Remote desktop services windows 2008 R2 design and certificate requirements


  • Hi Friends,

    I'm in the process of designing 2008 R2 RDS Farm for 500 users. I'm currently testing to set this up based on the following role placement

    3x RDSH -- Internal network - domain joined ( domain.local)

    1x RD Connection Broker  --- Internal network - domain joined ( domain.local)

    2x RD WebAccess and RD Gateway roles on each server -- Internal network - domain joined ( domain.local)

    I'm planning to deploy WebAccess and RD Gateway roles  on the  same server, but wants to have HA for both WebAccess and RD Gateway. As i only have to open port 443 and i don't see any reason to put the RD Web/Gateway in DMZ.

    Can i achieve HA using two servers with each one having RD Web and RD Gateway roles installed? I'm planning to use NLB, but don't know if i can use this when both roles are installed on each of the two servers? is there any best way to design this? does it really effect the performance?

     I red some where that a minimum of 2 SAN certs are required . one to cover the farm name: domain.local [INTERNAL DOMAIN] and another SAN cert covering rdg,web and app signing. do we really need two certs? can i get away with one SAN cert covering domain.local,,,

    OR 1 cert covering domain.local and and use the for RDG/WEB/APP SIGNING?

    what is the best way to perform load test before going to production? any capacity planning tools? automation tools?testing tools?

    I'll really appreciate your help.

    many thanks


    • Edited by RDPS007 Sunday, July 7, 2013 9:08 AM
    Sunday, July 7, 2013 8:30 AM