EUC

1. VMware NSX AVI Loadbalancer Integration with VMware Horizon

To deploy AVI LoadBalancer, there are two main components involved:

AVI Controller:
The Avi Controller is a centralized brain that spans data centers and clouds. The Avi Controller has full visibility across the environments and automates the deployment and management of the load balancing endpoints, which we call Service Engines.
We need one AVI Controller to manage the Service Engine across the site if all the network configurations are in-place. In Our Lab, Avi Controller is pre-deployed in Site-2 which will manage both the Service Engines

Service Engine:
Service Engine is a Load Balancer Component which runs on each datacenter. Service Engine(SE) is managed by AVI Controller. In the lab we will see how SEs are configured as a Load Balancer to full-fill the request from Applications.
In Our case Applications are UAGs across both Site-1 and Site-2

Configure Backend server groups

Part 1 - AVI Integration with UAG Servers Site-1

Section 1 - AVI Integration with UAG Servers in Site1

FQDN	Entity Description	Real IP
uag-hzn-avi01.euc-livefire.com	FQDN of Avi LB VIP Site-1	172.16.20.100
uag-hzn-01a.euc-livefire.com	FQDN of UAG server 1 on site 1	172.16.20.10
uag-hzn-01b.euc-livefire.com	FQDN of uag server 2 on site 1	172.16.20.11

On your ControlCenter Server
- Open your Chrome Browser for Site-1
  - In the Address bar, Enter and browse to avicontroller.euc-livefire.com
    - In the Your Connection is not private window
      - Select Advanced
      - Select Proceed to avicontroller.euc-livefire.com

In the VMware NSX ALB (Avi) page
- Under Username, enter admin and VMware1!VMware1! as the password

From the NSX-ALB console,
- Navigate to Templates > Groups.
  - Select IP Groups
- In the IP Groups area
  - Select CREATE

In the NEW IP Group: window
- In the General area
  - Under Name*
    - Type UAG Servers-Site-1
- Under IP Addresses area
  - Select ADD

In the IP Addresses (1) area
- Under IP Address
  - In the Enter IP Address area
    - Type 172.16.20.10

In the IP Addresses (1) area
- Select ADD

In the IP Addresses (2) area
- Under IP Address
  - In the Enter IP Address area
    - Type 172.16.20.11

In the IP Addresses (2) area
- In the bottom right hand corner
  - Select Save

Verify Custom Health Monitor Profile

Part 2: Verify Custom Health Monitor Profile

The next step is to validate the custom Health Monitor Profile.
Note:- This is pre-created

From the NSX-ALB console,
- Navigate to Templates > Profiles
  - Under Profiles
    - Select Health Monitors > Horizon-HTTPS
    - Click on the pencil icon to the right of Horizon-HTTPS

On the New Health Monitor page,
- Validate the following configuration
- Name: Horizon-HTTPS
- Type : HTTPS
- Send Interval 30
- Receive Timeout 10

On the Edit Health Monitor: Horizon-HTTPS page,
- Scroll down to the HTTPS Settings section
- Under Client Request Header: GET /favicon.ico HTTP/1.0

On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Response Code*
  - Response Code* : 2XX
  - Next to SSL Attributes: Checkbox is selected
  - SSL Profile* : System-Standard.

On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Maintenance Response Code*
- Maintenance Response Code :503
- Close the Edit Health Monitor: Horizon-HTTPS
- Do Not make any changes

We will now create L7 Pools for Site-1

Part 3: Creating Layer 7 Pools For Site-1

From the NSX-ALB console
- Navigate to Applications > Pools.

In the Pools area
- To the right of the pane
  - Select CREATE POOL

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- Step 1: Settings
  - Enter the required information:
    - Under Name*:
      - Type Horizon-L7-Pool-Site-1
    - Under Default Server Port
      - Type 443
    - Under Load Balance Algorithm:
      - From the drop down
        
        Select Consistent Hash
        
        with Source IP Address as the hash key.

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- In the Health Monitor tab
  1. Make sure the checkbox next to:
    - Enable Passive Health Monitor is checked
  2. Select ADD.
    - Above + Add Active Monitor.
      - From the dropdown,
        
        select is Horizon-HTTPS
        
        This is the health monitor that you validated earlier

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- To the right of the Health Monitors area
  - Scroll Down
    - below Append Port To Host Name
      - next to Never
        
        select the radio button

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- Scroll down
  - below the SSL section
    - under SSL Profile
      - select System-Standard.
  - next to the Enable TLS SNI
    - ensure this box is Checked
    - Leave all the remaining settings as defaults

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- In the top of the interface
  - select the Servers tab
    - under Servers
      - next to IP Group
        
        ensure the radio button is select

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- Servers tab
  - IP Group area
    - From the dropdown,
      - select UAG Servers-Site-1
        
        You created this earlier
  - Leave all the other settings as default

In the CREATE POOL: Horizon-L7-Pool-Site-1 window,
- In the bottom right corner

select SAVE

Creating the UAG L4 Pool For Site-1

Part 4: Creating Layer 4 Pools For Site-1

In the NSX-ALB admin console
- In the Applications > Pools area
  - Select CREATE POOL

In the CREATE POOL: window
- General tab
  - Enter the following under:-
    - Under Name*
      - type: Horizon-L4-Pool-Site-1
    - Under Default Server Port
      - Type: 443
    - Under Load Balance Algorithm:
      - Select Consistent Hash
        
        with Source IP Address as the Type
  - select the Health Monitor tab

In the CREATE POOL: window
- Health Monitor tab
  - enable the following under:-
    - ensure Enable Passive Health Monitor is checked
- under Health Monitors
  - select ADD

In the CREATE POOL: window
- General tab
  - under Health Monitors
  - from the dropdown.
    - select Horizon-HTTPS

In the CREATE POOL: window
- Health Monitor tab
  - Just above the Health Monitor section
    - below Append Port To Host Name:
      - next to Never
        
        select the Radio button

In the CREATE POOL: window
- select the Servers tab
  - under Select Servers By
    - select the IP Group radio button

In the CREATE POOL: window
- Servers tab
  - below Select Servers By
    - from the dropdown
      - select UAG Servers-Site-1
  - leave all the rest of the settings default

In the CREATE POOL: window
- bottom right corner
  - Select SAVE

Validate the SSL certificate Required for L7 VIP is pre-configured

Part 5: Verify SSL Certificate required for Layer 7 VIP is present.

From the NSX-ALB Admin console
- Navigate to Templates > Security > SSL/TLS Certificates

In the SSL/TLS Certificate Window
- Verify the HZNCert2023 shows status green

Validating that Connection Multiplexing is disabled

Part 6: Validating that Connection Multiplexing is disabled

In the NSX-ALB console
- Navigate to Templates > Profiles> Application
  - In the Application area
    - select System-Secure-HTTP-VDI.
    - To the right of System-Secure-HTTP-VDI
      - Select the edit icon.

In Edit Application Profile: System-Secure-HTTP-VDI window
- Ensure the checkbox next to Connection Multiplexing is NOT selected
- Select Cancel
  - to close the Edit Application Profile: System-Secure-HTTP-VDI window

Creating the L7 Virtual Service for Site-1

Part 7: Creating the Layer 7 Virtual Service for Site-1

In the NSX-ALB Console
- Navigate to Applications > Virtual Services

In the Virtual Services area
- To the top right, select CREATE VIRTUAL SERVICE
  - Select Advanced Setup.

In the New Virtual Service wizard
- Step 1: Settings area
  - enter the following under:
    - Name*
      - type Horizon-UAG-L7-Site-1
    - VS VIP *
      - select the dropdown,
        
        notice a Create VS VIP Green box appears

In the New Virtual Service wizard
- Step 1: Settings area
  - In the VIP Address area
    - select Create VS VIP

In the Create VS VIP: page
- In the General tab,
  - under Name
    - type: VIP-Horizon-UAG-Site1
  - Select ADD

In the Edit VIP: 1 page
- Under IPv4 Address*
  - type 172.16.20.100
  - Select SAVE

In the Create VS VIP: VIP-Horizon-UAG-Site1 window
- Select SAVE

In the New Virtual Service wizard
- Step 1: Settings area
  - Scroll down to the Service Port area
    - under Services
      - Enable the checkbox next to SSL

In the New Virtual Service wizard
- Step 1: Settings area
  - In the Profiles sub-area
    - Below Application Profile*:
      - From the dropdown
        
        Select System-Secure-HTTP-VDI
    - Below Error Page Profile:
      - From the dropdown
        
        Select Custom-Error-Page-Profile

In the New Virtual Service wizard
- Step 1: Settings area
  - In the *Pool* sub-area
    - Under Pool
      - Select the dropdown
        
        Select: Horizon-L7-Pool-Site-1
  - In the *SSL Settings* sub-area
    - Under SSL Profile*
      - Select the dropdown
        
        Select: System-Standard
    - Under SSL Certificate:
      - Select the dropdown
        
        Select HZNcert2023
        
        Remove the System-Default-Cert
      - Leave all other settings as default
- In the bottom right corner
  - Select Next

In the New Virtual Service wizard
- Step 2: Policies area
  - (Leave everything as default)
- Select Next

In the New Virtual Service wizard
- Step 3: Analytics area
  - (Leave everything as default)
  - Select Next
- Step 4: Advanced tab,
  - (Leave everything as default)
  - Select Save

In the New Virtual Service wizard
- Step 4: Advanced area
  - (Leave everything as default)
- Select Save

Creating L4 Virtual Service for Site-1

Part 8: Creating the Layer 4 Virtual Service for Site-1

From the NSX-ALB admin console
- Navigate to Applications > Virtual Services

In the Virtual Services window
- In the top right corner,
  - Select CREATE VIRTUAL SERVICE
  - Select Advanced Setup.

In the New Virtual Service wizard
- Step 1: Settings area
  - configure the following under:
    - Name*
      - type Horizon-UAG-L4-Site-1
    - VS VIP *
      - select the dropdown,
        
        select VIP-Horizon-UAG-Site1

In the New Virtual Service wizard
- Step 1: Settings area
  - *Profiles* sub area
    - Under Application Profile*
      - from the dropdown
        
        Select: System-L4-Application

In the New Virtual Service wizard
- Step 1: Settings area
  - *Service Port* sub area
    - Select Switch to Advanced.

In the New Virtual Service wizard
- Step 1: Settings area
  - *Service Port* sub area
    - Under Services
      - Replace port 80 with port 443
        
        Port Min and Port Max areas to 443
    - Select the Checkbox next to Override TCP/UDP

In the New Virtual Service wizard
- Step 1: Settings area
  - Below the checkbox enabled Override TCP/UDP
    - Select the dropdown
      - Select System-UDP-Fast-Path-VDI
    - Select + Add Port

In the New Virtual Service wizard
- Step 1: Settings: continued
  - Type 8443 in Port Min and 8443 to Port Max
    - Note: You will notice Port Max will change automatically to 8443.
- Uncheck Override TCP/UDP box if selected
- Select + Add Port again.
- Type 8443 in Port Min and 8443 to Port Max
- Check the box Override TCP/UDP
- Under Select Dropdown
  - Select System-UDP-Fast-Path-VDI
    - Note: Ensure all the Service Port details matches as per the screenshot above.
- Select + Add Port again

In the New Virtual Service wizard
- Step 1: Settings: continued
  - Type 4172 in Port Min and 4172 to Port Max
    - Uncheck Override TCP/UDP box if selected.
- Select + Add Port again
  - Type 4172 in Port Min and 4172 to Port Max
    - Check the box Override TCP/UDP
      - Under Select Dropdown
      - Select System-UDP-Fast-Path-VDI
- Note: Ensure all the Service Port details matches as per the screenshot above.

In the New Virtual Service wizard
- Step 1: Settings area
  - To the right of *Service Port*
    - You will see the *Pool* area
      - Under Pool
        
        From the dropdown
        
        Select Horizon-L4-Pool-Site-1
  - Select Next

In the New Virtual Service wizard
- Step 2: Policies area
  - Leave everything as default
- Select Next

In the New Virtual Service wizard
- Step 3: Analytics area
  - Leave everything as default
- Select Next

In the New Virtual Service wizard
- Step 4: Advanced area
  - Leave everything as default
- Select Save

In the NSX-ALB admin console
- Select Applications
  - Select Virtual Services
- In the right pane your configurations should look like the image above.

Testing LTM Configuration for both Site1 and Site2

Part 9: Configuring the Unified Access Gateway for Site 1

Section 1. Configuring UAG-HZN-01a for AVI Integration

On your ControlCenter Server
- Open your Chrome Browser for Site-1
- In the Address bar, browse to https://uag-hzn-01a.euc-livefire.com:9443/admin/index.html
- Login username: admin
- Login password: VMware1!

In the UAG Admin Console
- Under Configure Manually
  - Click Select

In the UAG Admin Console
- Scroll back-up to General Settings
  - Next to Edge Service Settings,
    - Move the TOGGLE to the right
  - Next to Horizon Settings
    - Select the GEAR icon

Next to Host Port Redirect Mappings,
- In the Source Host Port area
  - enter uag-hzn-avi01.euc-livefire.com
- In the Redirect Host Port area
  - enter uag-hzn-01a.euc-livefire.com
- Once the Host Redirect Mappings are filled,
  - click on + symbol to add the entries.
    - Note: It should match the screenshot above
- To Close the Horizon settings page
  - Select Save

Section 2: Configuring UAG-HZN-01B in Site1 for AVI Integration

Section 2. Configuring UAG-HZN-01B for AVI Integration

On your ControlCenter Server
- Open your Chrome Browser for Site-1
- In the Address bar, browse to https://uag-hzn-01b.euc-livefire.com:9443/admin/index.html
- Login username: admin
- Login password: VMware1!

In the UAG Admin Console
- Under Configure Manually
  - Click Select

In the UAG Admin Console
- In the General Settings area
  - Next to Edge Service Settings,
    - Move the TOGGLE to the right
  - Next to Horizon Settings
    - Select the GEAR icon

Next to Host Redirect Mappings,
- In the Source Host Port area
  - enter uag-hzn-avi01.euc-livefire.com
- In the Redirect Host Port area
  - enter uag-hzn-01b.euc-livefire.com
- Once the Host Redirect Mappings are filled,
  - click on (+) symbol to add the entries.
    - Note: It should match the screenshot above
- To Close the Horizon settings page
  - Select Save

Part 10: Testing LTM Configuration

Part 9 Section 1: Testing Site1 LTM

On your ControlCenter server
- On the Desktop
  - Open the Remote Desktops Folder
    - Open Site1
      - Launch W11Client-01a.rdp
      - Login as craig
        
        With the password VMware1!

In W11Client-01a
- Open Horizon Client from desktop
  - In the Horizon Client,
  - Click on Add Server Button
    - In the Name of the Connection Sever textbox,
      - Type
        
        uag-hzn-avi01.euc-livefire.com
        
        Click Connect

In the Horizon Client textbox
- Username
  - craig
- Password
  - VMware1!
- Click login

In the Horizon Client
- Double Click BLRW10 Pool
  - You will be presented with the desktop
  - This validates our testing and configuration

Part 9 Section 2: Testing Site2 LTM

On your ControlCenter server
- On the Desktop
  - Open the Remote Desktops Folder
    - Open Site 2
      - Launch W11Client-02a.RDP
      - Login as jackie
        
        With the password VMware1!

In W11Client-02a
- Open Horizon Client from desktop
  - In the Horizon Client,
  - Click on Add Server Button
    - In the Name of the Connection Sever textbox,
      - Type
        
        uag-hzn-avi02.euc-livefire.com
        
        Click Connect

In the Horizon Client textbox
- Username
  - jackie
- Password
  - VMware1!
- Click login

In the Horizon Client
- Double Click SEAW11 Pool
  - You will be presented with the desktop
  - This validates our testing and configuration

Once the testing complete, this brings to the end of LTM configuration. Move to the next lab of GSLB configuration lab

EUC

1. VMware NSX AVI Loadbalancer Integration with VMware Horizon

0 Comments

Add your comment

Topics

Last Updated