F5 Certified Practice Exams
Thinking of taking the F5 Certified 101 or 201 exams but not sure if you are ready? Ease the anxiety by taking a F5 Practice Exam! That’s what I did, and it sure helped. If you remember, back in August I attempted the 201-TMOS Administrator exam and successfully failed, missing by a few questions. I’ve been wanting to try again and had an opportunity last week but I hadn’t studied since that initial attempt at Agility. If I failed again, I’d have to wait another 45 days to give it another go. So instead, I decided to take a practice exam. Practice exams provide candidates with an accurate prediction of their performance for the live, production exams. Other than the section-level score reports, they are not intended to be used for study or learning purposes. Their entire value is based on their similarity to the production exams and their validity in predicting your performance. If you think you’re getting a sneak peek to real questions, think again. They use entirely different questions on the live exams, so unless you actually learn the underlying knowledge, 'knowing'the practice questions is completely useless and becomes waste of time. The Practice Exams are designed to mimic the real tests with 80 questions timed to 90 minutes. There are exhibits to consider, you can flag questions to review and you get instant feedback on your results. You can complete on your own device and you can ‘alt-tab’ to look up the answers if you so desire. Not that you should – defeats the purpose. While you do not get an actual score, you do get an indication if you Passed or Failed and insight (Below/Borderline/Meets) on how you did on the sections. As you can see, 4 months of not studying doomed my fate. The 201 is no fly-by and really requires daily hands on experience. If I had done well, I could have taken the real exam the following day. This way, I know exactly where I need to focus and what I need to do to finally pass the 201. They don't allow unlimited access to the practice exams and recommend using the practice exams no more than two, at most three, times as part of your preparation. Once you become familiar with the questions, the practice exam loses its value. Practice exams are delivered via their Zoomorphix Exam Studio system and only available to registered candidates. They have 101 and 201 rehearsals with 301a, 302 and 303 practice exams coming soon. If you’re preparing for a @F5Certified exam, you can review some of the F5 Certification study materials that are available. Good luck! ps
F5 Predicts: Education gets personal
The topic of education is taking centre stage today like never before. I think we can all agree that education has come a long way from the days where students and teachers were confined to a classroom with a chalkboard. Technology now underpins virtually every sector and education is no exception. The Internet is now the principal enabling mechanism by which students assemble, spread ideas and sow economic opportunities. Education data has become a hot topic in a quest to transform the manner in which students learn. According to Steven Ross, a professor at the Centre for Research and Reform in Education at Johns Hopkins University, the use of data to customise education for students will be the key driver for learning in the future[1].This technological revolution has resulted in a surge of online learning courses accessible to anyone with a smart device. A two-year assessment of the massive open online courses (MOOCs) created by HarvardX and MITxrevealed that there were 1.7 million course entries in the 68 MOOC [2].This translates to about 1 million unique participants, who on average engage with 1.7 courses each. This equity of education is undoubtedly providing vast opportunities for students around the globe and improving their access to education. With more than half a million apps to choose from on different platforms such as the iOS and Android, both teachers and students can obtain digital resources on any subject. As education progresses in the digital era, here are some considerations for educational institutions to consider: Scale and security The emergence of a smogasborad of MOOC providers, such as Coursera and edX, have challenged the traditional, geographical and technological boundaries of education today. Digital learning will continue to grow driving the demand for seamless and user friendly learning environments. In addition, technological advancements in education offers new opportunities for government and enterprises. It will be most effective if provided these organisations have the ability to rapidly scale and adapt to an all new digital world – having information services easily available, accessible and secured. Many educational institutions have just as many users as those in large multinational corporations and are faced with the issue of scale when delivering applications. The aim now is no longer about how to get fast connection for students, but how quickly content can be provisioned and served and how seamless the user experience can be. No longer can traditional methods provide our customers with the horizontal scaling needed. They require an intelligent and flexible framework to deploy and manage applications and resources. Hence, having an application-centric infrastructure in place to accelerate the roll-out of curriculum to its user base, is critical in addition to securing user access and traffic in the overall environment. Ensuring connectivity We live in a Gen-Y world that demands a high level of convenience and speed from practically everyone and anything. This demand for convenience has brought about reform and revolutionised the way education is delivered to students. Furthermore, the Internet of things (IoT), has introduced a whole new raft of ways in which teachers can educate their students. Whether teaching and learning is via connected devices such as a Smart Board or iPad, seamless access to data and content have never been more pertinent than now. With the increasing reliance on Internet bandwidth, textbooks are no longer the primary means of educating, given that students are becoming more web oriented. The shift helps educational institutes to better personalise the curriculum based on data garnered from students and their work. Duty of care As the cloud continues to test and transform the realms of education around the world, educational institutions are opting for a centralised services model, where they can easily select the services they want delivered to students to enhance their learning experience. Hence, educational institutions have a duty of care around the type of content accessed and how it is obtained by students. They can enforce acceptable use policies by only delivering content that is useful to the curriculum, with strong user identification and access policies in place. By securing the app, malware and viruses can be mitigated from the institute’s environment. From an outbound perspective, educators can be assured that students are only getting the content they are meant to get access to. F5 has the answer BIG-IP LTM acts as the bedrock for educational organisations to provision, optimise and deliver its services. It provides the ability to publish applications out to the Internet in a quickly and timely manner within a controlled and secured environment. F5 crucially provides both the performance and the horizontal scaling required to meet the highest levels of throughput. At the same time, BIG-IP APM provides schools with the ability to leverage virtual desktop infrastructure (VDI) applications downstream, scale up and down and not have to install costly VDI gateways on site, whilst centralising the security decisions that come with it. As part of this, custom iApps can be developed to rapidly and consistently deliver, as well as reconfigure the applications that are published out to the Internet in a secure, seamless and manageable way. BIG-IP Application Security Manager (ASM) provides an application layer security to protect vital educational assets, as well as the applications and content being continuously published. ASM allows educational institutes to tailor security profiles that fit like a glove to wrap seamlessly around every application. It also gives a level of assurance that all applications are delivered in a secure manner. Education tomorrow It is hard not to feel the profound impact that technology has on education. Technology in the digital era has created a new level of personalised learning. The time is ripe for the digitisation of education, but the integrity of the process demands the presence of technology being at the forefront, so as to ensure the security, scalability and delivery of content and data. The equity of education that technology offers, helps with addressing factors such as access to education, language, affordability, distance, and equality. Furthermore, it eliminates geographical boundaries by enabling the mass delivery of quality education with the right policies in place. [1] http://www.wsj.com/articles/SB10001424052702304756104579451241225610478 [2] http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2586847How is SDN disrupting the way businesses develop technology?
You must have read so much about software-defined networking (SDN) by now that you probably think you know it inside and out. However, such a nascent industry is constantly evolving and there are always new aspects to discover and learn about. While much of the focus on SDN has focused on the technological benefits it brings, potential challenges are beginning to trouble some SDN watchers. While many businesses acknowledge that the benefits of SDN are too big to ignore, there are challenges to overcome, particularly with the cultural changes that it brings. In fact, according to attendees at the Open Networking Summit (ONS) recently the cultural changes required to embrace SDN outweigh the technological challenges. One example, outlined in this TechTarget piece, is that the (metaphorical) wall separating network operators and software developers needs to be torn down; network operators need coding skills and software developers will need to be able to program networking services into their applications. That’s because SDN represents a huge disruption to how organisations develop technology. With SDN, the speed of service provisioning is dramatically increased; provisioning networks becomes like setting up a VM... a few clicks of the button and you’re done. This centralised network provision means the networking element of development is no longer a bottleneck; it’s ready and available right when it’s needed. There’s another element to consider when it comes to SDN, tech development and its culture. Much of what drives software-defined networking is open source, and dealing with that is something many businesses may not have a lot of experience with. Using open source SDN technologies means a company will have to contribute something back to the community - that’s how open source works. But for some that may prove to be a bit of an issue: some SDN users such as banks or telecoms companies may feel protective of their technology and not want is source code to be released to the world. But that is the reality of the open source SDN market, so it is something companies will have to think carefully about. Are the benefits of SDN for tech development worth going down the open source route? That’s a question only the companies themselves can answer. Software-defined networking represents a huge disruption to the way businesses develop technology. It makes things faster, easier and more convenient during the process and from a management and scalability point of view going forward. There will be challenges - there always are when disruption is on the agenda - but if they can be overcome SDN could well usher in a new era of technological development.
Getting Around the Logon/Legal Banner Issues when using APM PCoIP Proxy and Horizon
If you're using APM's PCoIP Proxy and require a logon banner, you've probably figured out that the PCoIP Proxy integration stops working when you turn on the integrated logon banner from within the Horizon Administrator. Adding to the pain, internal users can't get any logon banner since you had to turn it off in order for your external access to work! Well, the wait is over! With the use of a nifty iRule that you can attach to your internal Horizon Connection Servers virtual server, you can now present a banner BOTH internal users as well as external users who access Horizon resources using APM PCoIP Proxy. Here's how it works: Disable the logon banner through Horizon Administrator - the BIG-IP will handle presenting the banners for internal users (through the iRule) and external users (through the View iApp) instead of Horizon. Modify the text in the iRule with the text you want to show in the logon banner. Apply the iRule to your LTM Virtual Server that services internal Horizon users (either manually to the LTM virtual server or through the View iApp). You're done! A couple of things to think about when you implement this: If you need to present a legal disclaimer your external users using the PCoIP Proxy, you can still do that through the Horizon View iApp. Do not apply this to any virtual server running the APM PCoIP Proxy - it's only for providing the logon banner to internal Horizon users. The banner for PCoIP Proxy can be easily enabled through the iApp It's important to ensure the PCoIP Proxy's Connection Server settings are pointing to the individual connection server(s) and NOT the LTM virtual server that has the Logon Banner iRule applied. The iRule source is below. # Attach iRule to iApp created virtual server named "<iapp_name>_internal_https" # Replace the section “This is a XXX computer system that is FOR OFFICIAL USE ONLY. This # system is subject to monitoring. Therefore, no expectation of privacy is to be assumed. # Individuals found performing unauthorized activities are subject to disciplinary action # including criminal prosecution.” with your desired text. when RULE_INIT { # Debug Level 0=off, 1=on, 2=verbose set static::internal_disclaimer_debug 0 } when CLIENT_ACCEPTED { set log_prefix_cs "[IP::remote_addr]:[TCP::remote_port clientside] <-> [IP::local_addr]:[TCP::local_port clientside]" if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: CLIENT_ACCEPTED" } } when HTTP_REQUEST { set bypass 0 if {[HTTP::uri] starts_with "/portal/info.jsp"} { if { $static::internal_disclaimer_debug > 0 } { log local0. "<$log_prefix_cs>: Portal Info request, bypassing further processing"} set bypass 1 } else { if {[HTTP::header exists "Content-Length"]} { set content_length [HTTP::header "Content-Length"] } else { # If the header is missing, use a sufficiently large number set content_length 5000 } if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Set content-length to $content_length"} HTTP::collect $content_length if { [HTTP::path] == "/broker/xml" && [HTTP::header Expect] == "100-continue" } { SSL::respond "HTTP/1.0 100 Continue\r\n\r\n" if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Application requested: client requires 100 continue response, sending 100-continue"} } } } when HTTP_REQUEST_DATA { if { [HTTP::payload] contains "set-locale" and ( not ($bypass)) } { HTTP::respond 200 content {<?xml version="1.0"?><broker version="9.0"><configuration><result>ok</result><broker-guid>aaaaaaaa-bbbb-cccc-ddddddddddddddddd</broker-guid><authentication><screen><name>disclaimer</name><params><param><name>text</name><values><value>This is a XXX computer system that is FOR OFFICIAL USE ONLY. This system is subject to monitoring. Therefore, no expectation of privacy is to be assumed. Individuals found performing unauthorized activities are subject to disciplinary action including criminal prosecution.</value></values></param></params></screen></authentication></configuration><set-locale><result>ok</result></set-locale></broker>} noserver "Connection" "close" "Content-Type" "text/xml;charset=UTF-8" if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Sending Disclaimer Message"} } if { [HTTP::payload] contains "disclaimer" } { if { $static::internal_disclaimer_debug > 1 } { log local0. "<$log_prefix_cs>: Disclaimer Message Accepted - waiting for credentials."} } } This solution has been tested using Horizon 6.0 (and later) as well as the Horizon 3.0 (and later) Client. Earlier versions of the client and/or Horizon Connection Server could produce unexpected results. Big shout-out to Greg Crosby for his work on the iRule!I Am an Application Delivery Fundamentalist!
Fun and a little mental. If you’ve been following along the DevCentral team’s journey toward F5 Certification, then you may be aware that we were in Chicago last week for F5’s Agility 2016 conference and took our 101 Application Delivery Fundamentals exam. I am happy to report that all of us, Jason, John, Chase and I, passed our exams. I gotta tell you, it’s a relief since I didn’t want to title this article, 'Two Out of Three Ain’t Bad.' Good song but wanted to avoid that. We started this excursion back in April (me in March) with the team deciding to create a study group. Each week we’d tackle a topic with the guidance of Eric Mitchell’s excellent Study Guide. We worked through the sections and decided to test our luck with the Certification Team’s mobile testing center...with the pressure of passing during an F5 event. Imagine the slight pre-test anxiety going through our minds if we didn’t pass. ‘How long have you been at F5?’ the questions would have started. My mouth covering, embarrassing, face-palming, muffled response of, ’12 years,’ would not have been sufficient. As Ken told us on the way into the exam room, ‘I tell people it is either pass or fail…so don’t worry about your overall score.’ But he also added specifically to me, ‘You know if you fail, I will give you grief.’ No Pressure. Well, we were prepared and we all passed! Jason, John and I took the exam Tuesday morning. After registering and scheduling with Pearson Vue, we arrived at the mobile test center. You need to sign in and present two forms of ID, one with your picture. Even though the Certification team knew all of us, we still needed to follow the procedure, no exceptions. We liked that we had no special treatment – other than the ‘hello’ hugs – and had to process and pass fair and square. We were seated in different areas since the exam room was fairly full when we entered. The moderator helped each of us get to the proper test associated with our registration and the timer started. For the 101, you have 90 minutes to answer 80 questions. At 23 minutes in, Jason got up and was finished. ‘Wa?!?’ as I look up seeing him walk by, ‘I’m only on question 28!’ I lamented. At least John was still there and I kept an eye on my time and question count the rest of the way. But I also told myself, ‘I’m in no hurry and if I need the full 90 minutes, I’ll take it to the last tick.’ John finished about a 40 minutes later and I was left for the last 30 to myself. With 10 minutes left, I was done but took that remaining time to review my answers. One tip: you can flag questions for review during the test or make comments for yourself as you move along. Close out the ones you know and go back for the more challenging questions. In the end I think I changed 3 answers. No idea if it swayed the results either way. When you are done, you walk back to the registration room and your preliminary results are already waiting. I felt a quiver when Heidi glanced at my results and gave that ‘I’m sorry,’ look. But that was soon turned to glee as I read, ‘you have Passed.’ We were 3 for 3. Chase took the test on Wednesday and also passed. I feel it was a very fair test to determine one’s basic application delivery knowledge. Some networking, some security, some infrastructure. And although we did prepare, it was still a challenging test. These exams are not supposed to be cake-walks but a good way to measure your knowledge around a certain topic. While we passed and may be certifiable in our own right, we are not ‘officially’ F5 Certified. That comes with the 201 exam. The 201-TMOS Administration exam is the second exam required to achieve Certified F5 BIG-IP Administrator status. Candidates must have passed the 101-Application Delivery Fundamentals exam in order to be eligible for the 201 exam. And wouldn’t you know it, we’re all now shooting for the 201. We plan on doing the team study again but we’ll also need to dig into some on box time for this one. I plan on keeping you posted for the 201 but for now, I’ll just bask in my 101 glory. Phew! ps Related: Jumping on the Rails of the Technical Train Let the Training Begin! The Road to F5 Certification DevCentral at F5 Agility 2016Load Balancing VMware's Workspace Portal/Identity Manager with F5 BIG-IP Local Traffic Manager (LTM)
What is VMware Identity Manager (formerly known as VMware Workspace Portal)? VMware Identity Manager is a service that extends your on-premises directory infrastructure to provide a seamless Single Sign-On (SSO) experience to Web, Mobile, SaaS, and legacy applications. Simply put, it's a service aggregator and identity provider for your IT resources. One single login to Identity Manager gains you access to Citrix XenApp, Horizon, Web, SaaS, and ThinApp resources. You can find more about Identity Manager at https://www.vmware.com/products/identity-manager/. BIG-IP can provide intelligent traffic management, high availability and monitoring through the use of BIG-IP Local Traffic Manager (LTM) and BIG-IP DNS (Global Traffic Management). BIG-IP's Access Policy Manager (APM) can also provide secure access to the apps and resources accessible through the Identity Manager portal as well as the actual Identity Manager portal itself. In this article, we'll focus on building a highly available Identity Manager implementation using BIG-IP LTM. You can download the updated step-by-step load-balancing guide for VMware Workspace Portal/Identity Manager here. What's also cool is you can do a walk through of this very setup in the VMware Hands-On-Lab at VMworld 2015 (Look for HOL-MBL-1659) or by clicking the following link - http://labs.hol.vmware.com/HOL/catalogs/lab/2078. Special thanks to Bryan Salek, Matt Mabis, and Mosa Emamjomeh for helping put this together! Stay tuned for a future post on how to securely access Workspace Portal/Identity Manager using BIG-IP Access Policy Manager (APM), which includes proxying Citrix XenApp, Horizon, and Web Application resources. WorkspaceOne/Identity Manager 2.6 Update: When changing the FQDN of VMware Identity Manager there is an additional (and new) stepthat needs to be done.After changing the FQDN, log back into the Workspace One Admin UI using a local account and clickCatalog --> Settings. Next, selectNew End User Portal UIand clickEnable New Portal UI. Once completed, log out and you should now be able to login using a domain account.The Road to F5 Certification
Over the last 4 months, the DevCentral team has been preparing for the F5 Certification exam. We’ve met a number of times for group study and for each session, we reviewed a particular section of the Exam 101 - Application Delivery Fundamentals Study Guide. We prepared and presented a certain topic and had open discussions about particular use cases, customer scenarios and even played some guessing games as to what might be asked on the exam for that section. Now the time has come to take the test. Since the DevCentral team will be at Agility 2016 in Chicago this year, we decided to take advantage of the Certification Team’s mobile testing center. While you can certainly go to one of Pearson Vue’s test centers, the Certification Team will be on hand at F5 Agility to administer their various exams for those looking to get F5 Certified. It’s a pretty cool set up – almost like a band on a mini regional tour. They’ll have everything you need to take the test. I gotta tell you, I’m a little nervous. I’m sure I’ll be able to nail sections 2-5 since those are the areas I’ve focused on for the past decade…it’s the first part, OSI, that I’m a little weary. Not that I don’t know my 7 layers – All People Seem To Need Data Processing – but maybe some of nuances or lack of recent real world subnetting that concerns me. I’ll use this last month before the exam to keep prepping to make sure I don’t embarrass myself. But let's look at the stats. Recently Ken Salchow, F5’s Sr. Manager Professional Certifications, has posted some interesting statistics about the program, particularly pass rates and certification by region. Ken notes about the pass rate graph, ‘I am also often asked about exam pass rates ... which is not an easy thing to really post. Below is a graph that shows ALL TIME pass rates by exam. It is important to note that these pass rates encompass thousands of exams and even different versions of exams. As such, take these with a grain of salt and realize that if I did a 12-month average, 24-month average and last month average, they would all differ from the below. Oh ... and have I mentioned how much I distrust data coming from our candidate management system?? Yeah ... so ... you've been warned.’ And the graph: So there's a 70% pass rate on the 101. Fairly decent. Ken also posted another chart which shows the breakdown of certification by region as a percentage of the whole. Nice mix of global certifications. We - the DevCentral team - will take some pictures and let you know how we did. If you are at Agility and taking a Certification exam this year, let's compare notes for the final wrap. Pass or Fail. My energy says, 'Success!' ps Related: Jumping on the Rails of the Technical Train Let the Training Begin! .
F5 Access Policy Manager and Firefox Browser version 43 and 47+
Firefox Browser version 43 has new plug-in signing requirements. F5 will be providing Engineering Hotfixes for BIG-IP versions 12.0.0, 11.6.0, and 11.5.3, which will include a F5 Access Policy Manager plug-in signed by Firefox for Microsoft Windows and Linux platforms. With F5 officially supporting Firefox version 34, this is a “best efforts” approach to alleviate any disruptions brought about by Firefox version 43 and the upcoming Firefox version 44, related to plug-in signing requirements (Feature Enhancement ID:564253). If issues are uncovered with versions of Firefox greater than version 34 after installing the appropriate Engineering Hotfix, it is recommended that users be guided to use Microsoft Internet Explorer on Windows, and Safari on Mac, as detailed in thisDevCentral post. Another option is to use BIG-IP Edge Client for these two platforms. For Linux, there is a CLI client available for network access. These Engineering Hotfix releases are short-term fixes. A more permanent solution will be available in an upcoming release of BIG-IP; specifics will also be available in the aforementioned DevCentral post. We will make the Engineering hotfixes available for customers who create a support case with F5 Support. This Engineering Hotfix should be good for up to Firefox 46 and F5 will need to have Mozilla sign the plug-in again for Firefox 47+. This is just how Firefox plug-in signing works currently. January 7, 2016 Update: While we (F5) is making progress in getting the Engineering hotfixes out, we are currently working through some issues seen with the Mozzilla add-on submission tool. Once that is resolved, then we expect to be able to provide an ETA for the Engineering Hotifxes. F5 is working on this with urgency. January 8, 2016 Update: We (F5) have the issue with the Mozilla add-on tools resolved, so we can provide a target ETA of January 15, 2016 (Friday) to provide Engineering Hotfixes for the 3 versions of BIG-IP we had mentioned on this post. January 14, 2016 Update: We have run into a few issues that need to be addressed so we will need a few more days to have the Engineering Hotfixes available. Again,F5 is working on this with urgency. January 21, 2016 Update: We have an Engineering Hotfix for BIG-IP 11.6.0, based on BIG-IP 11.6.0 Hotfix 6 now. Again to get it, customers should create a support case with F5 Support. We are still planning to provide an Engineering Hotfix forBIG-IP 12.0.0 and 11.5.3 soon. January 25, 2016 Update: We have an Engineering Hotfix for BIG-IP 12.0.0 based on BIG-IP 12.0.0 Hotfix 1 now. Again to get it, customers should create a support case with F5 Support. We are still planning to provide an Engineering Hotfix forBIG-IP 11.5.3 soon. January 26, 2016 Update: We have an Engineering Hotfix for BIG-IP 11.5.3 based on BIG-IP 11.5.3 Hotfix 2. Customers should create a support case with F5 Support. F5 will target to release Engineering Hotfixes before Firefox 47 is available. May 9, 2016 Update: F5 is currently working on Engineering Hotfixes for the various BIG-IP for Firefox 47+ that would work for all Firefox versions (even Firefox 46 and earlier). Mozilla is allowing for plug-in signing for all (*) versions of Firefox again. We do not have the releases ready for customers yet but expect to have it shortly. Once they are available, we will announce it here and also provide it initially to F5 Support and thus customers can get it via a Support ticket. Shortly after it is available via F5 Support, we will provide it on https://downloads.f5.com. May 16, 2016 Update: F5 has Engineering Hotfixes for 11.5.4 HF1 and 11.6.0 HF6 available. These should work with all versions* of Firefox (including Firefox 47 Beta builds). For now, customers should create a support ticket with F5 Support to get the Engineering Hotfixes. We will provide it on https://downloads.f5.com shortly and we are also working on Engineering Hotfixes for12.0.0 HF2 and 11.6.1. May 21, 2016 Update: F5 has Engineering Hotfix for 12.0.0 HF2 available. These should work with all versions* of Firefox (including Firefox 47 Beta builds). For now, customers should create a support ticket with F5 Support to get the Engineering Hotfixes. We will provide it on https://downloads.f5.com shortly and we are also working on Engineering Hotfixes for11.6.1 and 12.1.0. May 31, 2016 Update:F5 has Engineering Hotfix for 11.6.1 available. For now, customers should create a support ticket with F5 Support to get the Engineering Hotfixes. *These Engineering Hotfixes should work on all versions of Firefox, including 47+, until Firefox removes its NPAPI support. To address that we have another DevCentral post: here:https://devcentral.f5.com/s/articles/addressing-security-loopholes-of-third-party-browser-plug-insManaging Horizon Traffic across Multiple Data Centers with BIG-IP DNS
In a typical single data center environment, VMware Horizon virtual desktop clients typically use a fully qualified domain name (FQDN) when accessing desktop and application resources. More and more customers are distributing their Horizon application and desktop infrastructure to distribute across multiple physical/logical data centers. Some of the business and technical reasons may include disaster recovery, system resiliency, and elastic desktop/application capacity. How are these multi-data center implementations of Horizon accessed? One common scenario is to provide a specific domain name to users either based on a user’s geographical location (for example, https://europe.example.com) or a user’s business unit (for example, https://finance.example.com). If the user has an ability to access resources from multiple data centers, the user’s overall experience might be sub-optimal if the end user is not being connected to the most appropriate, optimal data center. By deploying BIG-IP DNS (formerly Global Traffic Manager) with Horizon View, a single namespace (for example, https://desktop.example.com) can be provided to all end users - one URL to remember. BIG-IP DNS and BIG-IP Local Traffic Manager (LTM) also work together to ensure that requests are intelligently routed to a preferred data center, regardless of the user’s current location. In this example, users leverage a single namespace (view-apoc.bd.f5.com). They will initially connect to BIG-IP DNS (GTM). BIG-IP DNS will make a routing decision (based on availability, topology, connection, etc.) and then send the user to a specific data center. The user will then login with the Horizon View client and access their desktop/applications. If a data center is inaccessible, new users are automatically routed to the available data center; existing users will be disconnected and then reconnect to the live data center. Taking advantage of these key BIG-IP modules (BIG-IP DNS and LTM) empowers IT staff to integrate multiple VMware Horizon pods or physical sites for source desktops, all without disrupting users. By enabling users to reconnect to their existing persistent desktop source when required and providing a dynamic and agile infrastructure that can adapt to planned and unplanned events, the BIG-IP system becomes key to successful VMware Horizon deployments. We've developed a step-by-step guide for implementing BIG-IP DNS across two (or more) data centers using BIG-IP DNS and BIG-IP Local Traffic Manager, which you can download here . You can also do a walk through of this very setup in the VMware Hands-On-Lab (Look for HOL-MBL-1659) by clicking on the following link - http://labs.hol.vmware.com/HOL/catalogs/lab/2078.Implementing PCoIP Proxy as a Security Server or Access Point Alternative
VMware’s Horizon Security Server and Access Point provides secure access to sessions over an unsecured WAN and/or Internet connection. Typically, the Security Server/Access Point is placed within an organization’s DMZ and proxies connections to internal Horizon desktop and application resources. F5 BIG-IP Access Policy Manager (APM) provides an alternative method for secure access to Horizon desktop and application resources by simplifying your VMware Horizon with View architecture, improving security, and increasing scalability. Harden Security and Increase Scalability F5 BIG-IP Access Policy Manager is the industry’s first Application Delivery Networking solution that brings full PCoIP proxy capabilities—certified by Teradici—to the market. This permits IT administrators to replace the View Security Server with a more secure and highly scalable solution in support of their end-user computing deployments. BIG-IP APM is an ICSA Labs–certified flexible, high-performance access and security solution that provides unified global access to your applications and network. BIG-IP APM converges and consolidates remote access, LAN access, and wireless connections within a single management interface and provides easy-to-manage access policies. These capabilities help you free up valuable IT resources and scale cost-effectively. Simplifying Your Horizon Architecture Because BIG-IP APM removes the pairing dependency between Security Servers and Connection Servers, the overall architecture can not only be simplified, but a higher level of scalability can be achieved. In addition to BIG-IP APM, F5 BIG-IP Local Traffic Manager (LTM) can provide intelligent traffic management and load balancing to the Connection Servers. The reduction in the overall number of components that need to be managed results in increased productivity for IT administrators, which is especially critical for multi-site or multi-pod VMware Horizon deployments. Traffic Flow The diagram outlines the traffic flow of an external Horizon Client connection when using the BIG-IP Access Policy Manager (APM) Module as a Security Server/Access Point alternative: Device connects in from the untrusted network. Connection to APM made over HTTPS using the client or the F5 APM WebTop Portal. User logs in. APM processes the authentication (single/multi-factor) to AD and/or other authentication source (LDAPS/RADIUS, etc.) Once user is validated, APM sends a request to the load balanced pool of Connection Servers to get a list of authorized applications and desktops using HTTPS or HTTP. The user is then presented with the list of available and authorized desktops and applications. User selects the application or desktop to launch. Request then sent from client and proxied to View Connection Server via HTTPS – client receives desktop and/or application source machine info (including the public/client facing IP address if using NAT). Client establishes a connection to the virtual desktop or RDS application server to the APM via PCoIP, or HTML 5 (using HTML Access) using HTTPS . The APM proxies this connection back to the virtual desktop or RDS application server. We've developed a step-by-step guide for implementing PCoIP Proxy, which you can download here. You can also do a walk through of this very setup in the VMware Hands-On-Lab (Look for HOL-MBL-1659) by clicking on the following link - http://labs.hol.vmware.com/HOL/catalogs/lab/2078.
