|< Day Day Up >|
Designing Terminal Server Infrastructure
When designing a
First, identify your Terminal Server requirements. Will you be using Terminal Services for serving applications or just for remote administration? If you are using remote administration only, no additional component installations or licensing is required. Two remote connections and a console connection are supported. Remote administration extends server management across forests and into mixed-mode domains.
Microsoft provides a
License Server Requirements
If applications are being
If the AD is rebuilt, then the licensing server and licenses will need to be reinstalled so they can then be configured in AD Sites and Services.
For high-availability requirements, it is recommended to install at least two Terminal Server license servers with available CALs. The license servers will advertise in AD as enterprise license servers with the LDAP
For load balancing, configure each license server with 50% of the CALS. If a license server is part of a Windows Server 2003 AD forest with multiple domains and multiple Terminal Servers placed in a number of domains, then use the Enterprise mode. Otherwise, use the Domain mode.
If a member server is configured as the Terminal Server license server, Registry modifications on the Terminal Servers will be needed so the server can locate the license server. Refer to Microsoft KB article 279461, "How to Override the License Server Discovery Process in Windows Server 2003 Terminal Services."
Applications can be served to remote offices or to dial-up clients. By using roaming profiles, users can experience the same desktop when connecting from various locations. In a WAN environment, make sure that routers and firewalls do not filter Remote Desktop Protocol port 3389, which is required for client communication.
Enable Remote Desktop Protocol port 3389 on firewalls and routers to allow Terminal Server protocol.
The following list identifies best practices in deploying Windows Server 2003 Terminal Services:
The case study cited here describes the Terminal Services deployment for an actual company that declined to have its name mentioned here. It is referred to as XYZ Company.
Each member bank has its own independent IT environment, which includes Windows NT 4.0 domain, Lotus Notes mail, and file and print server. A total of 7,000 users exist within the 20 banks.
The solution includes a Windows Server 2003 AD forest with a parent-child domain, where the top-level domain is a resource domain, and the child domain is a placeholder for every member bank and their client PCs and users.
The resource domain includes Lotus Notes mail servers, HP Remote Desktop Protocol, Structured Query Language (SQL), file and print clusters, Citrix servers, and finally a management solution. A Storage Area Network (SAN) provides data storage.
To provide separation between member banks, the AD forest is designed to show only the individual bank's resources along with their common resources. The network is designed using firewalls, thereby providing security and optimum network bandwidth.
The network will consist of a Management Virtual Local Area Network (VLAN), a Resource VLAN, and a number of member bank VLANs. For management of the servers on the Management and Resource VLANs, a management solution is proposed.
To provide manageability for the IT resources and to maximize the security of the two Citrix servers, a solution will be implemented that provides the IT resources access to servers placed on the Management VLAN and the Resource VLAN. The IT resources can use either a Citrix client and a back door or a Remote Desktop to the two Citrix servers. From the two Citrix servers (jumpstations), the IT resources can hop to every server using Remote Desktop technology. Every server has three NICs: one for the Management VLAN, one for integrated Lights-Out (iLO) access, and one for the Resource VLAN.
|< Day Day Up >|