Forum Discussion
Jay_Spell
Altostratus
AltostratusView Connection Server Config with UAG
The guides for load balancing Unified Access Gateway have quite a bit of detail regarding the DMZ based components. My question is regarding the right-side of this configuration from the deployment guide.
Does anyone have a link to documentation for setting up the View Connection Server config? There is documentation referenced within the UAG Deployment guide but I have been unable to locate the document itself.
From prerequisites section of the UAG deployment guide.
An internal virtual server configured for Connection Servers - To create the Virtual IP (VIP) for the Internal Connection Server, refer to the Load Balancing VMware Horizon Connection Servers guide on F5’s website.
Appreciate any help.
sandy16Thought I would update this thread as the official documentation does not make this clear. You will use the same iAPP template for both the UAG and Conn Servers. Tip: Make sure that the Horizon environment is already up and running before introducing F5 for SSL-bridging.
- sandy16
I have the same problem, in my case there are 2 seperate F5 pairs. The external/dmz f5 will host the external VIP and the internal F5 will host the internal VIP. Should I use the same iApp for both? The attached document just shows Using the iApp to Deploy a Virtual Server for UAG’s.
Petar-I_365989Nimbostratus
Hi Jay,
I have similar question. I found this guide: http://docs.hol.vmware.com/HOL-2017/hol-1759-use-3_html_en/
There is a newer version if you login to Vmware HOL - http://labs.hol.vmware.com/HOL/catalogs/lab/3675
I'm wondering if there is a way to load balance both UAG and Connection servers within the same LTM, given that both UAG and Connction server nodes will have their own VIPs. How is you setup, did you have luck setting it up?
Jay_SpellWe set everything up with the iApps - one for DMZ - one for Internal. The UAGs in DMZ forward traffic to the internal VIP. We have not had a problem with the configuration, but the VDI group is still testing the configuration. Can give you an update once we have client traffic.
R_MarcI do not use iApps (I've had nothing but trouble with them). My use case might be a touch different, as this is for a mobile MDM thingy + application VPN. I think there are other uses for UAG, but this is the only place I use it. But yeah, the second cluster in their diagram is completely unnecessary as it has to cross the firewall either way, having a second LTM cluster, physically, is redundant. You could do with two separate iApps on the same F5 cluster, which is effectively what I'm doing, minus the iApps.
- Petar-I_365989
Thanks R Marc, Here is how I want to make it work, and wondering if your setup is similar.
All our clients will connect to VM desktop/app through UAGs VIP (external IP). This is because we do not trust our internal clients to directly connect to connection severs. So all clients will establish connections as follows:
client-> UAGs cluster VIP -> Connection server cluster VIP ->VM desktop/app
Our UAGs and Conn severs are on separate subnets, so having them on the same LTM seems OK, and you confirmed this too.
I'm also willing to use iApp for both - 1 iApp for UAG, and 1 for Connection servers, basically load balancing both clusters. The guides i have shared before - http://docs.hol.vmware.com/HOL-2017/hol-1759-use-3_html_en/ talk about LB for either UAG, or Connection servers, but not the case when I want to do both via separate iApps, and have this work.
Wondering if the above is supported approach, although i see no reason this to be an issue. What's your take?
-Pete