cancel
Showing results for 
Search instead for 
Did you mean: 
Matt_Mabis
F5 Employee
F5 Employee

Hey All, here is the next document in the series for Integration/Deployment guides for F5 with VMware Products.  This guide had a lot of requests.  I am happy to announce that the next document “Load Balancing VMware Unified Access Gateway” is now available to the public!

What is VMware Unified Access Gateway?

VMware Unified Access Gateway (UAG), formerly known as VMware Access Point is an appliance that is typically installed in the demilitarized zone (DMZ).  UAG is designed to provide safe and secure access to desktop and application resources for remote access.  UAG simplifies gateway access and provides tunneled and proxied resources for the following VMware product suites.

What does this Integration Guide Detail?

This documentation focuses on deploying F5 BIG-IP LTM with VMware Unified Access Gateway (UAG) for a production deployment.  When Unified Access Gateway is deployed in a production scenario (n+1) it requires a load balancer sitting in front (for UAG Servers scalability) and behind it (for Connection Server load balancing).  The below picture is an example of the implementation detailed in this guide, we will specifically focus on the load balancer sitting in front (for UAG Server scalability).  In typical deployment scenarios the Load balancer for the connection server would have already been deployed prior to the deployment of the UAG Servers, this path is recommended so that UAG can leverage the Load balancer in front of the connection servers for the UAG's Configuration/Setup.

0151T000003d7dwQAA.png

Here is an example from the document that shows how to setup the advanced monitor we use to identify if a single node within the cluster is online or not.  This monitor is an example of how F5 does more than just a simple load balancing monitor.  Most simple load balancers just check for the HTTPS header or ICMP (Ping) responses to identify if a node is online.  F5 worked together with VMware to identify the best way to identify if a node within a cluster is in maintenance mode (Quiesce Mode) or offline due to other issues.  As you can also see we have more than 1 monitor to identify the node is online, if one of either of the monitors fails then the system is taken offline.  Both have to be online for the node to be considered "OK".

HTTPS – Second Monitor
This monitor is used to identify when the UAG Node is in Quiesce Mode (Maintenance)

  1. Create a simple HTTPS monitor using the following guidance.
    1. On the Main tab, click Local Traffic > Monitors > Create.
    2. In the Name field, type a unique name (different from the first).
    3. From the Type list, select HTTPS.
    4. Ensure the Parent Monitor is https.
    5. In the Interval field, type 30.
    6. In the Timeout field, type 91.
    7. In the Send String field, type (or copy and paste)
      GET /favicon.ico HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n
    8. In the Receive String field, type 200
    9. in the Receive Disable String field, type 503
    10. Leave all other settings at the default and then click Finished.

0151T000003d7dzQAA.png

 

You can now download the updated step-by-step guide for Load Balancing VMware Unified Access Gateway at
https://www.f5.com/pdf/solution-center/load-balancing-vmware-unified-access-gateway-servers-deployme...

Special Thanks to Mark Benson, and the VMware Unified Access Gateway Server development team for all of their assistance putting this together!

Comments
G_Nyamachere
Nimbostratus
Nimbostratus

Thanks for the information Matt!

Is there a newer guide (load-balancing-vmware-unified-access-gateway-servers-deployment-guide.pdf) available for load balancing UAG 3.6 onwards? This one is 3 years old!

ap_id
Nimbostratus
Nimbostratus

There is an updated guide here, suggest they update this blog entry as google seems to prefer this blog and the old guide

 

https://www.f5.com/pdf/partners/f5-load-balancing-vmware-unified-access-gateway-servers.pdf

Version history
Last update:
‎25-Jan-2018 19:24
Updated by:
Contributors