RDS 2008 R2 with F5 LTMs, Token Redirection and no RDS Gateways

Hi all

 

I am trying to deliver a RDS solution to external usrs but don't want to use HTTPS. This is two internal networks but at different security classifications so RDP is ok to use.

 

We want users from Network A to access RDS Session Hosts in NEtwork B all by RDP. We don't want to use a 2008 R2 RDS Gateway as this makes it HTTPS. We cannot use win server 2012 yet which I know would stop this problem by letting us use UDP.

 

Anyway, we have read the F5 RDS doc and scenario 1 looks like the one for us. It shows the F5 LTMs using Token Redirection which stops the clients from Network A being have to talk direct IP to the Session Hosts in Network B, which of course they can't as NAT is used between them.

 

Questions I have are these.

 

1) Am I right in assuming this setup does not require RDS Gateways and RDP all the way is fine even across NAT? 2) what is theflow for this solution, for example does the LTM on Network B talk directly to the RDS BRoker itself or does the RDP request from the client simply go to the first session host server that replies from the pool ? If so does the session host then go to the brokerr to ask whch server is best and if they have an old connection ETC as normal RDS does? 3) What exactly is the LTMs role in this flow? 4) Do we need a LTM on Network A and NEtwork B? The diagram 1 in the F5 RDS doc shows a LTM on Network A as a reverse proxy and a LTM on NEtwork B

 

any help on this would be so appreciated, really stuck

 

regards