horizon_view
2 TopicsLoad Balancing VMware Unified Access Gateway Integration Guide
Hey All, here is the next document in the series for Integration/Deployment guides for F5 with VMware Products. This guide had a lot of requests. I am happy to announce that the next document “Load Balancing VMware Unified Access Gateway” is now available to the public! What is VMware Unified Access Gateway? VMware Unified Access Gateway (UAG), formerly known as VMware Access Point is an appliance that is typically installed in the demilitarized zone (DMZ). UAG is designed to provide safe and secure access to desktop and application resources for remote access. UAG simplifies gateway access and provides tunneled and proxied resources for the following VMware product suites. What does this Integration Guide Detail? This documentation focuses on deploying F5 BIG-IP LTM with VMware Unified Access Gateway (UAG) for a production deployment. When Unified Access Gateway is deployed in a production scenario (n+1) it requires a load balancer sitting in front (for UAG Servers scalability) and behind it (for Connection Server load balancing). The below picture is an example of the implementation detailed in this guide, we will specifically focus on the load balancer sitting in front (for UAG Server scalability). In typical deployment scenarios the Load balancer for the connection server would have already been deployed prior to the deployment of the UAG Servers, this path is recommended so that UAG can leverage the Load balancer in front of the connection servers for the UAG's Configuration/Setup. Here is an example from the document that shows how to setup the advanced monitor we use to identify if a single node within the cluster is online or not. This monitor is an example of how F5 does more than just a simple load balancing monitor. Most simple load balancers just check for the HTTPS header or ICMP (Ping) responses to identify if a node is online. F5 worked together with VMware to identify the best way to identify if a node within a cluster is in maintenance mode (Quiesce Mode) or offline due to other issues. As you can also see we have more than 1 monitor to identify the node is online, if one of either of the monitors fails then the system is taken offline. Both have to be online for the node to be considered "OK". HTTPS – Second Monitor This monitor is used to identify when the UAG Node is in Quiesce Mode (Maintenance) Create a simple HTTPS monitor using the following guidance. On the Main tab, click Local Traffic > Monitors > Create. In the Name field, type a unique name (different from the first). From the Type list, select HTTPS. Ensure the Parent Monitor is https. In the Interval field, type 30. In the Timeout field, type 91. In the Send String field, type (or copy and paste) GET /favicon.ico HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n In the Receive String field, type 200 in the Receive Disable String field, type 503 Leave all other settings at the default and then click Finished. You can now download the updated step-by-step guide for Load Balancing VMware Unified Access Gateway at https://www.f5.com/pdf/solution-center/load-balancing-vmware-unified-access-gateway-servers-deployment-guide.pdf Special Thanks to Mark Benson, and the VMware Unified Access Gateway Server development team for all of their assistance putting this together!3.7KViews0likes2CommentsA 'Horizon' View from Above
Desktop and endpoint device management has long been a challenge for IT. People demand flexibility, multiple access options, and desktop customization, while business groups often require multiple desktop types based on business and/or technical requirements. This sour mash of devices can be a major management headache. Add in support for all the different desktop/laptop needs and desktop management can all but consume IT. VMware User Computing VMware Horizon View—part of VMware’s Horizon Suite of products—alleviates two major management headaches: location and standardization. To solve the location problem, virtual desktop infrastructure (VDI) deployments virtualize user desktops by delivering them to individual clients over the network from a central location. Those desktops are stored and run in the data center, rather than having individual desktop/laptop machines in the field running localized operating systems. This seamless virtualization goes undetected by users. To solve the standardization problem, VMware enables business groups with specific desktop needs to be clustered together in the data center and managed as a unit. For example, when all the Windows machines need a new service pack, it can be installed to the master image in the data center, which is delivered to users the next morning when they log in. Because IT staff no longer have to visit each local system or push software installations down through remote tools, employees aren’t forced to reboot during the business day. In addition to these location and standardization concerns, the user experience is consistently cited by organizations as critical to the success of virtual desktop deployments. Performance has to compare favorably to a conventional desktop while availability and security need to be even greater. F5 offers a variety of solutions to help organizations maximize the success of these critical elements in their View desktop deployments. Together, F5 and VMware have thoroughly tested and documented the benefits of using F5 Application Delivery Networking (ADN) solutions with VMware View to address the needs for secure access, a single namespace, load balancing, server health monitoring, and more. Performance and Scalability The larger the VMware Horizon View deployment, the more View Connection Servers are needed to handle the concurrent desktop connections. VMware Horizon View Optimized Secure Access & Traffic Management by F5 provides valuable load balancing and health monitoring, resulting in higher system availability and greater scalability—and ultimately, a better user experience. Additionally, an F5 iApps Template makes configuration straightforward, simplifying setup by providing the recommended settings and helping to prevent human error. VMware View client connectivity utilizes multiple ports and protocols that must be directed at the same View Connection Server for a successful session. While PC over IP (PCoIP), the View desktop streaming protocol is UDP-based, SSL-encrypted TCP connections are utilized for authentication and USB tunneling. Save capacity on the View Connection Servers by offloading this encryption to an F5 BIG-IP. Enhanced Security and Access Control Ensuring secure remote access is critical to protecting corporate information and often required in certain regulatory situations. To route incoming Horizon View connections to the internal network, a PCoIP proxy is needed in an organization’s DMZ. BIG-IP Access Policy Manager (APM) fulfills this function in a secure and scalable way. Placing BIG-IP APM in the DMZ avoids the need to expose sensitive Windows servers, Active Directory domain-joined servers, or View Connection Servers to the potentially risky DMZ. It also eliminates the requirement for VMware Security Gateway servers in the DMZ. The BIG-IP APM appliance proxies the PCoIP connection, passing it internally to any available Connection Server within the View pod, which then interprets the connection as a normal internal PCoIP session. This provides the scalability benefits of a BIG-IP appliance and gives BIG-IP APM and BIG-IP Local Traffic Manager (LTM) visibility into the PCoIP traffic, enabling more advanced access management decisions. A streamlined iApp Template is also included to ease deployment. This custom iApp presents fewer configuration options than the full iApp for View, which can be used if advanced functions are required. Either iApp yields a configuration that can be modified as needed to address specific business and technical requirements. These new F5 solution options were developed in conjunction with VMware and is easy for organizations to deploy and support. There are certainly advantages of deploying a virtualized desktop solution like VMware Horizon View throughout the enterprise. By deploying the F5 BIG-IP system alongside it, organizations can achieve higher security, availability, and scalability while improving the worker's experience. In addition, new and optimized solutions reduce both the cost and deployment complexity to ensure a BIG-IP ADC becomes a standard View component. ps Related VMware PEX 2014: F5 VMware Technology Alliance – Horizon View (feat Strobel) VMware PEX 2014: Optimized Horizon View Technical Whiteboard (feat Pindell) F5 Reference Architecture for VMware Horizon View New Virtual Editions of F5 BIG-IP® Access Policy Manager® Tailormade for VMWare Horizon View F5 and VMware Strengthen End-User Computing Offerings to Enhance Customers’ Virtual Desktop Infrastructures VMware EUC and F5: There are Three S's In Success(full VDI Deployments) F5 Solutions for VMware Technorati Tags: f5,apm,vdi,horizon_view,view,vmware,euc,pcoip,silva Connect with Peter: Connect with F5:327Views0likes0Comments