Forum Discussion

5 Replies

  • TeddyO_38338's avatar
    TeddyO_38338
    Historic F5 Account
    Jun 18, 2015

    Hi Surya,

     

    Here is a detailed write-up on this: https://devcentral.f5.com/articles/f5-username-persistence-and-cloud-pod-architecture-in-horizon-with-view-6-whats-the-story

     

    For View to be load balanced to multiple pods within 1 data center you would need F5 Local Traffic Manager (LTM) plus Access Policy Manager (APM). The LTM is the load balancing/persistence, the APM removes both the connection servers in the DMZ and APM has the ability to understand the user AAA, plus persistence stored in Active Directory/LDAP to re-establish the user connection back to the same POD.

     

  • itagsurya_20731's avatar
    itagsurya_20731
    Icon for Nimbostratus rankNimbostratus
    Jun 22, 2015

    Hi Tod , Thanks for your reply.

     

    As we don't have the GTM Can i use LTM on top of the two pods?

     

    my Pod's contains below configuration. LTM load-balances you between View Security Servers (external connections) LTM load balances you between View Connection Servers (internal connections)

     

    We need single namespace and load-balance required between the pods.

     

    Do we have any reference architecture document for cloud pod ?

     

    Regards, Surya

     

    • itagsurya_20731's avatar
      itagsurya_20731
      Icon for Nimbostratus rankNimbostratus
      Jun 26, 2015
      Justin - It's physically two datacenters distance between 500 meters. But when its comes to network its single data center,because same networks (VLAN) spread to across the two datacenters.
  • Justin_Venezia_'s avatar
    Justin_Venezia_
    Icon for Cirrus rankCirrus
    Jul 11, 2015

    Hi, Surya.

     

    Sorry for the delayed response. For some reason, did not get notified about your updated post.

     

    In order to get effective single namespace, GTM can be used to place users in the appropriate data center based on things like Geo-location, IP subnet, etc.

     

    Once GTM places you in a data center, LTM will take over load-balancing between the View Security Servers or Connection Servers in the respective data center.

     

    From there - Cloud Pod will take over to find out which DC your existing session is in or based on the Home Site configuration. You don't have to do anything else from a BIG-IP perspective to make CPA work.

     

    So, let's say GTM sends you to DC1 and you have an existing desktop session in DC 2. Site 1's security/connection server will authenticate you on behalf of DC1 and then establish the connection to the existing desktop session in DC2 over the inter-data center network. If you are using security server - the connection is proxied from the DC1 security server to the desktop in DC2, also traversing the inter-data center network.

     

    To sum it up - you'll need LTM for each site to support load balancing of View Security/Connection Servers. GTM is also needed to get you to a single namespace.

     

    Hope this helps!

     

    Justin