Forum Discussion
Hey There potato_14,
Let me help you out with this!
For the APM VDI side of the profile it creates 4 VIPs in the process (443 TCP, 8443 UDP, 4172 UDP, and 443 UDP)
All of the TCP Connections (PCoIP [4172 TCP]/Blast [8443 TCP]/Authentication [443 TCP]) all flow within the 443 TCP stream so when connecting to Blast via TCP it will utilize the 443 port to do it.
I have attached 2 pictures (Dropbox) of an example of my lab showing this where i disabled UDP 8443 (Blast External) and still can establish an RDSH connection via Blast to the Desktop with the (Performance tracker app that identifies its connection as TCP not UDP) via the APM proxy. I have also attached a diagram showing how it mutates from within the APM VDI Profile from 443 to 22443 within the APM VDI Profile to connect to the VDI.
Originally when we supported Horizon the TCP usecase was the first we supported then we added the UDP functionality afterwards. I tested with my environment using vSphere 7.0U3 + ESXi 7.0U3 + Horizon 2207 + BIGIP v16/17 with the iApp 1.5.9.
https://www.dropbox.com/s/h0ri0ltpjofsn1x/Blast1.png?dl=0
https://www.dropbox.com/s/hqubk1spowuyh2r/Blast2.png?dl=0
Another thing i would mention is that i would highly recommend utilizing UDP and really pusing your Security team to utlize it. Can you use VDI in TCP Yes, however there might be performance degridation of the VDI because of things like packet loss (WIFI/Internet/etc.). Server side wont be impacted but because using TCP will force a retransmission of the packets and slow down the users experience. This is why even VMware recomends the usage of UDP as it will provide the best performance during packet loss scenarios.
If you have more questions let me know!
thank you Matt_Mabis for jumping in!