VMware NSX AVI Loadbalancer Integration with VMware Horizon
To deploy AVI LoadBalancer, there are two main components involved:
AVI Controller:
The Avi Controller is a centralized brain that spans data centers and clouds. The Avi Controller has full visibility across the environments and automates the deployment and management of the load balancing endpoints, which we call Service Engines.
We need one AVI Controller to manage the Service Engine across the site if all the network configurations are in-place. In Our Lab, Avi Controller is pre-deployed in Site-2 which will manage both the Service Engines
Service Engine:
Service Engine is a Load Balancer Component which runs on each datacenter. Service Engine(SE) is managed by AVI Controller. In the lab we will see how SEs are configured as a Load Balancer to full-fill the request from Applications.
In Our case Applications are UAGs across both Site-1 and Site-2
Configure Backend server groups
Section 1 - AVI Integration with UAG Servers in Site1
FQDN | Entity Description |
Real IP |
---|---|---|
uag-hzn-avi01.euc-livefire.com | FQDN of Avi LB VIP Site-1 | 172.16.20.100 |
uag-hzn-01a.euc-livefire.com |
FQDN of UAG server 1 on site 1 |
172.16.20.10 |
uag-hzn-01b.euc-livefire.com |
FQDN of uag server 2 on site 1 |
172.16.20.11 |
- On your ControlCenter Server
-
Open your Chrome Browser for Site-1
- In the Address bar, Enter and browse to avicontroller.euc-livefire.com
- In the Your Connection is not private window
- Select Advanced
- Select Proceed to avicontroller.euc-livefire.com
- In the Your Connection is not private window
- In the Address bar, Enter and browse to avicontroller.euc-livefire.com
-
Open your Chrome Browser for Site-1
- In the VMware NSX ALB (Avi) page
- Under Username, enter admin and VMware1!VMware1! as the password
- In the Default landing page under the Applications tab
- Close the Controller Faults notification
- From the NSX-ALB console,
- Navigate to Templates > Groups.
- Select IP Groups
- In the Groups area
- To the right of the Groups area
- Select CREATE IP GROUP
- To the right of the Groups area
- Navigate to Templates > Groups.
- In the NEW IP Group: window
- In the General area
- Under Name*
- Type UAG Servers-Site-1
- Under Name*
- Under IP Addresses area
- Select ADD
- In the General area
- In the IP Addresses (1) area
- Under IP Address
- In the Enter IP Address area
- Type 172.16.20.10
- In the Enter IP Address area
- Under IP Address
- In the IP Addresses (1) area
- Select ADD
- In the IP Addresses (2) area
- Under IP Address
- In the Enter IP Address area
- Type 172.16.20.11
- In the Enter IP Address area
- Under IP Address
- In the IP Addresses (2) area
- In the bottom right hand corner
- Select Save
- In the bottom right hand corner
Verify Custom Health Monitor Profile
The next step is to validate the custom Health Monitor Profile.
Note:- Part 2 is pre-created. It is for information purposes only.
Do not make or save any changes to the Health Monitor Profile
- From the NSX-ALB console,
- Navigate to Templates > Profiles
- Under Profiles
- Select Health Monitors > Horizon-HTTPS
- Click on the pencil icon to the right of Horizon-HTTPS
- Under Profiles
- Navigate to Templates > Profiles
- On the New Health Monitor page,
- Validate the following configuration
- Name: Horizon-HTTPS
- Type : HTTPS
- Send Interval 30
- Receive Timeout 10
- On the Edit Health Monitor: Horizon-HTTPS page,
- Scroll down to the HTTPS Settings section
- Under Client Request Header: GET /favicon.ico HTTP/1.0
- On the New Health Monitor: Horizon-HTTPS page,
-
Scroll down until you locate Response Code*
- Response Code* : 2XX
- Next to SSL Attributes: Checkbox is selected
- SSL Profile* : System-Standard.
-
Scroll down until you locate Response Code*
- On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Maintenance Response Code*
- Maintenance Response Code :503
- Close the Edit Health Monitor: Horizon-HTTPS
- Do Not make any changes
We will now create L7 Pools for Site-1
- From the NSX-ALB console
- Navigate to Applications > Pools.
- In the Pools area
- To the right of the pane
- Select CREATE POOL
- To the right of the pane
- In the New Pool: Horizon-L7-Pool-Site-1 window,
-
Step 1: Settings
- Enter the required information:
- Under Name*:
- Type Horizon-L7-Pool-Site-1
- Under Default Server Port
- Type 443
- Under Load Balance:
- From the drop down
- Select Consistent Hash
- with Source IP Address as the hash key.
- Select Consistent Hash
- From the drop down
- Under Name*:
- Enter the required information:
-
Step 1: Settings
- In the New Pool: Horizon-L7-Pool-Site-1 window,
-
Step 1: Settings
- In the Health Monitors section
- Make sure the checkbox next to:
- Passive Health Monitor is checked
- Select + Add Active Monitor.
- Above + Add Active Monitor.
- From the dropdown, select is Horizon-HTTPS
- This is the health monitor that you validated earlier
- From the dropdown, select is Horizon-HTTPS
- Above + Add Active Monitor.
- Make sure the checkbox next to:
- In the Health Monitors section
-
Step 1: Settings
- In the New Pool: Horizon-L7-Pool-Site-1 window,
-
Step 1: Settings
- To the right of the Health Monitors area
-
Below Append Port:
-
From the dropdown
- Select Never
-
From the dropdown
-
Below Append Port:
- To the right of the Health Monitors area
-
Step 1: Settings
- In the New Pool: Horizon-L7-Pool-Site-1 window,
- Step 1: Settings
- Select the check box, next to
- Enable SSL
- Select the check box, next to
- Step 1: Settings
- In the New Pool: Horizon-L7-Pool window
-
Step 1: Settings
-
Under SSL Profile*
- From the dropdown
- Select System-Standard.
- From the dropdown
- Ensure TLS SNI box is Checked
- Leave all the remaining settings as defaults
- To the bottom right of the page
-
Under SSL Profile*
- Select Next
-
Step 1: Settings
- In the New Pool: Horizon-L7-Pool-Site-1 window
-
Step 2: Servers
- Under Select Servers
- Select IP Group
- Under Select Servers
-
Step 2: Servers
- In the New Pool: Horizon-L7-Pool-Site-1 window
-
Step 2: Servers
-
IP Group area
- Below the IP Group header
- From the dropdown,
- select UAG Servers-Site-1
- You created this earlier
- select UAG Servers-Site-1
- From the dropdown,
- Below the IP Group header
- Leave all the settings as default
-
IP Group area
- Select Next
-
Step 2: Servers
- In the New Pool: Horizon-L7-Pool-Site-1 window
-
Step 3: Advanced
- Leave everything as Default
- Select Next
-
Step 3: Advanced
- In the New Pool: Horizon-L7-Pool-Site-1 window
- Step 4: Review
- Review your settings
- Select Save
Creating the UAG L4 Pool For Site-1
- In the NSX-ALB admin console
- In the Applications > Pools area
- Select CREATE POOL
- In the Applications > Pools area
- In the New Pool: wizard
-
Step 1: Settings area
- Enter the following under:-
- Under Name*
- type: Horizon-L4-Pool-Site-1
- Under Default Service Port
- Type: 443
- Under Load Balance:
- Select Consistent Hash
- with Source IP Address as the hash key.
- Select Consistent Hash
- Under Name*
- Enter the following under:-
-
Step 1: Settings area
- In the New Pool: wizard
-
Step 1: Settings area
- Enable the following under:-
- Ensure Passive Health Monitor is checked
- Enable the following under:-
- In the Health Monitors section,
- Select +Add Active Monitor.
-
Step 1: Settings area
- In the New Pool: wizard
- Step 1: Settings area
- Above + Add Active Monitor
- From the dropdown. select Horizon-HTTPS
- In the New Pool: wizard
- Step 1: Settings area
- To the right of + Add Active Monitor
- Below Append Port:
- From the dropdown
- Select Never
- From the dropdown
- Leave all as default
- Below Append Port:
- Select Next
- In the New Pool: wizard
-
Step 2: Servers area
- Under Select Servers
- Select IP Group
- Under Select Servers
-
Step 2: Servers area
- In the New Pool: wizard
-
Step 2: Servers area
- In the IP Group area
- Under IP Group
- From the dropdown
- Select UAG Servers-Site-1
- From the dropdown
- Under IP Group
- Leave all the rest of the settings default
- In the IP Group area
- Select Next
-
Step 2: Servers area
- In the New Pool: wizard
-
Step 3: Advanced area
- Select Next
-
Step 3: Advanced area
- In the New Pool: wizard
-
Step 4: Review area
- Select Save
-
Step 4: Review area
Validate the SSL certificate Required for L7 VIP is pre-configured
- From the NSX-ALB Admin console
- Navigate to Templates > Security > SSL/TLS Certificates
- In the SSL/TLS Certificate Window
- Verify the HZNCert2023 shows status green
Validating that Connection Multiplexing is disabled
- In the NSX-ALB console
- Navigate to Templates > Profiles> Application
- In the Application area
- Select System-Secure-HTTP-VDI.
- To the right of System-Secure-HTTP-VDI
- Select the edit icon.
- In the Application area
- Navigate to Templates > Profiles> Application
- In Edit Application Profile: System-Secure-HTTP-VDI window
- Ensure the checkbox next to Connection Multiplexing is NOT selected
-
Select Cancel
- to close the Edit Application Profile: System-Secure-HTTP-VDI window
Creating the L7 Virtual Service for Site-1
- In the NSX-ALB Console
- Navigate to Applications > Virtual Services
- In the Virtual Services area
- To the top right, select CREATE VIRTUAL SERVICE
- Select Advanced Setup.
- To the top right, select CREATE VIRTUAL SERVICE
- In the New Virtual Service wizard
-
Step 1: Settings area
- Enter the following under:
-
Name*
- type Horizon-UAG-L7-Site-1
-
VS VIP *
- Select the dropdown,
- Notice a Create VS VIP Green box appears
- Select the dropdown,
-
Name*
- Enter the following under:
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the VIP Address area
- Select Create VS VIP
- In the VIP Address area
-
Step 1: Settings area
- In the Create VS VIP: page
- In the General tab,
- Under Name
- type: VIP-Horizon-UAG-Site1
- Select ADD
- Under Name
- In the General tab,
- In the Edit VIP: 1 page
- Under IPv4 Address*
- type 172.16.20.100
- Select SAVE
- Under IPv4 Address*
- In the Create VS VIP: VIP-Horizon-UAG-Site1 window
- Select SAVE
- In the New Virtual Service wizard
-
Step 1: Settings area
-
Scroll down to the Service Port area
- Under Services
- Enable the checkbox next to SSL
- Under Services
-
Scroll down to the Service Port area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the Profiles sub-area
- Below Application Profile*:
- From the dropdown
- Select System-Secure-HTTP-VDI
- From the dropdown
- Below Error Page Profile:
-
From the dropdown
- Select Custom-Error-Page-Profile
-
From the dropdown
- Below Application Profile*:
- In the Profiles sub-area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the *Pool* sub-area
- Under Pool
- Select the dropdown
- Select: Horizon-L7-Pool-Site-1
- Select the dropdown
- Under Pool
- In the *SSL Settings* sub-area
- Under SSL Profile*
- Select the dropdown
- Select: System-Standard
- Select the dropdown
- Under SSL Certificate:
- Select the dropdown
- Select HZNcert2023
- Remove the System-Default-Cert
- Select HZNcert2023
- Leave all other settings as default
- Select the dropdown
- Under SSL Profile*
- In the *Pool* sub-area
- In the bottom right corner
- Select Next
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 2: Policies area
- (Leave everything as default)
- Select Next
-
Step 2: Policies area
- In the New Virtual Service wizard
-
Step 3: Analytics area
- (Leave everything as default)
- Select Next
-
Step 4: Advanced tab,
- (Leave everything as default)
- Select Save
-
Step 3: Analytics area
- In the New Virtual Service wizard
-
Step 4: Advanced area
- (Leave everything as default)
- Select Save
-
Step 4: Advanced area
Creating L4 Virtual Service for Site-1
- From the NSX-ALB admin console
- Navigate to Applications > Virtual Services
- In the Virtual Services window
- In the top right corner,
- Select CREATE VIRTUAL SERVICE
- Select Advanced Setup.
- In the top right corner,
- In the New Virtual Service wizard
-
Step 1: Settings area
- Configure the following under:
-
Name*
- Type Horizon-UAG-L4-Site-1
-
VS VIP *
- Select the dropdown,
- Select VIP-Horizon-UAG-Site1
- Select the dropdown,
-
Name*
- Configure the following under:
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
-
*Profiles* sub area
- Under Application Profile*
- from the dropdown
- Select: System-L4-Application
- Under Error Page Profile
- from the dropdown
- Select: Custom-Error-Page-Profile
- from the dropdown
- from the dropdown
- Under Application Profile*
-
*Profiles* sub area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
-
*Service Port* sub area
- Select Switch to Advanced.
-
*Service Port* sub area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
-
*Service Port* sub area
- Under Services
- Replace port 80 with port 443
- Port Min and Port Max areas to 443
- Replace port 80 with port 443
- Select the Checkbox next to Override TCP/UDP
- Under Services
-
*Service Port* sub area
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- Below the checkbox enabled Override TCP/UDP
- Select the dropdown
- Select System-UDP-Fast-Path-VDI
- Select + Add Port
- Select the dropdown
- Below the checkbox enabled Override TCP/UDP
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings: continued
- Type 8443 in Port Min and 8443 to Port Max
- Note: You will notice Port Max will change automatically to 8443.
- Type 8443 in Port Min and 8443 to Port Max
- Uncheck Override TCP/UDP box if selected
- Select + Add Port again.
- Type 8443 in Port Min and 8443 to Port Max
- Check the box Override TCP/UDP
- Under Select Dropdown
- Select System-UDP-Fast-Path-VDI
- Note: Ensure all the Service Port details matches as per the screenshot above.
- Select System-UDP-Fast-Path-VDI
- Select + Add Port again
-
Step 1: Settings: continued
- In the New Virtual Service wizard
-
Step 1: Settings: continued
- Type 4172 in Port Min and 4172 to Port Max
- Uncheck Override TCP/UDP box if selected.
- Type 4172 in Port Min and 4172 to Port Max
- Select + Add Port again
- Type 4172 in Port Min and 4172 to Port Max
-
Check the box Override TCP/UDP
- Under Select Dropdown
- Select System-UDP-Fast-Path-VDI
-
Check the box Override TCP/UDP
- Type 4172 in Port Min and 4172 to Port Max
- Note: Ensure all the Service Port details matches as per the screenshot above.
-
Step 1: Settings: continued
- In the New Virtual Service wizard
-
Step 1: Settings area
- To the right of *Service Port*
- You will see the *Pool* area
- Under Pool
- From the dropdown
- Select Horizon-L4-Pool-Site-1
- From the dropdown
- Under Pool
- You will see the *Pool* area
- Select Next
- To the right of *Service Port*
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 2: Policies area
- Leave everything as default
- Select Next
-
Step 2: Policies area
- In the New Virtual Service wizard
-
Step 3: Analytics area
- Leave everything as default
- Select Next
-
Step 3: Analytics area
- In the New Virtual Service wizard
-
Step 4: Advanced area
- Leave everything as default
- Select Save
-
Step 4: Advanced area
- In the NSX-ALB admin console
- Select Applications
- Select Virtual Services
- In the right pane your configurations should look like the image above.
- Select Applications
Configuring the Unified Access Gateway for Site1 AVI Integration
0 Comments
Add your comment