Applies To:Show Versions
BIG-IP versions 1.x - 4.x
- 4.6.1, 4.6.0, 4.5 PTF-08, 4.5 PTF-07, 4.5 PTF-06, 4.5 PTF-05, 4.5 PTF-04, 4.5 PTF-03, 4.5 PTF-02, 4.5 PTF-01, 4.5.9, 4.5.0
Configuring Windows Terminal Server Persistence
- Introducing WTS persistence
- Configuring WTS persistence with Session Directory
- Configuring WTS persistence without Session Directory
- Additional configuration options
Introducing WTS persistence
This release includes an updated version of the BIG-IP Windows Terminal Server (WTS) persistence feature. WTS persistence provides an efficient way to load balance traffic and maintain persistent connections between Windows clients and servers that are running the Microsoft ® Terminal Services service. The recommmended scenario for enabling the BIG-IP WTS persistence feature is to create a load balancing pool that consists of servers running Windows® .NET Server 2003, Enterprise Edition, where all members belong to a Windows cluster and participate in a Windows session directory.
Servers running Windows .NET Server 2003, Enterprise Edition, with the Terminal Services service enabled, are referred to in this chapter as Terminal Servers.
This release of the WTS persistence feature further strengthens the integration of the BIG-IP product with Windows server platforms. Not only does the BIG-IP system efficiently load balance and maintain persistent connections between Windows clients and servers, the BIG-IP system also performs health monitoring for Windows servers that are running various services. For example, the BIG-IP system health monitoring feature provides useful data on CPU, memory, and disk utilization of Windows Management Interface (WMI) servers, to ensure the most efficient load balancing of traffic to those servers.
Benefits of WTS persistence
Without WTS persistence, Terminal Servers, when participating in a session directory, map clients to their appropriate servers, using redirection when necessary. If a client connects to the wrong server in the cluster, the targeted server checks its client-server mapping and performs a redirection to the correct server.
When BIG-IP WTS persistence is enabled, however, a Terminal Server participating in a session directory always redirects the connection to the same BIG-IP virtual server, instead of to another server directly. The BIG-IP system then sends the connection to the correct Terminal Server. Also, when WTS persistence is enabled on a BIG-IP system and the servers in the pool participate in a session directory, the BIG-IP system load balances a Terminal Services connection according to the way that the user has configured the BIG-IP system for load balancing. Thus, the use of Terminal Servers and the Session Directory service, combined with the BIG-IP WTS persistence feature, provides more sophisticated load balancing and more reliable reconnection when servers become disconnected.
Server platform issues
By default, the BIG-IP system with WTS persistence enabled load balances connections according to the way that the user has configured the BIG-IP system for load balancing, as long as Session Directory is configured on each server in the pool. Because Session Directory is a new feature that is only available on the Windows .NET Server 2003, Enterprise Edition platform, each server in the pool must therefore be a Windows .NET Server 2003, Enterprise Edition server if you want to use WTS persistence in default mode.
If, however, you want to enable WTS persistence but have older versions of Windows server platforms (on which Session Directory is not available), you can enable WTS persistence in non-default mode. This causes the BIG-IP system to connect a client to the same Windows server by way of the user name that the client provides. You can enable WTS persistence in this way by setting a global variable on the BIG-IP system, called msrdp no_session_dir, which disables Session Directory on any pool created with the msrdp attribute. Note that enabling WTS persistence in non-default mode (that is, with no Session Directory available on the servers) is less preferable than the default mode, because it provides limited load-balancing and redirection capabilities.
The following sections describe how to enable WTS persistence with and without Windows Session Directory.
Configuring WTS persistence with Session Directory
Enabling WTS persistence in the default mode requires you to configure Session Directory on each Terminal Server in your load balancing pool. In addition to configuring Session Directory, you must perform other Windows configuration tasks on those servers. However, before you configure your Terminal Servers, you must configure your BIG-IP system, by performing tasks such as creating a load-balancing pool and designating your Terminal Servers as members of that pool.
The following two sections describe the BIG-IP and Terminal Server configuration tasks that are required to enable WTS persistence in default mode for a Windows client-sever configuration running Windows Terminal Services.
Configuring WTS persistence on the BIG-IP
To configure WTS persistence on the BIG-IP, you must perform three tasks, as follows.
- Enable TCP service 3389.
To enable TCP service 3389, use the following command:
b service 3389 tcp enable
Optionally, you can map the this port from 3389 to 443 in order to allow traffic to pass more easily through a firewall.
- Create a pool of Terminal Servers, with the WTS persistence attribute (msrdp) enabled.
To create a pool that is configured for WTS persistence, use the bigpipe pool command, as in the following example. Remember that the pool members must already be members of a Windows cluster.
b pool my_cluster_pool ( persist_mode msrdp member 18.104.22.168:3389 member 22.214.171.124:3389 }
To create a virtual server that uses the pool my_cluster_pool, use the bigpipe virtual command, as in the following example:
b virtual 126.96.36.199:3389 use pool my_cluster_pool
Configuring your Terminal Server systems
To configure your Terminal Servers, you must perform the following tasks:
- Verify that certain prerequisite services are running on your Terminal Servers
- Join the Terminal Servers to Session Directory.
- Configure the Terminal Services service.
- Create a Windows local group and add members to it.
- Start the Session Directory service.
The following sections describe these tasks.
Verifying prerequisite Windows configuration tasks
Before enabling BIG-IP WTS persistence, you must verify that the following conditions exist:
- Each Terminal Server is a member of the same domain. To add server members to a domain, configure the Windows Active Directory service.
- Each Terminal Server is a member of the same Windows cluster. To intially create a cluster, configure the Windows Server Cluster Node service. To add additional server members to a cluster, use the Windows administrative tool Cluster Administrator.
- The Windows Terminal Services software is installed on each Terminal Server. To install Terminal Services software, configure the Windows Terminal Service service.
To configure the above services, you must first log in to each Terminal Server as Administrator, which causes the Configure your server wizard to start automatically. From this wizard, you can select each of the three services listed above.
Joining Terminal Servers to Session Directory
When the Session Directory service is configured on your Terminal Servers and WTS persistence is configured on the BIG-IP, BIG-IP assumes the job of redirecting a connection to the correct server when that connection was originally directed to the wrong server. In order for the BIG-IP to perform this redirection, you must first join each server in the Windows cluster to the Windows Session Directory, thereby allowing those servers to share sessions with other servers in the cluster. Joining Terminal Servers to the session directory allows those servers to share sessions. To join servers in a cluster to the session directory, you must configure the Windows Terminal Services session directory on each server in the cluster.
- Click the Windows Start button and point to Settings and then Administrative Tools, and choose Control Panel.
- Click Terminal Services Configuration.
- Click Select Server Settings, and then Session Directory.
- Check the Join session directory check box.
- Type the cluster name and the session directory server name. The session directory server can be any server in the cluster other than the domain controller.
- Configure Terminal Services as described in the following section.
Configuring the Terminal Services service
The next step is to configure Windows Terminal Services. This allows BIG-IP to maintain persistent connections by offloading the redirection function from the servers to the BIG-IP. When a client connection goes to the wrong server, proper configuration of the Terminal Services service ensures that the server always rewrites the connection to the BIG-IP, which then sends the connection to the correct server. While the Session Directory screen is still displayed, locate the checkbox labeled IP Address Redirection, and verify that the checkbox is cleared. (If the check box is checked, clear the check box.) If you do not clear the check box, the servers will redirect connections directly to other servers in the cluster, rather than to the BIG-IP.
Creating a Windows local group and adding members to it
The next step is to create a Windows local group and add the servers to it.
- On the session directory server, click the Windows Start button and point to Settings and then Administrative Tools, and choose Control Panel.
- Click Computer Management.
- In the left pane, expand System Tools and then expand Local Users and Groups.
- Click the Groups folder.
- Click the Action button and choose New Group. The New Group dialog box appears.
- In the Group name box, type the name Session Directory Computers.
- In the Description box, type a brief description of the group.
- Click Add.
- Select Object Types. A dialog box appears with three checkboxes.
- When prompted, type the Local Administrator user name and password.
- Check the Computers check box and type the server computer names, or click the Check Names button and select the computer names from the list.
- Add the other servers in the same way.
- After all servers appear in the Members list, Click the Create button.
- Close the Computer Management program.
Starting Session Directory
Finally, on the server to which you assigned the Session Directory name, start the Session Directory service. To do this, start at the Windows Start button, point to Settings, Administrative Tools, Services, and then click Terminal Services Session Directory.
Once you have completed these tasks, WTS persistence runs with Session Directory configured, which means that any required redirections normally performed by the Terminal Servers is performed by the BIG-IP. To see a resulting cookie, check the traffic on TCP port 3389. The following is an example of a resulting cookie:
Configuring WTS persistence without Session Directory
When a server has no Session Directory, the server cannot share sessions with other servers, and therefore cannot perform any redirections when a connection to a server becomes disconnected. In lieu of session sharing, Windows clients provide data, in the form of a user name, to the BIG-IP to allow the BIG-IP to consistently connect that client to the same server. Enabling WTS persistence to behave in this way is the non-default mode.
To configure WTS persistence when the servers do not have Session Directory, you must first perform the BIG-IP configuration tasks that are described in Configuring WTS persistence on the BIG-IP .
Next, you must set a BIG-IP global variable, msrdp no_session_dir. Setting this global variable disables Session Directory on all pools on which the msrdp attribute is set. To set the msrdp no_session_dir global variable, use the following command-line syntax:
b global msrdp no_session_dir enable
Finally, you must verify that the Terminal Services service is running on each Windows server in your load-balancing pool.
Additional configuration options
Whenever you configure a BIG-IP system, you have a number of options:
- You have the option in all configurations to configure a BIG-IP redundant system for fail-over. Refer to Chapter 13, Configuring a Redundant System , in the BIG-IP Reference Guide.
- All configurations have health monitoring options. Refer to Chapter 11, Monitors , in the BIG-IP Reference Guide.
- When you create a pool, there are many options that you can configure to suit your load balancing needs. Refer to Chapter 4, Pools , in the BIG-IP Reference Guide.