Forum Discussion
NimbostratusAPM - VMWare View
Hi All, Ive uploaded the newest View iAPP into the LTM and have successfully configured it to allow View Client traffic through and working.
Now, when I enable APM in the View iAPP (for PCoIP proxy through the F5) I can connect through the View Client, however I get the dreaded black PCoIP screen.
From my experience this points to unopened ports or network issues, so Im assuming there is a setting in F5 / APM that is not opened.
Again, I can successfully get into a View desktop when APM is disabled in the iAPP, so it is working.
Any assistance would be greatly appreciated
Thank you
13 Replies
TD-Roy_133837Something I just noticed:
When APM is disabled, there are options in my iApp > Components screen for TCP & UDP forwarding.
When APM is enabled, these options are no longer visible.
Michael_Koyfma1Cirrus
Do you have inbound port 4172 UDP open? That will easily trip you up - typically inbound firewall does not allow that port.
- TD-Roy_133837
Hi Michael,
Thank you for the quick response.
Where on the F5 would I check for UDP 4172 inbound?
I do have Allow All on Port Lockdown option, so Im assuming all can pass through.
- Hi, "Allow All" on port lockdown settings for Self-IPs is not what you think it is. It only applies to traffic addressed to the BIGIP itself (targetting the specified self-IP). It is generally best to leave this to "allow-default" if this self-IP is in use for failover/mirroring, or allow-none (or custom, with HTTPS only) if this self-IP is exposed to the Internet. Leaving it to allow-all for Internet-facing self-IP addresses will expose the SSH port to the Internet, and if you have weak passwords...
You should see a virtual server for UDP 4172 which will listen for and forwards traffic to your VDI. This virtual server is created when you answer "Yes, PCoIP connections should go through the BIG-IP system".
Choose "No, PCoIP connections are not proxied by the View Servers" if using Connection servers only, OR "Yes, PCoIP connections are proxied by the View Servers" if your environment has Security servers implemented.
If you choose "No....", you are prompted to enter the network your VDI guests are located which creates a network forwarding virtual server. This VS listens for requests to the VDI network you specify on UDP port 4172 and forwards it to the VDI.
If you choose "Yes..." then a standard virtual server is used to direct traffic to the security servers you specify in the "Virtual servers and pools" section. The security servers then forward udp traffic as normal.
As a side note, make sure the network you provide for your lease pool range (noted in BIG-IP Access Policy Manger section) has a route to the VDI network you are providing in the PCoIP section.
- TD-Roy_133837
Hi All / Greg,
The UDP forwarder was created when I selection Yes for Proxying, so that is there already.
I think I may have figured it out. I needed to create a new Server Side SSL PRofile with the server name of pcoip-default.sni and assign that to my view :443 VIP.
Looks like I can connect now through APM and not get a black screen.
Thank you all for the suggestions.
Are you running 11.4 with the iApp option "Securely Proxy PCoIp traffic...."?
- TD-Roy_133837
Yes I am.
Ahh, I see. Ignore my post then I thought you where using an older solution. The ssl profile created by the iApp should have included the server perimeter. Did you use the profile created by the iApp or a custom profile?
- TD-Roy_133837
Looking back, it looks like I may have selected the default serverssl profile as opposed to a newly created one within the iApp, maybe that was the issue?
Yes, the default serverssl profile does not include the PCoIP proxy server setting required. Glad it is working for you now.
-Greg
