RDS Gateway Farm Policies

[glenimp617]

Hi all,

I have a 4 node RDS gateway farm.

My understanding is that all the farm does is ensure the inbound and outbound connections per user is assigned to the same server within the farm. That being the case, do you have to manually create the policies per server?

Just seems funny I have to create four policies rather than just one and have it replicate across the entire farm.

It's been a few years since I did all this!

Thanks

 

[blueboy2001]

Server 2012 R2?

All done through Server Manager. Add all the host servers and the Connection Broker to the same Server Manager instance and you control it all through there.

Note that the RDS Gateway role is not required and is generally used for securing remote access external connections - they terminate at the gateway on port 443 and it effectively proxies to the session hosts. It is the connection broker that assigns users to hosts - you don't have a farm without a CB.

 

[glenimp617]

No, Server 2016

This is only for external access

443 Gateway NLB > 3389 BKR DNS RR > Session Hosts

There is no DMZ on site, but they do have one hell of a firewall appliance. Microsoft talks about best security practice is through using a reverse proxy which our firewall vendor supports. Currently any external connection is allowed in on 443 to the gateway servers. Everything has a purchased wildcard certificate.