Project goal is to combine standalone XRDP servers into one cluster.
A broker is the middle component between the desktops and the RDP servers. The broker need to perform the following tasks:
- Check user credentials.
- Assign users to RDP servers, reconnecting if need be. If a user is already logged into one of the RDP servers and only disconnected, send them back to that same RDP server.
- Load balance the RDP server. If the user is not logged in, send them to the least busy server.
RDP Broker works in parallel with XRDP. It makes because:
- Not interfere with original XRDP.
- Test proof-of-concept.
RDP Broker built on top of libraries FreeRDP и NNG.
Tested on Debian 13
$ sudo apt install build-essential pkg-config cmake
$ sudo apt install zlib1g-dev freerdp3-dev libwinpr3-dev
$ sudo apt install libnng-dev libinih-dev
$ git clone https://github.com/AAAPops/rdp-broker.git
$ cd rdp-broker
$ mkdir build && cd build
$ cmake ..
$ make
$ sudo make install
# Default install path is "/usr/local/bin" for Binaries and "/etc/rdp-broker" for Config files.
# To change install path (all will be installed there):
$ cmake -DCMAKE_INSTALL_PREFIX=/opt/rdp-broker ..
192.168.1.121
┌───────────────────────┐
│ xrdp │
192.168.1.99 ┌────────────►o │
┌─────────────────┐ │ │ rdp-agent │
│ │ │ └───────────────────────┘
xfreerdp client │ │ │
─────────────► o rdp-broker ┼────┤ 192.168.1.122
│ │ │ ┌───────────────────────┐
│ │ │ │ xrdp │
└─────────────────┘ └────────────►o │
│ rdp-agent │
└───────────────────────┘
- You have to have 1 or more host with deployed XRDP project.
Hosts
129.168.1.121, 192.168.1.122in the diagram above.
Share the same User's name on all Hosts using local /etc/passwd or LDAP
- On every such a host with running xrdp you need to run rdp-agent with config file like:
/opt/rdp-broker/bin/rdp-agent -f /opt/rdp-broker/etc/rdp-agent.ini -d
[server]
; tcp://192.168.1.99:5555, tcp://127.0.0.1:5555, tcp://*:5555
interface=tcp://192.168.1.121:5555
;interface=tcp://192.168.1.122:5555
[logs]
; LOG_ERR, LOG_WARN, LOG_INFO, LOG_DEBUG, LOG_OFF
level=LOG_INFO
[bash_script]
file=/opt/rdp-broker/bin/agent.sh
- You have to run rdp-broker on dedicated server (
192.168.1.99) with config file like:
/opt/rdp-broker/bin/rdp-broker -f /opt/rdp-broker/etc/rdp-broker.ini -d
[server]
; 192.168.1.99, 127.0.0.1, All
interface=All
port=3389
[logs]
; LOG_ERR, LOG_WARN, LOG_INFO, LOG_DEBUG, LOG_OFF
level=LOG_INFO
[tls]
cert=/opt/rdp-broker/etc/ssl-cert-snakeoil.pem
key=/opt/rdp-broker/etc/ssl-cert-snakeoil.key
[agents]
url-1=tcp://192.168.1.121:5555
url-2=tcp://192.168.1.122:5555
Certificate and Key better take from xrdp installation (/etc/xrdp/cert.pem and /etc/xrdp/key.pem), but you can generate independent ones. In the case of independent Certificate rdp-client will ask validation more than one time.
- Run rdp-client like
"xfreerdp3 /cert:ignore ... /v:192.168.1.99"to skip problem with certifacates validation. It's Ok for trusted network.
$ sudo apt install ./rdp-broker_x.x.x_amd64.deb
Edit /etc/rdp-broker/rdp-broker.ini on RDP-Broker VM (192.168.1.99 on diagram above):
$ sudo systemctl start rdp-broker
Watch logs:
$ journalctl -u rdp-broker -f
Edit /etc/rdp-broker/rdp-agent.ini on RDP-Agent VM(s) (192.168.1.121/.122 on diagram above):
$ sudo systemctl start rdp-agent
Watch logs:
$ journalctl -u rdp-agent -f
broker/agent have to run as daemonMore strictly check config files- TLS connection between Broker and Agents
Parallel access Broker to AgentsPartially finished but further improvement possible.- Probably include bash-script logic into Agent. But it's the last step of the project -)
- Think it over how to start rdp-broker и xrdp on the same host because they have to share the same port 3389. Not sure if it is very important.
Project Debianization