An App Gateway is synonymous with Microsoft Remote Desktop Gateway. In a basic Workspaces deployment, the App Gateway hold all three roles associated with a Remote Desktop deployment:
- Remote Desktop Gateway: This is the component that securely tunnels a user’s RDP session connection from the internet to a Remote Desktop session host. The communication between the client machine and the RD Gateway is encrypted using an SSL tunnel and is received on HTTPS port 443. Once the initial communication has been received it is then forwarded to a session host using the RDP protocol on port 3389.
- Remote Desktop Broker – This service performs actions such as checking a user’s credentials, load balancing, and ultimately assigning user sessions across multiple session host.
- Remote Desktop Web – presents access to applications either via a web browser or feed URL.
When do you need to create a new App Gateway? These are the rules:
- For a Shared Domain, when accessing a specific Cloud (say Las Vegas), multiple Organizations will utilize the same App Gateway.
- In a dedicated or BYOAD domain, the Organization will require their own unique App Gateway.
- If a Shared Domain, a Dedicated Domain, or a BYOAD stretches across multiple Clouds an App Gateway will be required for each cloud. Two examples:
- The Acme Company Organization has a dedicated Domain (or BYOAD) which stretches across three (3) clouds, and each cloud has a Workspaces hosted within it, they will require 3 App Gateways, one per cloud with each being dedicate to their use.
- The Gamma Company is part of a Shared Domain which is stretched across three (3) clouds. Further the Gamma Organization has a Workspace hosted within each of those three Clouds. They will NOT require their own unique App Gateway(s), rather they will share with other Organizations within the share Active Directory.
To deploy an App Gateway into a Workspaces environment start by logging into Workspaces, then follow the series of steps below.
- Click Clouds
- Select the Cloud in which you wish to create the new App Gateway. For each unique Domain that exists within a Cloud there will be at least ONE App Gateway. If a domain stretches across multiple Clouds, each Cloud in which a Workspace exists, will require an App Gateway.
Double click on the Cloud you wish to access or click the quick link to App Gateways as shown in the image above.
If you did not click the quick link then you will see a screen similar to this next image. Click the App Gateways tab along the top menu bar.
An image similar to the one below will be displayed. If other App Gateways already exist in this Cloud then you will see them listed here.
Click Create App Gateway.
Next select the Domain you wish to create this App Gateway for. You should have already created a Domain, however, if you have not you can follow the link to Create a New Domain. For instruction on How to Create a New Domain follow the link at the bottom of this page to a KB article on that subject.
After selecting the Domain, the screen should like the above image.
Select the type of App Gateway you wish to create. There are two types:
- Standalone App Gateway: This is the standard type of App Gateway which has the Gateway, Broker, and Web access installed all on one server.
- High Availability App Gateway: This type of App Gateway is special and requires an advanced configuration which includes multiple redundant components, SQL server, and some type of load balancer. This type of App Gateway is beyond the scope of this KB article.
Select Create Standalone App Gateway and press Next
A new Dialogue box will be presented, complete the fields based upon the instructions outlined below:
- Gateway Hostname: Enter the Fully Qualified Domain name in this field. This is the PUBLIC FQDN which will be used to direct traffic to your external gateway address. It should be the name which has the Public DNS entry which will be address translated to your internal App Gateway IP address which you will input in field #7.
- Port number – Enter the port number, the default is 443, however you can use a different port as long the NAT rule in the firewall redirects this port to the internal App Gateway IP address you will enter in field #7
- Broker Hostname: Enter the Broker Hostname. This is the name of the Virtual Machine name. For example: Broker01
- Template: Pick a template from the list of available templates
- Broker Certificate: Pick a certificate which matches the domain portion of the name as you provided in field #1. This can be a wild card certificate, or it can be a certificate which matches the full FQDN.
- License Server Hostname: leave this field blank until later. Entering a server name in this field will install the RDS License Server role on the server you enter, and configure the App Gateway settings to utilize it.
- IP Address: Enter the IP address for the new App Gateway. Be sure this is on the correct subnet, and, as shown in the image, the Workspaces standard is to use .15 in the last octet of the IP address.
- Network: Select the correct Network for the subnet you plan to put the broker on. Make sure the selected network is correct or you will have to rebuild the App Gateway. You should have already create a network during the initial domain creation, however, if you need to create one follow the link at the bottom of this page, How to Create a New Network.
- Cores: This is optional. If you put nothing in this field it will use the configuration of the template. You can change this later.
- RAM: This is optional. If you put nothing in this field it will use the configuration of the template. You can change this later.
Press the Create button.
A new Workflow will begin to create App Gateway. When the Workflow successfully finishes you should see something similar to this next image showing the App Gateway you just created.
If you click on the new App Gateway, the following information dialogue box will open showing the settings.
You have now created a new App Gateway.