Multiple gateways on network with SBS RD GW and 2008R2 TS

Posted on 2014-04-07
Medium Priority
Last Modified: 2014-04-26
Hi there

we have

1x SBS 2011 running RWW / RD Gateway
1x Server 2008 R2 running TS / RDS role
10x Local users
10x Remote users

All sharing one internet connection. Its getting very slow in peak times.

We want to send the remote users in and out on a different internet connection.

Want to get expert opinion on best practices here. It seems so simple in my mind, just give the TS a different gateway IP. Though I think that in reality this won't work, causing connections to drop during handover between the gateway and the terminal server session.

In the SBS / TS combo environment I am under the understanding that the SBS must have the RD Gateway role, and that in order for the SBS 'magic' (rww, etc) to work properly then we need the SBS Server to handle the DHCP and distribute the DNS etc. In which case the SBS and the clients must share a common gateway. How then, can we make this work? With remote users coming into the SBS servers RWW website in order to connect to the terminal sessions on the TServer on a seperate gateway.

Thanks for your assistance, Paul
Question by:Paul
  • 3
  • 2
LVL 22

Expert Comment

by:David Atkin
ID: 39982779
Hi Paul,

Yes the SBS has the RD Gateway Role installed.  I wouldn't advise removing the role as it can cause issues.

What is the speed of your existing internet connection?  Is it possible to get it upgraded?  Fibre available in your area?

You are correct that you are going to have a problem with having different gateways on the machines.

Is connecting via an RDP icon an option?  I.e. opening a port on your second router to do an RDP direct?
LVL 11

Expert Comment

ID: 39985879
I think you have to clear 2 things:

First, you'll have to improve your servers' memory and your internet connection if you are having problems with only 20 users.

Second, TS is use mainly to give access to users on servers to run applications and can be configured to be accessed directly without calling another service and need special license.

RWW, is another way to give applications, computer access and server access to users, internal and external.  Can be configured to work without TS and must be configured to assign incoming connections a valid IP within the LAN.

Accepted Solution

Paul earned 0 total points
ID: 39993131
Hi David

Fibre is available in AUS but its extremely expensive. We currently pay about $80 for our ADSL connection per month. Fibre starts at $1000 per month for 10Mb/10Mb.......

At that price we would be considering several spanned ADSL connections run through a load balancing device before we talked about fibre.

We can easily open RDP ports to the second server, but I am under the impression that using the TSgateway offers the advantages of SSL which would be lost if we just forwarded 3389 to the TServer? Correct me if im wrong here, but the TSgateway offers alot of advantages security wise over that model?

In reality if this wasn't true, that would be fine. None of the users ever got the hang of accessing the computers or TS remotely through the RWW website, they all ask for us to generate desktop icons for them to dial in with a single click, bypassing the RWW website altogether. The connections still use the TSgateway as a proxy though.

Hecgomrec, thanks for coming down. I am unsure whether there is sufficient evidence in the OP to lead you to assumption of memory shortage. The servers are well over powered for what they are being asked to do. Each server sits on physical with 36GB. Its a basic issue of bandwidth.. Internal people and external people sharing a single 24Mb/1Mb ADSL connections. The servers fly, but the internet doesn't.

I understand that RWW doesn't 'need' a terminal server to operate, we operate RWW without TS at other sites but unless each remote user has a dedicated physical machine then the TS becomes the necessary and obvious choice over having a pile of desktops stacked in the corner running headless 24 hours a day waiting for a remote connection. Instead, we have a TS, and remote users who never attend site solely access the TS, while local users who require remote access from time to time have their own computer left on to enable them to dial into their desktops. Its these handful of remote only users who complain of slow down, none of the internal users are ever affected. And if and when those internal users do require remote access they generally do it after hours when the internet is not under contention as it is during the day.

Sounds like if you cant have a dual gateway setup in the current setup that the solution might be a load balancing router with QOS and the ability to dictate traffic from the TS be routed out the second internet connection? I suppose this way we can keep both servers seeing a single gateway but increase the performance of the TServer?
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.


Author Comment

ID: 40001038
This seems to me like a pretty basic question regarding configuration of the network here guys, if the answer is a new appliance for handling the load distribution then thats fine. Unless of course there is a way to do it with the current equipment. Anybody provide anything solid here? If more information is required then  I will happily provide.

Cheers, Paul
LVL 22

Assisted Solution

by:David Atkin
David Atkin earned 500 total points
ID: 40005987
Hi Paul,

Sorry for the delay in my reply.

That's very expensive for Fibre!  We currently get it at about £50 per month on a 100Mb connection.

You are correct about the SSL. But I would forward an alternate port to 3389 as its better for security reasons.

You're solution here would be to install a load balancer so that your internal gateway would remain the same but it would control both WANs.

In most cases when load balancing comes into effect it is a good idea to have the WAN connections from separate ISP's - Then if one goes down, the other one should be ok.

Author Closing Comment

ID: 40024338
Was really hoping for there to be a way to have the second server go out over a seperate internet connection without the need for additional hardware. Unfortunately sometimes you already know the answer to the question you want to ask but don't want to admit it!

Thanks everybody for your time.

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question