Forum Discussion

dhotman_22537's avatar
dhotman_22537
Icon for Nimbostratus rankNimbostratus
Feb 17, 2011

RDP Load balancing (pool routing) based on user or hostname

Hi everyone,     We have a Microsoft TS cluster of 4 machines with a session directory and load balancing across this cluster is handled by our LTM. Everything works really well and overall we ...
application delivery
dev
devops
iRules
hooleylist's avatar
hooleylist
Icon for Cirrostratus rankCirrostratus
Feb 17, 2011
I don't know enough about the Microsoft options to give a specific recommendation, but I believe they have a few solutions for load balancing TS servers. If they do and they're not too expensive, I'd guess it would be a simpler solution.

 

 

Assuming the "ADD CLIENT AUTHENTICATION" license token is in the active modules section (as opposed to the optional odules section) it looks like you do have ACA licensed. So you can make LDAP calls from an iRule. But it's not a simple implementation. Take a look at the _sys_auth_ldap iRule for an example. That's for HTTP, but I think you could adapt the logic to parse TCP data and do an auth lookup via LDAP to an AD virtual server (or server).

 

 

Edit: Actually, after looking at the AUTH::response_data wiki page, I'm not sure you can do anything but an LDAP request with a username and password sent and an auth status returned. So ACA might not be an option at all...

 

 

Aaron