Example for configuring a load balancer
This example describes the required setup of the F5 BIG-IP load balancer to work with PSM. Reference it when configuring your own load balancer.
The example was created using the BIG-IP (version 12.1.2 Build 0.0.249) web based GUI. This is often referred to as the TMUI - Traffic Management User Interface.
For our example, PSM is installed on Windows 2012 R2.
The following procedures contain a list of BIG-IP LTM configuration objects as well as any custom settings you should configure in this deployment scenario. Unless otherwise specified, settings that are not mentioned in the procedure, configure them as applicable for your environment. |
Health monitors
Use the following procedure to create health monitors.
Create an RDS Health Monitor:
-
Open the Main tab, select Local Traffic > Monitors .
-
On the Monitor Lists page, click the Create button or the + button.
-
On the New Monitor page, enter the following parameters, using F5 send/receive strings:
Field
Description
Name
Enter a unique name for the monitor.
Type
Select the TCP option from the list.
Interval
Enter 30 seconds
Timeout
Enter 91 seconds
Send String
For F5 official send strings per Microsoft Server version, see F5 Knowledge Center>Send/receive strings for Microsoft Server Remote Desktop Session Host.
Examples of F5 send string:
-
For 2016: \x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x0b\x00\x00\x00
-
For 2019: \x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x0b\x00\x00\x00
Receive String
For F5 official receive strings per Microsoft Server version, see F5 Knowledge Center>Send/receive strings for Microsoft Server Remote Desktop Session Host.
Examples of F5 receive string:
-
For 2016: \x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x1f\x08\x00\x08\x00\x00\x00
-
For 2019: \x03\x00\x00\x13\x0e\xd0\x00\x00\x124\x00\x02\x1f\x08\x00\x08\x00\x00\x00
-
Create a PSMHealth Monitor:
This example assumes that the PSM Health Check service is installed on the PSM machines and is configured to work in classic mode.
-
Open the Main tab, select Local Traffic > Monitors .
-
On the Monitor Lists page, click Create or the + button.
-
On the New Monitor page, enter the following:
Field
Description
Name
Enter a unique name for the monitor.
Type
Select the HTTPS option from the list.
Send String
Enter GET /psm/api/health HTTP/1.1\r\nHost:\r\n\r\n
Receive String
Enter PASS
Alias Service Port
Select HTTPS from the list
In some BIG-IP versions, the health monitor fails to use the configured alias service port and instead passes the request to the pool member port. As a result, the pool member is marked as not available. This issue can be solved by installing a hotfix. For more information, see the F5 support. |
Create a server pool with pool members
Create a pool of PSM servers with pool members. The pool identifies which PSM servers you want the virtual server to send client requests to. You can identify the PSM servers by their FQDNs instead of their IP addresses. In this way, the system automatically updates pool members whenever you make changes to their corresponding server IP addresses on your network.
Before you begin:
-
Verify that you have created the health monitors.
- Decide on the IP addresses or FQDNs for the PSM servers that you want to include in your server pool.
- If your system is using DHCP, make sure your DNS servers are not configured for round-robin DNS resolutions. Instead, they should be configured to return all available IP addresses in a resolution.
Create a server pool:
-
Open the Main tab, select Local Traffic > Pools.
-
On the Pool Lists page, click Create or the + button.
-
On the New Pool page, enter the following:
-
Field
Description
Name
Enter a unique name for the pool.
Health Monitors
Select a monitor for the list and move the monitor to the Active list.
For details, see Health monitors
Slow Ramp Time
Enter 300 seconds.
This field appears in Advanced configuration.
Load Balancing Method
-
Select Least Connection (Member)
-
For the New Members setting, add each PSM server that you want to include in the pool.
-
Select one of the following:
- New Node. Enter a name for the node and the IP address for the PSM server.
- New FQDN Node. Enter a name for the node and the FQDN for the PSM server.
If you are using FQDNs instead of IP addresses, you should still enter at least one IP address to ensures that the system can find a pool member if a DNS server is not available.
Service Port
Enter 3389
This is the default port For Remote Desktop Session Host deployments.
Auto Populate
If you are using FQDNs for the server names, then keep Auto populate Enabled.
When you enable Auto Populate, the system creates an ephemeral node for each IP address returned as the result to a DNS query. In addition, when a DNS result shows that the IP address of an ephemeral node no longer exists, the system deletes the ephemeral node.
-
-
-
Click Add.
-
Repeat for each node.
-
Click Finished.
TCP Profile
Create a TCP Profile:
-
Open the Main tab, and select Local Traffic > Profiles > Protocols > TCP.
- On the TCP Profiles List page, click Create or the + button.
-
On the New TCP Profile page, enter the following:
Field
Description
Name
Enter a unique name for the profile.
Parent Profile
Select tcp-wan-optimized or tcp-lan-optimized depending on where your clients are located.
If you select tcp-wan-optimized, disable Nagle's Algorithm.
Idle Timout
Enter 1200
Keep Alive Interval
Enter 75
Virtual server
Before you create a virtual server, verify the following:
-
You created the pool to send traffic from this virtual server.
-
You created the TCP profile.
Create a virtual server
-
Open the Main tab, and select Local Traffic > Virtual Servers .
- On the Virtual Servers page, click Create or the + button.
-
On the New Virtual Server page, enter the following:
Field
Description
Name
Enter a unique name for the virtual server.
The IP address for this field needs to be on the same subnet as the external self-IP address.
Destination Address
Enter the IP address in CIDR format.
The supported format is address/prefix, where the prefix length is in bits.
For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24.
When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
Service Port
Enter 3389
This is the default port for Remote Desktop Session Host deployments.
Protocol
Select TCP from the list. Protocol Profile
Select a profile from the list.
SSL pass-through
The SSL Profiles (Client and Server) fields are left empty.
Source Address Transaltion
Select AutoMap from the list.
Resources
From the Default Pool list, select the relevant pool name.