APM :: VMware View :: Blast HTML5
I'm trying to get the APM functioning with VMware View Blast client - and I am having quite the time. I have tried the iApp (1.5) but haven't been able to get that to function either. At the moment, I have a manual configuration based-off of the deployment guide. The deployment guide says to create a forwarding virtual server, and the iApp does the same thing. Neither of which seem to be working for me. So with the forwarding VS above created… I can log-in fine, the webtop displays, the RDP link I have works great... the Blast HTML5 link... not so much. If I click on the VMware View desktop shown above, it brings me to the following: The error shown above is thrown-around a lot by View, so it’s hard to say what the real problem is. I’ve seen that error displayed for straight-up communications issues in the past… which I think this is. If I do a tcpdump on the BIG-IP, I can see it trying to connect to 8443, but it cannot connect (SYNs… no SYN/ACKs). 11:27:30.022625 IP x.x.x.10.28862 > x.x.x.252.8443: Flags [S], seq 2246191783, win 4140, options [mss 1380,sackOK,eol], length 0 out slot1/tmm0 lis=/Common/xxxxxxxxxxxxxxxxxxxx-https Source is the floating IP, destination is the VS. I know 8443 is listening on the VMware View server because I can connect to it locally. And I know the VMware View server knows how to get back to the F5 because it populates the webtop with my available desktop(s) shown above. I tried converting the forwarding VS to standard, assigned a pool, etc… and it still did the same thing. SYNs… no SYN/ACKs. What might be telling though is the lis= above. It lists my main virtual server with the APM policy assigned. That makes me think though… Why is it trying to connect to that VS and not the forwarding VS? The forwarding virtual server is a better match no? In any event, yeah if the virtual server isn’t listening on 8443, of course it won’t reply back (my thought-process anyway). So I figure… welp, why not just try an “any” port VS… yeah not so much. If I manually remove the :0 and submit, it loads the same error about the certificate. Nothing shows-up in tcpdump trying to connect to 8443 either - so, a step back. If anybody happen to have any ideas for me, I would be really appreciative. Thanks!APM :: VMware View USB Redirection
I'm trying to get USB redirection working with VMware View 6.1.1, but I am not having any luck (BIG-IP v13.0). I took a look at the deployment guide (https://www.f5.com/pdf/deployment-guides/vmware-horizon-view-dg.pdf) and I noticed that my setup is a little bit different. The deployment guide talks about USB redirect when you're initiating the connection with the Horizon client: ... however I'm using a scenario where the user logs into a webtop, and then they launch the Horizon client from within the webtop (using a VDI/RDP profile that points to the VMware View pool). I have my assignment like so: ... where View USB is the VMware View Policy with USB redirection enabled, and View Assign is the Active Directory Resource Assigment. Is this supposed to work? Am I missing something that you know of? Thanks! -Ryan
Connection Server Options for Horizon View iApp
I have used the iApp to build a VDI solution with the following basic configuration: Yes, deploy APM Yes, support HTML 5 clientless connections SSL bridging One IP defined for untrusted clients A different IP defined for local clients Of course I've also defined the SSL certificate, pool members, FQDN, etc Reading the deployment guide for the View Connection servers (we're not using security servers) under the heading "Modifying your Connection Servers to support HTML 5 clients" it states: Modify the Connection Servers to remove the Use Secure Tunnel connection to desktop and use Blast Secure Gateway for HTML. a. From the View Configuration tab, select Servers, and then click Connection Servers. b. Highlight one of the Connections servers and then click Edit. c. Modify the HTTP External URL and BLAST External URL to match the URL of your SSL certificates. d. Clear the check from Use Blast Secure Gateway for HTML access to desktop. Important: If using a BIG-IP version prior to 12.1 only: Clear the check from Use Secure Tunnel connection to desktop after modifying the External URLs. If using a BIG-IP version 12.1 and later only: If using v12.1 or later, you can leave this box checked if necessary (for example, this box must be checked if using USB redirection). If anyone can help my questions are as follows: 1) Why does it tell you populate the blast gateway and external URL fields only to then clear the checkboxes for thier use? 2) When testing from my internal network why can I only get a successful VDI desktop when the blast gateway field is ticked - going against what the deployment guide states?VDI Access Policy
I've used the Horizon View iApp to secure access to our VDI environment but I have a query regarding the access policy. During the build I said 'no' to SecureID as although I do want 2FA we are using Radius. So now I want to add 2FA auth onto the access policy. For the browser logons this is simple as I added a 3rd password field and used a variable assign to switch the fields as neccessary for either AD or Radius auth. For the client logon page though there does not seem to be an option to add a 3rd password field. My only option is to select from a dropdown whether I want the form to support Windows, RSA, Disclaimer, Radius or Smart Card. I could do the Radius auth, come back to a 2nd logon page for AD credentials, then to AD auth, but as with the browser logon I'd much prefer if this could be done on a single page. Is this possible? As a side note - why on earth does the iApp tempalte only support SecureID as a 2FA method?APM :: VMware View :: PCoIP & UDP/0
Has anybody ran into an issue where the virtual machines reply back with UDP/0? After I log-on and am presented the webtop, I click the VMware View desktop link, I click to launch the VMware View Client, and then the client opens and connects. I'm shown the infamouse black/grey screen, and then it errors-out. If I look at the firewall logs, I see the following: The F5 floating IP connects to the virtual machine on TCP/4172 (for PCoIP I presume) Data is transmitted between the two and it finishes FIN/ACK The virtual machine then attempts an outbound connection to the F5 floating IP from UDP/4172 destined to UDP/0 Of course, the outbound connection-attempt to UDP/0 is dropped by the firewall since it's invalid. Any ideas on what could be causing this? I would anticipate the virtual machine would connect to UDP/4172 and not port 0. Thanks -Ryan
