Forum Discussion

RFosterUSAF's avatar
Icon for Nimbostratus rankNimbostratus
Aug 21, 2019

Using F5 LTM W/ APM to Manage Connections/Traffic between two Seperate Environments.

A bit of an overview for this particular scenario is we have a VMWare Horizon View Environment at a specific level hosting VM's for members of our organization. We also have special individuals who we cant house their VMs or Machines within the same infrastructure (Storage wise). We have what we've established as an Access Network residing on a External Public Network. I'd like to be able to use the F5 Big-IP to handle the Authentication/Traffic for both the VDI Environment (Using PCoIP) and the other environment handling RDP Traffic to a HPE Moonshot 1500 Blade Chassis. We do have vlans all seperating the traffic based on the intended use but what im more curious about is if it is possible to make the Big-IP perform similar functions for the RDP Traffic (Zero/Thin Client connecting to a Blade residing in the Moonshot Chassis) as it does with the VMWare View Horizon Environment (Connection from a Zero/Thin Client to the Big-IP VIP Server and using SAML as the offloaded authenticator and bridging/creating a secure tunnel to the VM upon authentication/validation)


I intend for the Zero Clients/Thin Clients to remain within a "Gray Environment" so for the purpose of this lets give them separate Demonstration IPs.


190.22.0.X would be the external/Public network. - Unsecured

201.93.X.X would be the internal Private Network (VDI) -Secured Network

201.95.X.X Would be the internal Private Network (RDP Moonshot Blades) - Secured Network


The intent is when a user connects the device at their Desk goes "Red/Secured" and upon removal of a smart card it disconnects the sessions and returns the Zero Client/Thin Client back to a Unsecured State and remains that way.


Is it also possible to have the Big-IP to act as a RDP Connection Manager where it will broker the connection between a Zero Client and a specific blade based on the user?

No RepliesBe the first to reply