Taking advantage of LDAP auth to serve 1000+ unique customers with individual resource limits.
Company customer base is above 1000 client username limit of Standard edition broker. There is also a need to limit the number of connections/resources per unique customer.
The solution to username limit:
By setting up LDAP authorization, the broker will match directory entry with the client entered username. It will extract group membership and match it to client profile preconfigured for that LDAP group. A client username will get generated dynamically for the duration of a connection and will be removed after a session is disconnected. Matched client profile can set individual "per client username" resource limits. I.E. three device connections per unique customer.
This way a large base of customers can use a single instance up to its concurrent connection limit. What about increasing this connection limit?
The solution to the connection limit:
A single abbreviation for the solution - DMR. Using Dynamic Message Routing combined with a load balancer, host list session settings or simply round robbing the hostnames/IPs on the client until connected. This will allow a single "logical" VPN to spread across physical nodes and increase your connection limits.