HAProxy Enterprise Documentation 12.5

Configuring Remote Desktop with HAProxy

The main purpose of the connection broker, formerly "session broker", is to reconnect a user to his existing session. Since Windows 2008, the connection broker has a load-balancing mechanism. HAProxy also provides this persistence feature with added security by acting as a reverse proxy to break the TCP connection between the client and the server.

Configuring RDS without a connection broker

It is possible to load-balance terminal services without relying on a connection broker component. In this case, HAProxy performs the persistence and session resumption using the mstshash cookie stored in a stick-table.

peers hapee
    peer hapee1
    peer hapee2

frontend ft_rdp
    mode tcp
    bind name rdp
    timeout client 1h
    log global
    option tcplog
    tcp-request inspect-delay 2s
    tcp-request content accept if RDP_COOKIE
    default_backend bk_rdp

backend bk_rdp
    mode tcp
    balance leastconn
    timeout server 1h
    timeout connect 4s
    log global
    option tcplog
    stick-table type string len 32 size 10k expire 8h peers hapee
    stick on rdp_cookie(mstshash)
    option tcp-check
    tcp-check connect port 3389 ssl
    default-server inter 3s rise 2 fall 3
    server srv01 weight 10 check
    server srv02 weight 10 check

It is possible to read the content from the stick table to know which user has been assigned to which server:

$ hapee-lb-cmd <<<"show table bk_rdp"
# table: bk_rdp, type: string, size:10240, used:5
0x21c7eac: key=Administrator use=0 exp=83332288 server_id=1
0x21c7eac: key=test-001 use=0 exp=83332288 server_id=2


RDP clients do not behave the same way when sending mstshash cookie. See below.

Next up

Configuring Remote Desktop Gateway