect to it after redirection. Conclusion The Active/Active Broker feature in Windows Server 2012 is a full high availability deployment where every RD Connection Broker server is active and sharing the load. It provides high availability and high scalability benefits for medium to larger deployments. SQL Server is used for storing RD Connection Broker server runtime and configuration data thereby allowing admins to use SQL HA features for data high availability and scalability. Remote Desktop Services management that is built into Server Manager provides an easy management experience to migrate deployment from a single RD Connection Broker server to an Active/Active Broker and vice-versa. In addition, Windows PowerShell script support is available for script-based management requirements. In summary, Active/Active Broker provides the administrator with an easily deployable high availability and scalability solution for RD Connection Broker servers.
Published Sep 08, 2018
Version 1.0
  • ThoGo's avatar
    ThoGo
    Copper Contributor
    Hi Jingyuan, Munindra, and Sriram thanks for this comprehensive information - but is DNS RoundRobin truly the only mechanism supported or is NLB / HLB also an option?