Solved

Multiple gateways on network with SBS RD GW and 2008R2 TS

Posted on 2014-04-07
6
323 Views
Last Modified: 2014-04-26
Hi there

we have

1x SBS 2011 running RWW / RD Gateway
1x Server 2008 R2 running TS / RDS role
10x Local users
10x Remote users

All sharing one internet connection. Its getting very slow in peak times.

We want to send the remote users in and out on a different internet connection.

Want to get expert opinion on best practices here. It seems so simple in my mind, just give the TS a different gateway IP. Though I think that in reality this won't work, causing connections to drop during handover between the gateway and the terminal server session.

In the SBS / TS combo environment I am under the understanding that the SBS must have the RD Gateway role, and that in order for the SBS 'magic' (rww, etc) to work properly then we need the SBS Server to handle the DHCP and distribute the DNS etc. In which case the SBS and the clients must share a common gateway. How then, can we make this work? With remote users coming into the SBS servers RWW website in order to connect to the terminal sessions on the TServer on a seperate gateway.

Thanks for your assistance, Paul
0
Comment
Question by:Paul
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:David Atkin
ID: 39982779
Hi Paul,

Yes the SBS has the RD Gateway Role installed.  I wouldn't advise removing the role as it can cause issues.

What is the speed of your existing internet connection?  Is it possible to get it upgraded?  Fibre available in your area?

You are correct that you are going to have a problem with having different gateways on the machines.

Is connecting via an RDP icon an option?  I.e. opening a port on your second router to do an RDP direct?
0
 
LVL 11

Expert Comment

by:hecgomrec
ID: 39985879
I think you have to clear 2 things:

First, you'll have to improve your servers' memory and your internet connection if you are having problems with only 20 users.

Second, TS is use mainly to give access to users on servers to run applications and can be configured to be accessed directly without calling another service and need special license.

RWW, is another way to give applications, computer access and server access to users, internal and external.  Can be configured to work without TS and must be configured to assign incoming connections a valid IP within the LAN.
0
 
LVL 1

Accepted Solution

by:
Paul earned 0 total points
ID: 39993131
Hi David

Fibre is available in AUS but its extremely expensive. We currently pay about $80 for our ADSL connection per month. Fibre starts at $1000 per month for 10Mb/10Mb.......

At that price we would be considering several spanned ADSL connections run through a load balancing device before we talked about fibre.

We can easily open RDP ports to the second server, but I am under the impression that using the TSgateway offers the advantages of SSL which would be lost if we just forwarded 3389 to the TServer? Correct me if im wrong here, but the TSgateway offers alot of advantages security wise over that model?

In reality if this wasn't true, that would be fine. None of the users ever got the hang of accessing the computers or TS remotely through the RWW website, they all ask for us to generate desktop icons for them to dial in with a single click, bypassing the RWW website altogether. The connections still use the TSgateway as a proxy though.

Hecgomrec, thanks for coming down. I am unsure whether there is sufficient evidence in the OP to lead you to assumption of memory shortage. The servers are well over powered for what they are being asked to do. Each server sits on physical with 36GB. Its a basic issue of bandwidth.. Internal people and external people sharing a single 24Mb/1Mb ADSL connections. The servers fly, but the internet doesn't.

I understand that RWW doesn't 'need' a terminal server to operate, we operate RWW without TS at other sites but unless each remote user has a dedicated physical machine then the TS becomes the necessary and obvious choice over having a pile of desktops stacked in the corner running headless 24 hours a day waiting for a remote connection. Instead, we have a TS, and remote users who never attend site solely access the TS, while local users who require remote access from time to time have their own computer left on to enable them to dial into their desktops. Its these handful of remote only users who complain of slow down, none of the internal users are ever affected. And if and when those internal users do require remote access they generally do it after hours when the internet is not under contention as it is during the day.

Sounds like if you cant have a dual gateway setup in the current setup that the solution might be a load balancing router with QOS and the ability to dictate traffic from the TS be routed out the second internet connection? I suppose this way we can keep both servers seeing a single gateway but increase the performance of the TServer?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 1

Author Comment

by:Paul
ID: 40001038
This seems to me like a pretty basic question regarding configuration of the network here guys, if the answer is a new appliance for handling the load distribution then thats fine. Unless of course there is a way to do it with the current equipment. Anybody provide anything solid here? If more information is required then  I will happily provide.

Cheers, Paul
0
 
LVL 22

Assisted Solution

by:David Atkin
David Atkin earned 250 total points
ID: 40005987
Hi Paul,

Sorry for the delay in my reply.

That's very expensive for Fibre!  We currently get it at about £50 per month on a 100Mb connection.

You are correct about the SSL. But I would forward an alternate port to 3389 as its better for security reasons.

You're solution here would be to install a load balancer so that your internal gateway would remain the same but it would control both WANs.

In most cases when load balancing comes into effect it is a good idea to have the WAN connections from separate ISP's - Then if one goes down, the other one should be ok.
0
 
LVL 1

Author Closing Comment

by:Paul
ID: 40024338
Was really hoping for there to be a way to have the second server go out over a seperate internet connection without the need for additional hardware. Unfortunately sometimes you already know the answer to the question you want to ask but don't want to admit it!

Thanks everybody for your time.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question