Gateway

RDP connection redirection

A NetScaler Gateway appliance now supports RDP connection redirection in the presence of a connection broker or session directory. An RDP proxy communication no longer requires an exclusive URL for every connection from the client to the server. Instead, the proxy uses a single URL to connect to an RDP server farm, reducing the maintenance and configuration overhead for an administrator.

Point to note:

  • RDP connection redirection is supported only when SSO is enabled and is supported in both single Gateway and Stateless or Dual Gateway mode along with enforcement (SmartAccess).
  • RDP Proxy feature is supported only with token-based redirection supporting IP cookies. IP-based routing tokens “msts=” are handed back by the Windows session broker or Connection broker when the Use IP Address Redirection functionality is disabled.
  • You can disable the Use IP Address Redirection setting to enable token-based redirection in the following location. Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > RD Connection Broker.

  • Disable the Use IP Address Redirection setting on the RDSH machines and not the connection broker machine.

  • Dedicated redirectors for RDP Proxy connection can be configured.

Prerequisites

  • Create an RDP server profile to enable the 3389 listener on the NetScaler Gateway virtual server. If the machine that you want to RDP is not a member of any RDS connection broker infrastructure, then you do not need the 3389 listener.

  • Enable RDP connection redirection on the NetScaler Gateway appliance to support RDP Proxy in the presence of a connection broker.

Deploy RDP Proxy in the presence of a connection broker

RDP Proxy in the presence of a connection broker can be deployed in the following two ways.

  • With RD session host servers participating in RD connection broker load-balancing.
  • In the presence of the RDP load balancing feature.

With RD session host servers participating in RD connection broker load balancing:

In this case, the RDP URL link can be configured to point to one of the RDP servers as the destination server, which acts as redirector. Also, it is possible to have one of the RDP servers in the farm as destination server (in this case the server does not accept any RDP session).

In the presence of the RDP load-balancing feature:

When connection broker load-balancing is not enabled, we can have the RDP load-balancing feature available on NetScaler to do the required load-balancing of the RDP sessions in the presence of a connection broker. In this case, the RDP URL link has to be configured to have the RDP load balancer as destination server. The RDP load-balancer can be on the same NetScaler Gateway appliance as the RDP Proxy. For more information, refer Loading balancing RDP servers.

Configure RDP Proxy in the presence of a connection broker by using the CLI

At the command prompt, type;

add rdpserverprofile <Name> -psk <string> -rdpRedirection ( ENABLE | DISABLE )

add rdpserverprofile serverProfileName -psk “secretString” -rdpRedirection ENABLE
<!--NeedCopy-->

Configure RDP connection redirection by using the NetScaler GUI

  1. Navigate to NetScaler Gateway > Policies > RDP.
  2. Right-click RDP to Enable or Disable the RDP redirection functionality.
RDP connection redirection