Session Directory and Load Balancing Using Terminal Server
Session Directory and Load Balancing Using Terminal Server
Microsoft Corporation
Published: March 2003
Updated: November 2007
Abstract
Terminal Services is a technology that enables users to run Microsoft® Windows®-based applications on a remote Windows Server2003–based computer. This white paper discusses how to plan and deploy a load-balanced terminal server farm by using Terminal Services Session Directory and how Session Directory operates in a load-balanced environment.
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication.
This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESSED, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
© 2005 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Windows, and the Windows logo are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.
Contents
Session Directory and Load Balancing Using Terminal Server
Topics Covered
Session Directory Overview
The Session Directory Database
Connecting to a Terminal Server Farm
Load-Balanced Configurations
Terminal Server Farm
The Most Common Configuration
Enabling Remote Desktop Connections
Windows Management Instrumentation (WMI)
The WMIC Tool—RDToggle
Group Policy
System Item in Control Panel
Installing the Operating System with Terminal Services Enabled
Installing Terminal Server
Session Directory
Installation and Configuration
Session Directory Components
Session Directory Server Configuration
Client Server Configuration
Configure Client Servers by Using the Terminal Services Configuration Snap-in
Configure Client Servers by Using the Group Policy Object Editor
Clustering the Session Directory Server
Session Directory Architecture
Session Directory Database
Revectoring Clients
When the Terminal Server IP Address Is Visible to the Client
When Terminal Server IP Addresses Are Not Visible to Clients
Routing Token Format
Terminal Server Load Metrics
Summary
Additional References
Appendix
Sample WMI Script to Enable Remote Desktop Connections
Sample WMI Script to Determine the Total Number of Sessions and Disconnected Sessions
Session Directory and Load Balancing Using Terminal Server
Terminal Services is a technology that enables users to run Microsoft® Windows®-based applications on a remote Windows Server2003-based computer. In a terminal server-based computing environment, all application execution and data processing occurs on the server. In a load-balanced environment, a farm of terminal servers has incoming session connections distributed in a balanced manner across the servers in the farm. Terminal Services Session Directory maintains a list of sessions that are indexed by user name, and allows a user to reconnect to the terminal server where their disconnected session resides and to resume that session.
This white paper discusses how to plan and deploy a load-balanced terminal server farm by using Session Directory, and how Session Directory operates in a load-balanced environment.
Topics Covered
Topics covered in this white paper include:
Session Directory Overview
Load Balanced Configurations
Session Directory
Session Directory Overview
In a load-balanced environment, terminal servers are grouped into farms, with each farm being represented to client computers as a single computer name with one IP address. The device that is performing the load balancing redirects connections to each server in the farm according to its load-balancing algorithm.
Note
Terminal servers must be running Windows Server2003 Enterprise Edition or Windows Server2003 Datacenter Edition to participate in a Session Directory-enabled farm.
The Session Directory Database
The Session Directory database is a database that can reside on a server that is separate from the terminal servers in the farm, although it is possible to host it on a member of the farm. The Session Directory database maintains a list of the user names that are associated with the session IDs that are connected to the servers in a load-balanced terminal server farm.
Connecting to a Terminal Server Farm
When a user authenticates with a terminal server in the farm, the Session Directory database is queried with the user name. If a session with the same user name exists on one of the terminal servers in the farm, Session Directory will redirect the client towards that terminal server. This enables a user to disconnect a session with applications running, whether intentionally or because of a network failure, and then reconnect at a later time to the same session, with the same applications running. While this is a simple matter when the user connects to a single terminal server, scale-out implementations, such as server farms, require that Session Directory prevent the user from being connected to a different server in the farm and starting a new session.
Load-Balanced Configurations
This section provides a basic overview of a terminal server farm, illustrates the most common load-balanced configuration, and discusses how to enable Remote Desktop connections and install the Terminal Server component.
Terminal Server Farm
Keep in mind that when implementing Terminal Services in a load-balanced environment, all terminal servers in the farm must be running Windows Server2003 Enterprise Edition or Windows Server2003 Datacenter Edition to participate in a Session Directory-enabled farm. Because a farm is viewed by users as a single server, all servers in a farm should be as identically provisioned and configured as possible. Additionally, configuring network storage for user data will prevent the orphaning or duplication of data across farmed servers.
The Most Common Configuration
The most common load-balanced configuration is for network traffic to be split between two network adapters—one that is used for Terminal Services, and the other for access to other network resources and infrastructure, as shown in the following figure.
Figure 1. Common load-balanced configuration
Note
For more information about load balancing, refer to your load balancing vendor information. You can find Microsoft Network Load Balancing information in the Windows Server2003 Help and Support topics under Availability and Scalability (see Windows Clustering—Network Load Balancing Clusters). For more information about clustering, see Technical Overview of Windows Server2003 Clustering Services (
Enabling Remote Desktop Connections
To ensure that servers are correctly configured for a load-balanced terminal server farm, an administrator should first enable Remote Desktop connections. (By default, this is turned off during installation.) This may be done by using one of the following methods:
Windows Management Instrumentation (WMI) script
The WMI Command-line (WMIC) tool—RDToggle
Group Policy
System item found in Control Panel
Windows Management Instrumentation (WMI)
You can use Windows Management Instrumentation (WMI) script to enable Remote Desktop connections. Use the method AllowTSConnections (in the Win32_TerminalServiceSetting class), which can be set to true or false. For a sample script, see the Appendix section.
It is also possible to use WMIC to execute WMI script one line at a time. For example:
wmic /node:"SERVERNAME" /user:DOMAIN\USERNAME path Win32_TerminalServiceSetting where servername="SERVERNAME" call setallowtsconnections 1
The WMIC Tool—RDToggle
The WMIC tool RDToggle is a simpler way to enable Remote Desktop connections quickly by using the following script:
From cmd.exe:
Wmic /NODE:"SERVERNAME" /USER:"Domain\User" RDToggle where ServerName="SERVERNAME" CALL SetAllowTSConnections 1
From WMIC:
/NODE:"SERVERNAME" /USER:"Domain\User" RDToggle where ServerName="SERVERNAME" CALL SetAllowTSConnections 1
Group Policy
The Group Policy setting that you can use to enable Remote Desktop connections is "Allow users to connect remotely using Terminal Services". This policy setting is located in the Computer Configuration\Administrative Templates\Windows Components\Terminal Services node of the Group Policy Object Editor.
Note
It is strongly recommended that all terminal servers in a farm be placed in an organizational unit (OU), with Group Policy settings applied to the OU.
System Item in Control Panel
You can also enable Remote Desktop connections by using the System item in Control Panel. To do this, follow these steps:
1.On the desktop, right-click My Computer, and then click Properties.
2.In the System Properties dialog box, click the Remote tab.
3.Under Remote Desktop, select the Enable Remote Desktop on this computer check box.
Note
To allow users to connect to the server through Remote Desktop, you must add them to the Remote Desktop Users group on the server.
Installing the Operating System with Terminal Services Enabled
You can set the TerminalServer switch in the Unattend.txt file to perform an unattended operating system installation with Terminal Services enabled.
TerminalServer
Value: On | Off
Default: Off
Specifies whether or not Terminal Server (Terminal Services for multiple users) is installed on the computer. If TerminalServer = On, Setup installs Terminal Server and configures the computer to run in multi-user mode. If TerminalServer = Off, Setup does not install Terminal Server. The value of this entry does not affect the ability to establish a remote connection to the computer using Terminal Services Remote Desktop.
In the Windows Server2003 family, Terminal Server is applicable to Windows Server2003, Standard Edition; Windows Server2003, Enterprise Edition; the 64-bit version of Windows Server2003, Enterprise Edition; Windows Server2003, Datacenter Edition; and the 64-bit version of Windows Server2003, Datacenter Edition.
To specify important security settings for a server with Terminal Server enabled, include the [TerminalServices] section and appropriate PermissionsSetting entry.
To specify the type of licensing you are using for Terminal Server, use the LicensingMode entry in the [TerminalServices] section.
Installing Terminal Server
Terminal Server is a Windows Component in the Add or Remove Programs item, which is found in Control Panel. Installing this component will ensure that your server is set up to handle multiple session requests from users.
Note
You should install the Terminal Server component before any applications are installed, because making this change will alter how installations are performed. Remember that terminal servers must be running Windows Server2003 Enterprise Edition or Windows Server2003 Datacenter Edition to participate in a Session Directory-enabled farm.
Session Directory
This section discusses the following: how to install and configure the Session Directory server and client server configurations, Session Directory architecture, revectoring clients, and formatting routing tokens.
Installation and Configuration
When planning your Session Directory environment, it is important to ensure that all terminal servers that will be included in Session Directory are running at least Windows Server2003 Enterprise Edition. (Windows Server2003 Datacenter Edition can also be used.)
Windows Server2003 Standard Edition may be used to run the Terminal Services Session Directory service; however, only terminal servers that run Windows Server2003 Enterprise Edition or Windows Server2003 Datacenter Edition may connect to and use the Terminal Services Session Directory service.
Session Directory Components
There are two Session Directory components to consider when installing and configuring Session Directory:
The Session Directory server
The client servers
The Session Directory server is the server that is running the Terminal Services Session Directory service. It is not required to be a terminal server, or even to have Remote Desktop enabled.
The client servers are the terminal servers that will request data from the Session Directory server. Client servers must be configured to point towards the Session Directory server for Session Directory requests. Architecturally, one Session Directory server may service multiple load-balanced farms, although this may cause confusion if the administrator configures all farms to have the same logical cluster name value. (For more information about cluster name value, see the Client Server Configuration section later in this document).
The Session Directory server is very simple to configure. Choose any Windows Server2003-based computer to host Session Directory, and start the Terminal Services Session Directory service. The Windows Server2003-based computer may be within the terminal server network load-balanced farm, but this is not necessary. By default, the Terminal Services Session Directory service is installed on all editions of Windows Server2003.
While performance is dependant on the number of client servers, the Terminal Services Session Directory service generally has fairly small CPU, memory, and hard drive requirements. A lower-end server (for example, a departmental print server) may be used to host the Terminal Services Session Directory service if the client server load is relatively light.
To start the Terminal Services Session Directory service
In the Services snap-in (Services.msc), right-click the Terminal Services Session Directory service, and then click Properties. To ensure that the service starts whenever the server starts up, it is recommended that this service be configured to start automatically, as shown in the following figure.
Figure 2. Starting the Terminal Services Session Directory service
After the Terminal Services Session Directory service is started on a server, you must configure both the Session Directory server that is hosting the Terminal Services Session Directory service and each client server node in the load-balanced cluster. You must configure the Session Directory server to accept connections from authorized computers, and configure each load-balanced cluster node to use the Terminal Services Session Directory service on the Session Directory server.
You must configure the Session Directory server by using the Computer Management snap-in. You can configure client servers by using Group Policy or the Terminal Services Configuration snap-in.
Session Directory Server Configuration
To configure the Session Directory server, follow these steps:
1.Turn on the Terminal Services Session Directory service. By default, this service is off and set to Disabled. Starting this service and setting it to Automatic will ensure that the service starts when the Session Directory server is turned on.
To start the Terminal Services Session Directory service, follow these steps:
a.Open the Computer Management snap-in. To do this, click Start, click Run, type compmgmt.msc, and then click OK.
b.Expand Services and Applications, and then click Services.
c.In the Services pane, right-click Terminal Services Session Directory, and then click Properties.
d.On the General tab, in the Startup type list, click Automatic, and then click OK.
e.Right-click Terminal Services Session Directory, and then click Start.
2.When the Terminal Services Session Directory service is started, it will look for a local computer group named "Session Directory Computers." If this group does not exist, it will be created. It is possible to create this group before starting the Terminal Services Session Directory service.
The Terminal Services Session Directory service will not accept any connections from servers that do not have their domain computer account included in this local group. By default, when the Terminal Services Session Directory service creates the "Session Directory Computers" group, it is empty. Therefore, no computers will have access to Session Directory unless they are explicitly granted access.
Note
If the Terminal Services Session Directory service is started on a domain controller, this group will be a domain local group and available on all domain controllers. Therefore, running the Terminal Services Session Directory service on a domain controller is not recommended.
3.To grant access to the Terminal Services Session Directory service, add the computer account of each client server node in the load-balanced cluster to the Session Directory Computers group. To do this, follow these steps:
a.In the Computer Management snap-in, expand Local Users and Groups, and then click Groups.
b.In the right pane, right-click Session Directory Computers, and then click Properties.
c.Click Add.
d.In the Select Users dialog box, click Object Types, as shown in the following figure.
Figure 3. Selecting users, computers, or groups
e.In the Object Types dialog box, select the Computers check box, and then click OK, as shown in the following figure.