1. VMware NSX AVI Loadbalancer Integration with VMware Horizon
To deploy AVI LoadBalancer, there are two main components involved:
AVI Controller:
The Avi Controller is a centralized brain that spans data centers and clouds. The Avi Controller has full visibility across the environments and automates the deployment and management of the load balancing endpoints, which we call Service Engines.
We need one AVI Controller to manage the Service Engine across the site if all the network configurations are in-place. In Our Lab, Avi Controller is pre-deployed in Site-2 which will manage both the Service Engines
Service Engine:
Service Engine is a Load Balancer Component which runs on each datacenter. Service Engine(SE) is managed by AVI Controller. In the lab we will see how SEs are configured as a Load Balancer to full-fill the request from Applications.
In Our case Applications are UAGs across both Site-1 and Site-2
Configure Backend server groups
Section 1 - AVI Integration with UAG Servers in Site1
FQDN | Entity Description |
Real IP |
---|---|---|
uag-hzn-avi01.euc-livefire.com | FQDN of Avi LB VIP Site-1 | 172.16.20.100 |
uag-hzn-01a.euc-livefire.com |
FQDN of UAG server 1 on site 1 |
172.16.20.10 |
uag-hzn-01b.euc-livefire.com |
FQDN of uag server 2 on site 1 |
172.16.20.11 |
- On your ControlCenter Server
-
Open your Chrome Browser for Site-1
- In the Address bar, Enter and browse to avicontroller.euc-livefire.com
- In the Your Connection is not private window
- Select Advanced
- Select Proceed to avicontroller.euc-livefire.com
- In the Your Connection is not private window
- In the Address bar, Enter and browse to avicontroller.euc-livefire.com
-
Open your Chrome Browser for Site-1
- In the VMware NSX ALB (Avi) page
- Under Username, enter admin and VMware1!VMware1! as the password
- From the NSX-ALB console,
- Navigate to Templates > Groups.
- Select IP Groups
- In the IP Groups area
- Select CREATE
- Navigate to Templates > Groups.
- In the NEW IP Group: window
- In the General area
- Under Name*
- Type UAG Servers-Site-1
- Under Name*
- Under IP Addresses area
- Select ADD
- In the General area
- In the IP Addresses (1) area
- Under IP Address
- In the Enter IP Address area
- Type 172.16.20.10
- In the Enter IP Address area
- Under IP Address
- In the IP Addresses (1) area
- Select ADD
- In the IP Addresses (2) area
- Under IP Address
- In the Enter IP Address area
- Type 172.16.20.11
- In the Enter IP Address area
- Under IP Address
- In the IP Addresses (2) area
- In the bottom right hand corner
- Select Save
- In the bottom right hand corner
Verify Custom Health Monitor Profile
The next step is to validate the custom Health Monitor Profile.
Note:- This is pre-created
- From the NSX-ALB console,
- Navigate to Templates > Profiles
- Under Profiles
- Select Health Monitors > Horizon-HTTPS
- Click on the pencil icon to the right of Horizon-HTTPS
- Under Profiles
- Navigate to Templates > Profiles
- On the New Health Monitor page,
- Validate the following configuration
- Name: Horizon-HTTPS
- Type : HTTPS
- Send Interval 30
- Receive Timeout 10
- On the Edit Health Monitor: Horizon-HTTPS page,
- Scroll down to the HTTPS Settings section
- Under Client Request Header: GET /favicon.ico HTTP/1.0
- On the New Health Monitor: Horizon-HTTPS page,
-
Scroll down until you locate Response Code*
- Response Code* : 2XX
- Next to SSL Attributes: Checkbox is selected
- SSL Profile* : System-Standard.
-
Scroll down until you locate Response Code*
- On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Maintenance Response Code*
- Maintenance Response Code :503
- Close the Edit Health Monitor: Horizon-HTTPS
- Do Not make any changes
We will now create L7 Pools for Site-1
- From the NSX-ALB console
- Navigate to Applications > Pools.
- In the Pools area
- To the right of the pane
- Select CREATE POOL
- To the right of the pane
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
-
Step 1: Settings
- Enter the required information:
- Under Name*:
- Type Horizon-L7-Pool-Site-1
- Under Default Server Port
- Type 443
- Under Load Balance Algorithm:
- From the drop down
- Select Consistent Hash
- with Source IP Address as the hash key.
- Select Consistent Hash
- From the drop down
- Under Name*:
- Enter the required information:
-
Step 1: Settings
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- In the Health Monitor tab
- Make sure the checkbox next to:
- Enable Passive Health Monitor is checked
- Select ADD.
- Above + Add Active Monitor.
- From the dropdown,
- select is Horizon-HTTPS
- This is the health monitor that you validated earlier
- From the dropdown,
- Above + Add Active Monitor.
- Make sure the checkbox next to:
- In the Health Monitor tab
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- To the right of the Health Monitors area
-
Scroll Down
-
below Append Port To Host Name
-
next to Never
- select the radio button
-
next to Never
-
below Append Port To Host Name
-
Scroll Down
- To the right of the Health Monitors area
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
-
Scroll down
- below the SSL section
- under SSL Profile
- select System-Standard.
- under SSL Profile
- next to the Enable TLS SNI
- ensure this box is Checked
- Leave all the remaining settings as defaults
- below the SSL section
-
Scroll down
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
-
In the top of the interface
- select the Servers tab
- under Servers
- next to IP Group
- ensure the radio button is select
- next to IP Group
- under Servers
- select the Servers tab
-
In the top of the interface
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
-
Servers tab
-
IP Group area
- From the dropdown,
- select UAG Servers-Site-1
- You created this earlier
- select UAG Servers-Site-1
- From the dropdown,
- Leave all the other settings as default
-
IP Group area
-
Servers tab
- In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- In the bottom right corner
- select SAVE
Creating the UAG L4 Pool For Site-1
- In the NSX-ALB admin console
- In the Applications > Pools area
- Select CREATE POOL
- In the Applications > Pools area
- In the CREATE POOL: window
-
General tab
- Enter the following under:-
- Under Name*
- type: Horizon-L4-Pool-Site-1
- Under Default Server Port
- Type: 443
- Under Load Balance Algorithm:
- Select Consistent Hash
- with Source IP Address as the Type
- Select Consistent Hash
- Under Name*
- select the Health Monitor tab
- Enter the following under:-
-
General tab
- In the CREATE POOL: window
-
Health Monitor tab
- enable the following under:-
- ensure Enable Passive Health Monitor is checked
- enable the following under:-
- under Health Monitors
- select ADD
-
Health Monitor tab
- In the CREATE POOL: window
-
General tab
- under Health Monitors
- from the dropdown.
- select Horizon-HTTPS
-
General tab
- In the CREATE POOL: window
-
Health Monitor tab
- Just above the Health Monitor section
- below Append Port To Host Name:
- next to Never
- select the Radio button
- next to Never
- below Append Port To Host Name:
- Just above the Health Monitor section
-
Health Monitor tab
- In the CREATE POOL: window
- select the Servers tab
- under Select Servers By
- select the IP Group radio button
- under Select Servers By
- select the Servers tab
- In the CREATE POOL: window
-
Servers tab
- below Select Servers By
- from the dropdown
- select UAG Servers-Site-1
- from the dropdown
- leave all the rest of the settings default
- below Select Servers By
-
Servers tab
- In the CREATE POOL: window
- bottom right corner
- Select SAVE
- bottom right corner
Validate the SSL certificate Required for L7 VIP is pre-configured
- From the NSX-ALB Admin console
- Navigate to Templates > Security > SSL/TLS Certificates
- In the SSL/TLS Certificate Window
- Verify the HZNCert2023 shows status green
Validating that Connection Multiplexing is disabled
- In the NSX-ALB console
- Navigate to Templates > Profiles> Application
- In the Application area
- select System-Secure-HTTP-VDI.
- To the right of System-Secure-HTTP-VDI
- Select the edit icon.
- In the Application area
- Navigate to Templates > Profiles> Application
- In Edit Application Profile: System-Secure-HTTP-VDI window
- Ensure the checkbox next to Connection Multiplexing is NOT selected
-
Select Cancel
- to close the Edit Application Profile: System-Secure-HTTP-VDI window
Creating the L7 Virtual Service for Site-1
- In the NSX-ALB Console
- Navigate to Applications > Virtual Services
- In the Virtual Services area
- To the top right, select CREATE VIRTUAL SERVICE
- Select Advanced Setup.
- To the top right, select CREATE VIRTUAL SERVICE
- In the New Virtual Service wizard
-
Step 1: Settings area
- enter the following under:
-
Name*
- type Horizon-UAG-L7-Site-1
-
VS VIP *
- select the dropdown,
- notice a Create VS VIP Green box appears
- select the dropdown,
-
Name*
- enter the following under:
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the VIP Address area
- select Create VS VIP
- In the VIP Address area
-
Step 1: Settings area
- In the Create VS VIP: page
- In the General tab,
- under Name
- type: VIP-Horizon-UAG-Site1
- Select ADD
- under Name
- In the General tab,
- In the Edit VIP: 1 page
- Under IPv4 Address*
- type 172.16.20.100
- Select SAVE
- Under IPv4 Address*
- In the Create VS VIP: VIP-Horizon-UAG-Site1 window
- Select SAVE
- In the New Virtual Service wizard
-
Step 1: Settings area
-
Scroll down to the Service Port area
- under Services
- Enable the checkbox next to SSL
- under Services
-
Scroll down to the Service Port area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the Profiles sub-area
- Below Application Profile*:
- From the dropdown
- Select System-Secure-HTTP-VDI
- From the dropdown
- Below Error Page Profile:
-
From the dropdown
- Select Custom-Error-Page-Profile
-
From the dropdown
- Below Application Profile*:
- In the Profiles sub-area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the *Pool* sub-area
- Under Pool
- Select the dropdown
- Select: Horizon-L7-Pool-Site-1
- Select the dropdown
- Under Pool
- In the *SSL Settings* sub-area
- Under SSL Profile*
- Select the dropdown
- Select: System-Standard
- Select the dropdown
- Under SSL Certificate:
- Select the dropdown
- Select HZNcert2023
- Remove the System-Default-Cert
- Select HZNcert2023
- Leave all other settings as default
- Select the dropdown
- Under SSL Profile*
- In the *Pool* sub-area
- In the bottom right corner
- Select Next
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 2: Policies area
- (Leave everything as default)
- Select Next
-
Step 2: Policies area
- In the New Virtual Service wizard
-
Step 3: Analytics area
- (Leave everything as default)
- Select Next
-
Step 4: Advanced tab,
- (Leave everything as default)
- Select Save
-
Step 3: Analytics area
- In the New Virtual Service wizard
-
Step 4: Advanced area
- (Leave everything as default)
- Select Save
-
Step 4: Advanced area
Creating L4 Virtual Service for Site-1
- From the NSX-ALB admin console
- Navigate to Applications > Virtual Services
- In the Virtual Services window
- In the top right corner,
- Select CREATE VIRTUAL SERVICE
- Select Advanced Setup.
- In the top right corner,
- In the New Virtual Service wizard
-
Step 1: Settings area
- configure the following under:
-
Name*
- type Horizon-UAG-L4-Site-1
-
VS VIP *
- select the dropdown,
- select VIP-Horizon-UAG-Site1
- select the dropdown,
-
Name*
- configure the following under:
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
-
*Profiles* sub area
- Under Application Profile*
- from the dropdown
- Select: System-L4-Application
- from the dropdown
- Under Application Profile*
-
*Profiles* sub area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
-
*Service Port* sub area
- Select Switch to Advanced.
-
*Service Port* sub area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
-
*Service Port* sub area
- Under Services
- Replace port 80 with port 443
- Port Min and Port Max areas to 443
- Replace port 80 with port 443
- Select the Checkbox next to Override TCP/UDP
- Under Services
-
*Service Port* sub area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- Below the checkbox enabled Override TCP/UDP
- Select the dropdown
- Select System-UDP-Fast-Path-VDI
- Select + Add Port
- Select the dropdown
- Below the checkbox enabled Override TCP/UDP
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings: continued
- Type 8443 in Port Min and 8443 to Port Max
- Note: You will notice Port Max will change automatically to 8443.
- Type 8443 in Port Min and 8443 to Port Max
- Uncheck Override TCP/UDP box if selected
- Select + Add Port again.
- Type 8443 in Port Min and 8443 to Port Max
- Check the box Override TCP/UDP
- Under Select Dropdown
- Select System-UDP-Fast-Path-VDI
- Note: Ensure all the Service Port details matches as per the screenshot above.
- Select System-UDP-Fast-Path-VDI
- Select + Add Port again
-
Step 1: Settings: continued
- In the New Virtual Service wizard
-
Step 1: Settings: continued
- Type 4172 in Port Min and 4172 to Port Max
- Uncheck Override TCP/UDP box if selected.
- Type 4172 in Port Min and 4172 to Port Max
- Select + Add Port again
- Type 4172 in Port Min and 4172 to Port Max
-
Check the box Override TCP/UDP
- Under Select Dropdown
- Select System-UDP-Fast-Path-VDI
-
Check the box Override TCP/UDP
- Type 4172 in Port Min and 4172 to Port Max
- Note: Ensure all the Service Port details matches as per the screenshot above.
-
Step 1: Settings: continued
- In the New Virtual Service wizard
-
Step 1: Settings area
- To the right of *Service Port*
- You will see the *Pool* area
- Under Pool
- From the dropdown
- Select Horizon-L4-Pool-Site-1
- From the dropdown
- Under Pool
- You will see the *Pool* area
- Select Next
- To the right of *Service Port*
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 2: Policies area
- Leave everything as default
- Select Next
-
Step 2: Policies area
- In the New Virtual Service wizard
-
Step 3: Analytics area
- Leave everything as default
- Select Next
-
Step 3: Analytics area
- In the New Virtual Service wizard
-
Step 4: Advanced area
- Leave everything as default
- Select Save
-
Step 4: Advanced area
- In the NSX-ALB admin console
- Select Applications
- Select Virtual Services
- In the right pane your configurations should look like the image above.
- Select Applications
Testing LTM Configuration for both Site1 and Site2
Section 1. Configuring UAG-HZN-01a for AVI Integration
- On your ControlCenter Server
- Open your Chrome Browser for Site-1
- In the Address bar, browse to https://uag-hzn-01a.euc-livefire.com:9443/admin/index.html
- Login username: admin
- Login password: VMware1!
- In the UAG Admin Console
- Under Configure Manually
- Click Select
- Under Configure Manually
- In the UAG Admin Console
-
Scroll back-up to General Settings
- Next to Edge Service Settings,
- Move the TOGGLE to the right
- Next to Horizon Settings
- Select the GEAR icon
- Next to Edge Service Settings,
-
Scroll back-up to General Settings
- Next to Host Port Redirect Mappings,
-
In the Source Host Port area
- enter uag-hzn-avi01.euc-livefire.com
- In the Redirect Host Port area
- enter uag-hzn-01a.euc-livefire.com
-
Once the Host Redirect Mappings are filled,
-
click on + symbol to add the entries.
- Note: It should match the screenshot above
-
click on + symbol to add the entries.
- To Close the Horizon settings page
- Select Save
-
In the Source Host Port area
Section 2: Configuring UAG-HZN-01B in Site1 for AVI Integration
- On your ControlCenter Server
- Open your Chrome Browser for Site-1
- In the Address bar, browse to https://uag-hzn-01b.euc-livefire.com:9443/admin/index.html
- Login username: admin
- Login password: VMware1!
- In the UAG Admin Console
- Under Configure Manually
- Click Select
- Under Configure Manually
- In the UAG Admin Console
- In the General Settings area
- Next to Edge Service Settings,
- Move the TOGGLE to the right
- Next to Horizon Settings
- Select the GEAR icon
- Next to Edge Service Settings,
- In the General Settings area
- Next to Host Redirect Mappings,
-
In the Source Host Port area
- enter uag-hzn-avi01.euc-livefire.com
- In the Redirect Host Port area
- enter uag-hzn-01b.euc-livefire.com
-
Once the Host Redirect Mappings are filled,
-
click on (+) symbol to add the entries.
- Note: It should match the screenshot above
-
click on (+) symbol to add the entries.
- To Close the Horizon settings page
- Select Save
-
In the Source Host Port area
Part 9 Section 1: Testing Site1 LTM
- On your ControlCenter server
- On the Desktop
- Open the Remote Desktops Folder
- Open Site1
- Launch W11Client-01a.rdp
-
Login as craig
- With the password VMware1!
- Open Site1
- Open the Remote Desktops Folder
- On the Desktop
- In W11Client-01a
- Open Horizon Client from desktop
- In the Horizon Client,
- Click on Add Server Button
- In the Name of the Connection Sever textbox,
- Type
-
uag-hzn-avi01.euc-livefire.com
- Click Connect
-
uag-hzn-avi01.euc-livefire.com
- Type
- In the Name of the Connection Sever textbox,
- Open Horizon Client from desktop
- In the Horizon Client textbox
-
Username
- craig
-
Password
- VMware1!
- Click login
-
Username
- In the Horizon Client
- Double Click BLRW10 Pool
- You will be presented with the desktop
- This validates our testing and configuration
- Double Click BLRW10 Pool
Part 9 Section 2: Testing Site2 LTM
- On your ControlCenter server
- On the Desktop
- Open the Remote Desktops Folder
- Open Site 2
- Launch W11Client-02a.RDP
- Login as jackie
- With the password VMware1!
- Open Site 2
- Open the Remote Desktops Folder
- On the Desktop
- In W11Client-02a
- Open Horizon Client from desktop
- In the Horizon Client,
- Click on Add Server Button
- In the Name of the Connection Sever textbox,
- Type
-
uag-hzn-avi02.euc-livefire.com
- Click Connect
-
uag-hzn-avi02.euc-livefire.com
- Type
- In the Name of the Connection Sever textbox,
- Open Horizon Client from desktop
- In the Horizon Client textbox
-
Username
- jackie
-
Password
- VMware1!
- Click login
-
Username
- In the Horizon Client
- Double Click SEAW11 Pool
- You will be presented with the desktop
- This validates our testing and configuration
- Double Click SEAW11 Pool
Once the testing complete, this brings to the end of LTM configuration. Move to the next lab of GSLB configuration lab
0 Comments
Add your comment