Making a VDI deployment fault-tolerant is more complex than one might initially assume. The only way to ensure true fault tolerance is to design the network so that no single component can become a single point of failure. Since there are several different server roles used in a Windows-based VDI deployment, you must address each of those roles in your fault-tolerant solution.
I don't have the space to discuss fault tolerance for each server role at length. Instead, I'll describe options for improving the fault tolerance of each role commonly used in Windows Server 2008 R2-based VDI deployments.
The Remote Desktop Gateway server
Unfortunately, Microsoft does not offer a fault-tolerant solution for Remote Desktop Gateway servers. The good news is that gateway servers are required only if access to virtual desktop pools is being provided to external clients.
If your network does require gateway servers, then your best bet is to deploy parallel gateways and then use Domain Name System (DNS) servers round-robin to load balance the inbound requests. Keep in mind that this approach does not prevent users from receiving an error message if a failure occurs. However, it will prevent external users from being completely cut off. If external users retry their connections enough times, they should eventually be able to connect to one of the remaining gateway servers.
The Remote Desktop licensing server
It's easy to forget about the licensing server when planning a fault-tolerant VDI deployment, but a failed licensing server could cause a major outage. If a licensing server fails, then any user who either has not yet acquired a Remote Desktop license or whose current license has expired will be unable to access the virtual desktop pool.
Microsoft does not offer a true fault-tolerant solution for Remote Desktop licensing servers. Instead, it recommends deploying two licensing servers and placing half of the licenses on each server. That way, if a licensing server fails, it won't cause a total outage.
The Remote Desktop Connection Broker server
Unlike the other server roles, the Remote Desktop Connection Broker can be hosted on a failover cluster. A failover cluster can provide true fault tolerance for this role.
The Remote Desktop Session Host server
Unfortunately, there is no way to make a Remote Desktop Session Host server truly fault-tolerant. For example, the Remote Desktop Session Host role cannot be hosted on a failover cluster. Microsoft recommends deploying multiple session host servers in parallel and then using the connection broker to load balance those servers. This approach won't prevent user sessions from being dropped in the case of a failure, but users should be able to reestablish their connections by rebooting.
Keep in mind that because load balancing is being used to implement a degree of fault tolerance, it is important for your session host servers to have sufficient capacity to handle the increased workload that they will experience if one of the session host servers fails.
The Hyper-V server
The virtual machines used within a virtual desktop pool are hosted on a Hyper-V server. You have two main options for providing fault tolerance to Hyper-V. One option is to create a failover cluster. The other option is to create a cluster that uses shared storage.
My recommendation is to use a failover cluster without shared storage. That way, the storage array does not become a single point of failure.
As you can see, Microsoft's VDI solution is a bit lacking when it comes to fault tolerance. By using load balancing, you can take some steps to prevent a total outage from occurring.
ABOUT THE AUTHOR
Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award four times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and health care facilities and was once a network administrator for Fort Knox. You can visit his personal website at www.brienposey.com.
This was first published in June 2010