Solved

Multiple gateways on network with SBS RD GW and 2008R2 TS

Posted on 2014-04-07
6
315 Views
Last Modified: 2014-04-26
Hi there

we have

1x SBS 2011 running RWW / RD Gateway
1x Server 2008 R2 running TS / RDS role
10x Local users
10x Remote users

All sharing one internet connection. Its getting very slow in peak times.

We want to send the remote users in and out on a different internet connection.

Want to get expert opinion on best practices here. It seems so simple in my mind, just give the TS a different gateway IP. Though I think that in reality this won't work, causing connections to drop during handover between the gateway and the terminal server session.

In the SBS / TS combo environment I am under the understanding that the SBS must have the RD Gateway role, and that in order for the SBS 'magic' (rww, etc) to work properly then we need the SBS Server to handle the DHCP and distribute the DNS etc. In which case the SBS and the clients must share a common gateway. How then, can we make this work? With remote users coming into the SBS servers RWW website in order to connect to the terminal sessions on the TServer on a seperate gateway.

Thanks for your assistance, Paul
0
Comment
Question by:Paul
  • 3
  • 2
6 Comments
 
LVL 22

Expert Comment

by:David Atkin
Comment Utility
Hi Paul,

Yes the SBS has the RD Gateway Role installed.  I wouldn't advise removing the role as it can cause issues.

What is the speed of your existing internet connection?  Is it possible to get it upgraded?  Fibre available in your area?

You are correct that you are going to have a problem with having different gateways on the machines.

Is connecting via an RDP icon an option?  I.e. opening a port on your second router to do an RDP direct?
0
 
LVL 11

Expert Comment

by:hecgomrec
Comment Utility
I think you have to clear 2 things:

First, you'll have to improve your servers' memory and your internet connection if you are having problems with only 20 users.

Second, TS is use mainly to give access to users on servers to run applications and can be configured to be accessed directly without calling another service and need special license.

RWW, is another way to give applications, computer access and server access to users, internal and external.  Can be configured to work without TS and must be configured to assign incoming connections a valid IP within the LAN.
0
 
LVL 1

Accepted Solution

by:
Paul earned 0 total points
Comment Utility
Hi David

Fibre is available in AUS but its extremely expensive. We currently pay about $80 for our ADSL connection per month. Fibre starts at $1000 per month for 10Mb/10Mb.......

At that price we would be considering several spanned ADSL connections run through a load balancing device before we talked about fibre.

We can easily open RDP ports to the second server, but I am under the impression that using the TSgateway offers the advantages of SSL which would be lost if we just forwarded 3389 to the TServer? Correct me if im wrong here, but the TSgateway offers alot of advantages security wise over that model?

In reality if this wasn't true, that would be fine. None of the users ever got the hang of accessing the computers or TS remotely through the RWW website, they all ask for us to generate desktop icons for them to dial in with a single click, bypassing the RWW website altogether. The connections still use the TSgateway as a proxy though.

Hecgomrec, thanks for coming down. I am unsure whether there is sufficient evidence in the OP to lead you to assumption of memory shortage. The servers are well over powered for what they are being asked to do. Each server sits on physical with 36GB. Its a basic issue of bandwidth.. Internal people and external people sharing a single 24Mb/1Mb ADSL connections. The servers fly, but the internet doesn't.

I understand that RWW doesn't 'need' a terminal server to operate, we operate RWW without TS at other sites but unless each remote user has a dedicated physical machine then the TS becomes the necessary and obvious choice over having a pile of desktops stacked in the corner running headless 24 hours a day waiting for a remote connection. Instead, we have a TS, and remote users who never attend site solely access the TS, while local users who require remote access from time to time have their own computer left on to enable them to dial into their desktops. Its these handful of remote only users who complain of slow down, none of the internal users are ever affected. And if and when those internal users do require remote access they generally do it after hours when the internet is not under contention as it is during the day.

Sounds like if you cant have a dual gateway setup in the current setup that the solution might be a load balancing router with QOS and the ability to dictate traffic from the TS be routed out the second internet connection? I suppose this way we can keep both servers seeing a single gateway but increase the performance of the TServer?
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 1

Author Comment

by:Paul
Comment Utility
This seems to me like a pretty basic question regarding configuration of the network here guys, if the answer is a new appliance for handling the load distribution then thats fine. Unless of course there is a way to do it with the current equipment. Anybody provide anything solid here? If more information is required then  I will happily provide.

Cheers, Paul
0
 
LVL 22

Assisted Solution

by:David Atkin
David Atkin earned 250 total points
Comment Utility
Hi Paul,

Sorry for the delay in my reply.

That's very expensive for Fibre!  We currently get it at about £50 per month on a 100Mb connection.

You are correct about the SSL. But I would forward an alternate port to 3389 as its better for security reasons.

You're solution here would be to install a load balancer so that your internal gateway would remain the same but it would control both WANs.

In most cases when load balancing comes into effect it is a good idea to have the WAN connections from separate ISP's - Then if one goes down, the other one should be ok.
0
 
LVL 1

Author Closing Comment

by:Paul
Comment Utility
Was really hoping for there to be a way to have the second server go out over a seperate internet connection without the need for additional hardware. Unfortunately sometimes you already know the answer to the question you want to ask but don't want to admit it!

Thanks everybody for your time.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now