EUC

VMware NSX AVI Loadbalancer Integration with VMware Horizon

To deploy AVI LoadBalancer, there are two main components involved:

AVI Controller:
The Avi Controller is a centralized brain that spans data centers and clouds. The Avi Controller has full visibility across the environments and automates the deployment and management of the load balancing endpoints, which we call Service Engines.
We need one AVI Controller to manage the Service Engine across the site if all the network configurations are in-place. In Our Lab, Avi Controller is pre-deployed in Site-2 which will manage both the Service Engines

Service Engine:
Service Engine is a Load Balancer Component which runs on each datacenter. Service Engine(SE) is managed by AVI Controller. In the lab we will see how SEs are configured as a Load Balancer to full-fill the request from Applications.
In Our case Applications are UAGs across both Site-1 and Site-2

Configure Backend server groups

Part 1 - AVI Integration with UAG Servers Site-1

Section 1 - AVI Integration with UAG Servers in Site1

FQDN	Entity Description	Real IP
uag-hzn-avi01.euc-livefire.com	FQDN of Avi LB VIP Site-1	172.16.20.100
uag-hzn-01a.euc-livefire.com	FQDN of UAG server 1 on site 1	172.16.20.10
uag-hzn-01b.euc-livefire.com	FQDN of uag server 2 on site 1	172.16.20.11

On your ControlCenter Server
- Open your Chrome Browser for Site-1
  - In the Address bar, Enter and browse to avicontroller.euc-livefire.com
    - In the Your Connection is not private window
      - Select Advanced
      - Select Proceed to avicontroller.euc-livefire.com

In the VMware NSX ALB (Avi) page
- Under Username, enter admin and VMware1!VMware1! as the password

In the Default landing page under the Applications tab
- Close the Controller Faults notification

From the NSX-ALB console,
- Navigate to Templates > Groups.
  - Select IP Groups
- In the Groups area
  - To the right of the Groups area
    - Select CREATE IP GROUP

In the NEW IP Group: window
- In the General area
  - Under Name*
    - Type UAG Servers-Site-1
- Under IP Addresses area
  - Select ADD

In the IP Addresses (1) area
- Under IP Address
  - In the Enter IP Address area
    - Type 172.16.20.10

In the IP Addresses (1) area
- Select ADD

In the IP Addresses (2) area
- Under IP Address
  - In the Enter IP Address area
    - Type 172.16.20.11

In the IP Addresses (2) area
- In the bottom right hand corner
  - Select Save

Verify Custom Health Monitor Profile

Part 2: Verify Custom Health Monitor Profile

The next step is to validate the custom Health Monitor Profile.
Note:- Part 2 is pre-created. It is for information purposes only.

Do not make or save any changes to the Health Monitor Profile

From the NSX-ALB console,
- Navigate to Templates > Profiles
  - Under Profiles
    - Select Health Monitors > Horizon-HTTPS
    - Click on the pencil icon to the right of Horizon-HTTPS

On the New Health Monitor page,
- Validate the following configuration
- Name: Horizon-HTTPS
- Type : HTTPS
- Send Interval 30
- Receive Timeout 10

On the Edit Health Monitor: Horizon-HTTPS page,
- Scroll down to the HTTPS Settings section
- Under Client Request Header: GET /favicon.ico HTTP/1.0

On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Response Code*
  - Response Code* : 2XX
  - Next to SSL Attributes: Checkbox is selected
  - SSL Profile* : System-Standard.

On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Maintenance Response Code*
- Maintenance Response Code :503
- Close the Edit Health Monitor: Horizon-HTTPS
- Do Not make any changes

We will now create L7 Pools for Site-1

Part 3: Creating Layer 7 Pools For Site-1

From the NSX-ALB console
- Navigate to Applications > Pools.

In the Pools area
- To the right of the pane
  - Select CREATE POOL

In the New Pool: Horizon-L7-Pool-Site-1 window,
- Step 1: Settings
  - Enter the required information:
    - Under Name*:
      - Type Horizon-L7-Pool-Site-1
    - Under Default Server Port
      - Type 443
    - Under Load Balance:
      - From the drop down
        
        Select Consistent Hash
        
        with Source IP Address as the hash key.

In the New Pool: Horizon-L7-Pool-Site-1 window,
- Step 1: Settings
  - In the Health Monitors section
    - Make sure the checkbox next to:
      - Passive Health Monitor is checked
    - Select + Add Active Monitor.
      - Above + Add Active Monitor.
        
        From the dropdown, select is Horizon-HTTPS
        
        This is the health monitor that you validated earlier

In the New Pool: Horizon-L7-Pool-Site-1 window,
- Step 1: Settings
  - To the right of the Health Monitors area
    - Below Append Port:
      - From the dropdown
        
        Select Never

In the New Pool: Horizon-L7-Pool-Site-1 window,
- Step 1: Settings
  - Select the check box, next to
    - Enable SSL

In the New Pool: Horizon-L7-Pool window
- Step 1: Settings
  - Under SSL Profile*
    - From the dropdown
      - Select System-Standard.
  - Ensure TLS SNI box is Checked
    - Leave all the remaining settings as defaults
  - To the bottom right of the page
- Select Next

In the New Pool: Horizon-L7-Pool-Site-1 window
- Step 2: Servers
  - Under Select Servers
    - Select IP Group

In the New Pool: Horizon-L7-Pool-Site-1 window
- Step 2: Servers
  - IP Group area
    - Below the IP Group header
      - From the dropdown,
        
        select UAG Servers-Site-1
        
        You created this earlier
  - Leave all the settings as default
- Select Next

In the New Pool: Horizon-L7-Pool-Site-1 window
- Step 3: Advanced
  - Leave everything as Default
- Select Next

In the New Pool: Horizon-L7-Pool-Site-1 window
- Step 4: Review
- Review your settings
- Select Save

Creating the UAG L4 Pool For Site-1

Part 4: Creating Layer 4 Pools For Site-1

In the NSX-ALB admin console
- In the Applications > Pools area
  - Select CREATE POOL

In the New Pool: wizard
- Step 1: Settings area
  - Enter the following under:-
    - Under Name*
      - type: Horizon-L4-Pool-Site-1
    - Under Default Service Port
      - Type: 443
    - Under Load Balance:
      - Select Consistent Hash
        
        with Source IP Address as the hash key.

In the New Pool: wizard
- Step 1: Settings area
  - Enable the following under:-
    - Ensure Passive Health Monitor is checked
- In the Health Monitors section,
  - Select +Add Active Monitor.

In the New Pool: wizard
- Step 1: Settings area
- Above + Add Active Monitor
  - From the dropdown. select Horizon-HTTPS

In the New Pool: wizard
- Step 1: Settings area
- To the right of + Add Active Monitor
  - Below Append Port:
    - From the dropdown
      - Select Never
  - Leave all as default
- Select Next

In the New Pool: wizard
- Step 2: Servers area
  - Under Select Servers
    - Select IP Group

In the New Pool: wizard
- Step 2: Servers area
  - In the IP Group area
    - Under IP Group
      - From the dropdown
        
        Select UAG Servers-Site-1
  - Leave all the rest of the settings default
- Select Next

In the New Pool: wizard
- Step 3: Advanced area
  - Select Next

In the New Pool: wizard
- Step 4: Review area
  - Select Save

Validate the SSL certificate Required for L7 VIP is pre-configured

Part 5: Verify SSL Certificate required for Layer 7 VIP is present.

From the NSX-ALB Admin console
- Navigate to Templates > Security > SSL/TLS Certificates

In the SSL/TLS Certificate Window
- Verify the HZNCert2023 shows status green

Validating that Connection Multiplexing is disabled

Part 6: Validating that Connection Multiplexing is disabled

In the NSX-ALB console
- Navigate to Templates > Profiles> Application
  - In the Application area
    - Select System-Secure-HTTP-VDI.
    - To the right of System-Secure-HTTP-VDI
      - Select the edit icon.

In Edit Application Profile: System-Secure-HTTP-VDI window
- Ensure the checkbox next to Connection Multiplexing is NOT selected
- Select Cancel
  - to close the Edit Application Profile: System-Secure-HTTP-VDI window

Creating the L7 Virtual Service for Site-1

Part 7: Creating the Layer 7 Virtual Service for Site-1

In the NSX-ALB Console
- Navigate to Applications > Virtual Services

In the Virtual Services area
- To the top right, select CREATE VIRTUAL SERVICE
  - Select Advanced Setup.

In the New Virtual Service wizard
- Step 1: Settings area
  - Enter the following under:
    - Name*
      - type Horizon-UAG-L7-Site-1
    - VS VIP *
      - Select the dropdown,
        
        Notice a Create VS VIP Green box appears

In the New Virtual Service wizard
- Step 1: Settings area
  - In the VIP Address area
    - Select Create VS VIP

In the Create VS VIP: page
- In the General tab,
  - Under Name
    - type: VIP-Horizon-UAG-Site1
  - Select ADD

In the Edit VIP: 1 page
- Under IPv4 Address*
  - type 172.16.20.100
  - Select SAVE

In the Create VS VIP: VIP-Horizon-UAG-Site1 window
- Select SAVE

In the New Virtual Service wizard
- Step 1: Settings area
  - Scroll down to the Service Port area
    - Under Services
      - Enable the checkbox next to SSL

In the New Virtual Service wizard
- Step 1: Settings area
  - In the Profiles sub-area
    - Below Application Profile*:
      - From the dropdown
        
        Select System-Secure-HTTP-VDI
    - Below Error Page Profile:
      - From the dropdown
        
        Select Custom-Error-Page-Profile

In the New Virtual Service wizard
- Step 1: Settings area
  - In the *Pool* sub-area
    - Under Pool
      - Select the dropdown
        
        Select: Horizon-L7-Pool-Site-1
  - In the *SSL Settings* sub-area
    - Under SSL Profile*
      - Select the dropdown
        
        Select: System-Standard
    - Under SSL Certificate:
      - Select the dropdown
        
        Select HZNcert2023
        
        Remove the System-Default-Cert
      - Leave all other settings as default
- In the bottom right corner
  - Select Next

In the New Virtual Service wizard
- Step 2: Policies area
  - (Leave everything as default)
- Select Next

In the New Virtual Service wizard
- Step 3: Analytics area
  - (Leave everything as default)
  - Select Next
- Step 4: Advanced tab,
  - (Leave everything as default)
  - Select Save

In the New Virtual Service wizard
- Step 4: Advanced area
  - (Leave everything as default)
- Select Save

Creating L4 Virtual Service for Site-1

Part 8: Creating the Layer 4 Virtual Service for Site-1

From the NSX-ALB admin console
- Navigate to Applications > Virtual Services

In the Virtual Services window
- In the top right corner,
  - Select CREATE VIRTUAL SERVICE
  - Select Advanced Setup.

In the New Virtual Service wizard
- Step 1: Settings area
  - Configure the following under:
    - Name*
      - Type Horizon-UAG-L4-Site-1
    - VS VIP *
      - Select the dropdown,
        
        Select VIP-Horizon-UAG-Site1

In the New Virtual Service wizard
- Step 1: Settings area
  - *Profiles* sub area
    - Under Application Profile*
      - from the dropdown
        
        Select: System-L4-Application
      - Under Error Page Profile
        
        from the dropdown
        
        Select: Custom-Error-Page-Profile

In the New Virtual Service wizard
- Step 1: Settings area
  - *Service Port* sub area
    - Select Switch to Advanced.

In the New Virtual Service wizard
- Step 1: Settings area
  - *Service Port* sub area
    - Under Services
      - Replace port 80 with port 443
        
        Port Min and Port Max areas to 443
    - Select the Checkbox next to Override TCP/UDP

In the New Virtual Service wizard
- Step 1: Settings area
  - Below the checkbox enabled Override TCP/UDP
    - Select the dropdown
      - Select System-UDP-Fast-Path-VDI
    - Select + Add Port

In the New Virtual Service wizard
- Step 1: Settings: continued
  - Type 8443 in Port Min and 8443 to Port Max
    - Note: You will notice Port Max will change automatically to 8443.
- Uncheck Override TCP/UDP box if selected
- Select + Add Port again.
- Type 8443 in Port Min and 8443 to Port Max
- Check the box Override TCP/UDP
- Under Select Dropdown
  - Select System-UDP-Fast-Path-VDI
    - Note: Ensure all the Service Port details matches as per the screenshot above.
- Select + Add Port again

In the New Virtual Service wizard
- Step 1: Settings: continued
  - Type 4172 in Port Min and 4172 to Port Max
    - Uncheck Override TCP/UDP box if selected.
- Select + Add Port again
  - Type 4172 in Port Min and 4172 to Port Max
    - Check the box Override TCP/UDP
      - Under Select Dropdown
      - Select System-UDP-Fast-Path-VDI
- Note: Ensure all the Service Port details matches as per the screenshot above.

In the New Virtual Service wizard
- Step 1: Settings area
  - To the right of *Service Port*
    - You will see the *Pool* area
      - Under Pool
        
        From the dropdown
        
        Select Horizon-L4-Pool-Site-1
  - Select Next

In the New Virtual Service wizard
- Step 2: Policies area
  - Leave everything as default
- Select Next

In the New Virtual Service wizard
- Step 3: Analytics area
  - Leave everything as default
- Select Next

In the New Virtual Service wizard
- Step 4: Advanced area
  - Leave everything as default
- Select Save

In the NSX-ALB admin console
- Select Applications
  - Select Virtual Services
- In the right pane your configurations should look like the image above.

Configuring the Unified Access Gateway for Site1 AVI Integration

EUC

VMware NSX AVI Loadbalancer Integration with VMware Horizon

0 Comments

Add your comment

Topics

Last Updated