RDS Load balance

Hello there experts,

We are trying to balance out some new terminal servers.

The traditional way microsoft has it running is round robin based dns, this will distribute sessions not % load.
We have tested this with 3 terminal servers and 10 test users.
We loaded up TS1 with 80% ram use, and the 10th user still gets placed there, even though TS2 and TS3 are much less loaded.

What we are looking for is  a way to balance terminal servers by % load, not session.
If accounting users all ended up on the same TS that would be bad.

What are people using to balance out load? Hardware appliance? Virtual appliances?
The load base on this project is 110 users concurrently, with a maximum of 150 users.

Currently we run 6 terminal servers and people are assigned to them, while we have 2 servers that are vastly under-utilized with expected growth managing them in a manual way is not feasible.
LVL 3
wlacroixAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
RDS does not have any built-in method for load balancing by anything other that session count. The idea (generally) is that if you have a heavy accounting application, you'd want to set up RDSH servers hosting just the accounting applications and then create a collection for that app. Then it doesn't matter which RDSH server a single user lands on as they are all "heavy" app servers. Light apps would be a different collection and a different set of servers. It is better to have take four servers and split them into two collections of two servers each than to run all apps on four servers and run one large collection.

For very small deployments, this obviously doesn't always work out well, but then again, for small deployments, you usually aren't worried if a few users end up on the same server.

Are there edge cases? Sure. But at that point you'll need to look at 3rd-party, such as Citrix, to extend the flexibility of the system. It simply can't be done in RDS alone.
1
wlacroixAuthor Commented:
We have a single app for our deployment and all 110 users use this app daily. (with that said, of course the software team will want to give the users more applications, which just causes me more issues)

The issue is with the new version it balloons up to 6-7-8 gigs per user, but it vastly depends on what sections of the app they use\or enter. (yes they are restricted to some sections)

If they are in say a sales order entry all day, that's the only module that gets loaded, thus a light load. If they go into work orders then this will increase, when they close the work order module the memory does not get released just encase they open it again.
In the case of say a shipping person, they will be in 6+ modules a day, thus they will be bloated.

An accounting person will be in most modules each day. If say 4 of them (out of 10+) landed on the same TS in a session based load balance, they could potentially be using 24+ gigs of ram for these users.
We were planning on 6 terminal servers with 32 gigs of ram each. which only gives me an average of 1.5 gigs of ram, after subtracting 24 gigs of ram for windows.

With this in mind, it wont be enough, so we either increase the ram per terminal server, or we go with more terminal servers.

We are OK using a 3rd party vAppliance to manage the gateway portion, as long as it is based on % load not on sessions.

In priority of requirements:
Ram Use (avg)
Processor Use (avg)
Sessions

Kemp makes a vAppliance as does Barracuda.
0
David Johnson, CD, MVPOwnerCommented:
there is no way when launching a session to know what the user will do with the session once launched.  As mentioned before you as an admin can give it some help because you know in advance that a certain group of users are heavy users and you can set their rdp sessions and servers appropriately rather than using round-robin.

We have a single app for our deployment and all 110 users use this app daily. (with that said, of course the software team will want to give the users more applications, which just causes me more issues)

The software team needs to do a redesign of their application and split it into two areas, user front end and the server based back end (that does the heavy lifting).. the back-end may have to be clustered to handle this load .. perhaps splitting off the database onto different database servers is also an option or clustering sql databases is required.

This will give you a stable point of reference at the user rdp end

If they are in say a sales order entry all day, that's the only module that gets loaded, thus a light load. If they go into work orders then this will increase, when they close the work order module the memory does not get released just encase they open it again.
In the case of say a shipping person, they will be in 6+ modules a day, thus they will be bloated.

An accounting person will be in most modules each day. If say 4 of them (out of 10+) landed on the same TS in a session based load balance, they could potentially be using 24+ gigs of ram for these users.


simply unacceptable. remember the 6P rule
Prior planning prevents piss poor performance
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

wlacroixAuthor Commented:
The application is already split kinda, it does sit on an SQL server, each database is about 60 gigs in size, and there are 6 companies involved, so its not a small thing at all. This is not handled by me other than hardware allocation and server build, the SQL team takes care of all the rest.

the front end is based on user credentials\security to modules. As an example a front end person does not have access to the payroll side or say the accounts receivable side.

I am looking into a load balance type appliance or virtual appliance to see if we can do it that way.
0
Cliff GaliherCommented:
You won't get what you want out of a load balancer either. Even if all RDSH servers have the same application, you can still split up the collections by role. So take four of the six servers (as an example) and create a collection and call it "accountants" and publish the app or desktop to your accountants (by user group or similar.)  Then take the other two and make a collection for other users and publish to those groups.  

That way, even with simple session based balancing, your accountant users (who access most modules, based on your description) would get spread across four servers instead of spreading 110 users scattershot across all six servers and risking all four accountants landing on the same server. Even if you have 8 accountants, the above would ensure no more than two end up on the same server.  Of course the other servers will probably run unutilized more often, but that's the trade-off.

In short, without a *significant* re-architecting or investment in high-end software (not just a load balancer or load-balancing vAppliance) you won't get what you want. But you can make simple changes to mitigate the worst-case scenarios.
0
wlacroixAuthor Commented:
We are still testing the round robin feature in windows, regardless of % load, i think we may be willing to suck that up. If I have to spin up another TS its not totally a big deal.

One issue we are having is testing active session limits. and DNS resolutions using round robin.

TS1 3 users IP 19
TS2 2 users IP 20
TS3 2 users IP 21

User 4 ping gate.company.local and gets an ip of 19, when they try and remote into 19 they get no connection available even though there are 2 sessions one on TS2 and TS3.
They are stuck and it wont push them to TS2

We are looking at active session limits to load balance further on more TS's vs doing a load balance tool (hardware or vAppliance)

TTL was reduced to 30 seconds, but it does not seem to be doing anything at all.
We were hoping that it would make the users dns change to another server.....

One of the unfortunate things out of all of this, is that there seems to be no clear way to load balance terminal servers in a simplistic way. Its a bandaid in saying that "this is good enough" instead of what we all want.

There is also a rumor that Microsoft will be adjusting their load balancer tools for RDS in 2014 server.
0
Cliff GaliherCommented:
I am not seeing anywhere that you've stated which OS you are using, but one of your selected topics was server 2012, so I'll assume that's what you are using. If that is indeed the case, you shouldn't be using round robin DNS at all. Create collections. Publish them to your topology. And have a connection broker. The RDCB is aware of connections and properly load balances far better than round robin DNS could. This was actually true in 2008 R2 as well, but with the collection architecture of 2012, it is far more prominent now. Round robin DNS is no longer recommended or required.
0
wlacroixAuthor Commented:
Yes we are using 2012 server in our testing.

RR is setup for TS servers, and were researching on the RDCB right now.

But we cant connect to the RDBC with a remote desktop connection at all, just tells us the user is not authorized for logon, which makes sense as the RDBC is not a session host server.

We are NOT using HA for RDBC either, so I am a bit confused as what you would put in the RDC server connection line, and where exactly that points to.

I have a collection called test group right now.

We have read multiple 2012 setup documents and all follow the same standard as 2008 R2 server did. This is why we are testing.

We just set the certificate on the RD connection broker - publishing and figuring out what is next.
0
Cliff GaliherCommented:
Publishing collections is done through the new server manager interface.

You can make the RDCB highly available if you desire. It is basically a cluster.

If you simply point RDC at the RDCB, the RSCB does not know what collection you want to connect to, so it assumes a local connection. This is expected behavior. The expected method to connect to a collection is through RDWA or published feeds using an app that can read them (the remote apps and desktops control panel in win7 and 8, the modern remote desktop app from the windows store for win8 or windows phone, the updated remote desktop app in the Apple store, etc.)

If you *really* want to just use RDC, you have to point it at the RDCB and then save the connection as an .rdp file. You then edit the file in a text editor like notepad and manually add the collection name. There is no GUI in RDC to do this as this is no longer the recommended method for end users to connect.
0
wlacroixAuthor Commented:
So the reality is this.

We either send out an edited RDP file to the users OR we get them to use web access to the broker?
0
Cliff GaliherCommented:
Or get them to use a modern RD app. Or push connections to their start menu via group policy.
0
wlacroixAuthor Commented:
What is considered a modern RD app?
0
Cliff GaliherCommented:
As I mentioned above, one from the windows store or apple store. Haven't checked Google play lately to see if Microsoft has one there yet.
0
wlacroixAuthor Commented:
I am only familiar with the RDC client.
0
Cliff GaliherCommented:
.rdp files published via RDWeb can still launch using the traditional RDC client. But the client has not been enhanced to expose new settings in its default GUI. Just a limitation of that program.
0
wlacroixAuthor Commented:
Yeah that is what I figured too.

So web access through broker works fine, it shows me my collection. Is there any way to force people to a specific collection?
And they have to enter their credentials twice, once to access the web page, then again to access the collection.

What would be nice is one logon and bam, desktop.
0
Cliff GaliherCommented:
TechNet has an article on how to configure single sign-on in 2012. That will solve that issue. You can set permissions granting only specific users access to specific collections. In server manager in the collection properties. But if a user has been granted access to multiple collections, no, I'm not sire why you'd want to force them to one. Otherwise why were they granted access to the others collections at all?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
wlacroixAuthor Commented:
I think the powers that be want a single sign on and a single group of TS servers, so they can add to it at any given time.

My technical issue is that they are different companies all together, 6 domains accessing the same group all running the same application.

I think they should have separate collections, but I think we will need another meeting.

Web access is me and my partners focus right now, going to play with that a bit.

You have been an amazing resource, thank you.
0
wlacroixAuthor Commented:
We have finished testing the web broker logon and it works marvelously. SSO works, broker is load balancing properly etc.
Now working on some group policy stuff, after that some web page customization, then we will do a full rebuild of the test environment and document some things.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Remote Access

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.