EUCCurrent ClassesEUC: Horizon Advanced Integrations 2024 Chapters3. VMware NSX AVI Loadbalancer Integration with Horizon

3. VMware NSX AVI Loadbalancer Integration with Horizon

To deploy AVI LoadBalancer, there are two main components involved:

AVI Controller:
The Avi Controller is a centralized brain that spans data centers and clouds. The Avi Controller has full visibility across the environments and automates the deployment and management of the load balancing endpoints, which we call Service Engines.
We  need one AVI Controller to manage the Service Engine across the site if  all the network configurations are in-place. In Our Lab, Avi Controller is pre-deployed in Site-2 which will manage both the Service Engines

Service Engine:
Service Engine is a Load Balancer Component which runs on each datacenter. Service Engine(SE) is managed by AVI Controller. In the lab we will see how SEs are configured as a Load Balancer to full-fill the request from Applications.
In Our case Applications are UAGs across both Site-1 and Site-2

Part 1 - AVI Integration with UAG Servers Site-1

Section 1 - AVI Integration with UAG Servers in Site1

FQDN Entity Description
 Real IP
uag-hzn-avi01.techseals.co FQDN of Avi LB VIP Site-1 172.16.20.100
uag-hzn-01a.techseals.co
 FQDN of UAG server 1 on site 1
 172.16.20.10
uag-hzn-01b.techseals.co
 FQDN of uag server 2 on site 1
 172.16.20.11
  1. On your ControlCenter Server
    • Open your Chrome Browser for Site-1
      • from the Favourites bar,  
        • select Avi Vantage Controller
  1. In the VMware NSX ALB (Avi) page
    • In the Username area,
      • enter admin
    • In the Password area
      • enter  Pa$$w0rd
    • select LOG IN

Verify Custom Health Monitor Profile

Part 2: Verify Custom Health Monitor Profile

The next step is to validate the custom Health Monitor Profile.
Note:- This is pre-created

  1. From the NSX-ALB console,
    • Navigate to Templates > Profiles 
      • Under Profiles
        • Select  Health Monitors > Horizon-HTTPS
        • Click on the pencil icon to  the right of Horizon-HTTPS
  1. On the New Health Monitor page,
    • Validate the following configuration
    • Name: Horizon-HTTPS
    • Type : HTTPS
    • Send Interval  30
    • Receive Timeout 10
  1. On the Edit Health Monitor: Horizon-HTTPS page,
    • Scroll down to the HTTPS Settings section
    • Under  Client Request Header: GET /favicon.ico HTTP/1.0
  1. On the New Health Monitor: Horizon-HTTPS page,
    • Scroll down until you locate Response Code*
      • Response Code*  : 2XX
      • Next to SSL Attributes: Checkbox is selected
      • SSL Profile* :  System-Standard.
  1. On the New Health Monitor: Horizon-HTTPS page,
    • Scroll down until you locate Maintenance Response Code*
    • Maintenance Response Code :503
    • Close the Edit Health Monitor: Horizon-HTTPS
    • Do Not make any changes

We will now create Pools for Site-1

Part 3: Creating Pool For Site-1
  1. From the  NSX-ALB console
    • navigate to Applications > Pools.
  1. In the Pools area
    • to the right of the pane
      • select CREATE POOL
  1. In the CREATE POOL:  window,
    • Step 1: Settings
      • enter the required information:
        • under Name*:
          • enter Horizon-UAG-Pool-Site-1
        • under Default Server Port
          • enter 443
        • under Load Balance Algorithm:
          • validate the following
            • that Least Connections is selected
  1. In the CREATE POOL: Horizon-UAG-Pool-Site-1 window
    • select the Servers tab
      • under Select Servers By IP Address
        enter
        • 172.16.20.10,172.16.20.11
        • select Add
  1. Once Added,
    • Both the UAG servers from Site 1 shows enabled.
      • Note: 172.16.20.10 and 172.16.20.11 are two UAG Servers in Site1
  1. In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
    • select the Health Monitor tab
      1. Make sure the checkbox next to:
        • Enable Passive Health Monitor is checked
      2. Select ADD.
        • from the dropdown,
          • select  is Horizon-HTTPS

this is the health monitor that you validated earlier

  1. In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
    • in the Health Monitors area
      • scroll up
        • below Append Port To Host Name
          • next to Never
            • select the radio button
  1. In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
    • Health Monitor tab
      • Scroll down
        • below the SSL section
          • under SSL Profile
            • select System-Standard.
        • next to the Enable TLS SNI
          • ensure this box is Checked
          • Leave all the remaining settings as defaults
  1. In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
    • In the bottom right corner
      • select SAVE
Part 4: Verify SSL Certificate required is present.
  1. From the NSX-ALB Admin console
    • Navigate to Templates > Security > SSL/TLS Certificates
  1. In the SSL/TLS Certificate Window
    • Verify the HZNCert2024 shows status green

Validating that  Connection Multiplexing is disabled

Part 5: Validating that Connection Multiplexing is disabled
  1. In the NSX-ALB console
    • Navigate to Templates > ProfilesApplication 
      • In the Application area
        • select System-Secure-HTTP-VDI.
        • To the right of  System-Secure-HTTP-VDI
          • Select the edit icon.
  1. In Edit Application Profile: System-Secure-HTTP-VDI window
    • Ensure the checkbox next to Connection Multiplexing is NOT selected
    • Select Cancel
      • to close the Edit Application Profile: System-Secure-HTTP-VDI window

Creating the Virtual Service for Site-1

Part 6: Creating the Virtual Service for Site-1
  1. In the NSX-ALB Console
    • Navigate to Applications Virtual Services
  1. In the Virtual Services area
    • To the top right, select CREATE VIRTUAL SERVICE 
      • Select  Advanced Setup.
  1. In the New Virtual Service wizard
    • Step 1: Settings area
      • enter the following under:
        • Name*
          • type Horizon-UAG-Site-1
        • VS VIP *
          • select the dropdown,
            • notice a Create VS VIP Green box appears
  1. In the New Virtual Service wizard
    • Step 1: Settings area
      • In the VIP Address area
        • select Create VS VIP
  1. In the Create VS VIP: page
    • In the General tab,
      • under Name
        • type: VIP-Horizon-UAG-Site1
      • Select ADD
  1. In the Edit VIP: 1 page
    • under IPv4 Address*
      • type 172.16.20.100
        • select SAVE
  1. In the Create VS VIP: VIP-Horizon-UAG-Site1 window
    • select SAVE
  1. In the New Virtual Service wizard
    • Step 1: Settings area
      • Scroll down to the Service Port area
        • under Services
          • next to SSL
            • enable the checkbox
          • select Switch to Advanced
  1. Under Service Port
    • Click +Add Port
  1. In the New Virtual Service wizard
    • Type 5001 in Port Min and 5005 to Port Max
      • Enable SSL
        • Enable Use as Horizon Primary/Tunnel Protocol Ports
          • Uncheck Override TCP/UDP box if selected
    • Select + Add Port again.
      • Type 5001 in Port Min and 5005 to Port Max
      • Under Override Application Profile dropdown
        • Select System-L4-Application
          • Select Override TCP/UDP
            • Under Select Dropdown
              • Select System-UDP-Fast-Path-VDI
    • Note: These internal ports will be used for Tunnel Connections. These non-standard ports, are required on the Avi virtual service only.
    • Note: These ports do not have to be opened for UAG servers. These ports need to be opened on the firewall that is placed in front of the load balancer.
    • Note: Ensure all the Service Port details matches as per the screenshot above.
    • Select + Add Port again at the bottom
  1. Type 20001 in Port Min and 20005 to Port Max
    • Under Override Application Profile dropdown menu
      • Select System-L4-Horizon-PCoIP
        • Uncheck Override TCP/UDP box if selected
    • Select + Add Port again
      • Type 20001 in Port Min and 20005 to Port Max
        • Under Override Application Profile dropdown menu
          • Select System-L4-Horizon-PCoIP
            • Select Override TCP/UDP
    • Under Dropdown menu
      • Select System-UDP-Fast-Path-VDI
    • Note: Ensure all the Service Port details matches as per the screenshot above.
    • Select + Add Port again at the bottom
  1. Type 30001 in Port Min and 30005 to Port Max
    • Under Override Application Profile dropdown menu
      • Select System-L4-Horizon-Blast
        • Uncheck Override TCP/UDP box if selected
    • Select + Add Port again
      • Type 30001 in Port Min and 30005 to Port Max
        • Under Override Application Profile dropdown menu
          • Select System-L4-Horizon-Blast
            • Select Override TCP/UDP
    • Under Dropdown menu
      • Select System-UDP-Fast-Path-VDI
    • Note: Ensure all the Service Port details matches as per the screenshot above.
  1. Ensure all the settings matches as per the screenshot above.
    • Note: Ensure enough ports are opened on the virtual service to accommodate any new UAG servers you add to the UAG pool. In this example, six ports are opened for primary and secondary traffic:
    • Note: Port 443  
      • This is for XML API traffic
    • Note: Ports 5001 to 5005  
      • Horizon internal ports opened for L7 primary XML traffic to handle redirected traffic
    • Note: Ports 30001 to 30005
      •  Blast
    • Note: Ports 20001 to 20005
      • PCoIP
    • Note: These non-standard ports, are required on the Avi virtual service only. These ports do not have to be opened for UAG servers. These ports need to be opened on the firewall that is placed in front of the load balancer.
  1. In the New Virtual Service wizard
    • Settings area, scroll up
      • In the Profiles sub-area
        • Below Application Profile*:
          • From the dropdown
            • Select System-HTTP-Horizon-UAG
        • Below Error Page Profile:
          • From the dropdown
            • Select  Custom-Error-Page-Profile
  1. In the New Virtual Service wizard
    • Step 1: Settings area
      • In the *Pool* sub-area
        • Under Pool
          • Select the dropdown
            • Select: Horizon-UAG-Pool-Site1
      • In the *SSL Settings* sub-area
        • Under SSL Profile*
          • Select the dropdown
            • Select: System-Standard
        • Under SSL Certificate:
          • Select the dropdown
            • Select HZNcert2024
              • Remove the System-Default-Cert
          • Leave all other settings as default
    • In the bottom right corner
      • Select Next
  1. In the New Virtual Service wizard
    • Step 2: Policies area
      • (Leave everything as default)
    • Select Next
  1. In the New Virtual Service wizard
    • Step 3: Analytics area
      • (Leave everything as default)
      • Select Next
    • Step 4: Advanced tab,
      • (Leave everything as default)
      • Select Save
  1. In the New Virtual Service wizard
    • Step 4: Advanced area
      • (Leave everything as default)
    • Select Save
Part 7: Binding the DataScript to the Virtual Service
  1. From the NSX-ALB admin console
    • Navigate to Applications > Virtual Services
      • Select Horizon-UAG-Site-1 and click edit
  1. In the Edit Horizon-UAG-Site-1 virtual service area
    • Navigate to Polices > DataScripts
    • Click + Add DataScript
  1. In the Edit Horizon-UAG-Site-1 virtual service area
    • below Script To Execute
      • from the dropdown
        • select System-Standard-Horizon-UAG
      • In the bottom right corner
        • select Save DataScript
        • select Save
Part 8: Configuring the Unified Access Gateway for Site 1
Section 1. Get the custom ports for Blast and PCoIP per UAG server from the pool we created for Site1
  1. In the AVI Controller Admin Page
    • navigate to Applications > Pools
      • select Horizon-UAG-Pool-Site1
  1. In the Pool: Horizon-UAG-Pool-Site1 window
    • select the Servers tab
      • Make a Note all the custom ports
        • In this example
          • UAG-01a (172.16.20.10) uses 5002 for tunnel, 20002 for PCoIP and 30002 for Blast
          • UAG-02 (172.16.20.11) uses 5001 for tunnel, 20001 for PCoIP and 30001 for Blast

Note: It is just an example and it may vary based on your environment  

Note: We will use these custom ports while configuring UAGs

Section 2. Add the custom ports to the respective UAG-01a Blast and PCoIP external URLs
  1. On your ControlCenter Server
    • Open your Chrome Browser for Site-1
      • In the Address bar,
        • select UAG-HZN-01a
          • In the UAG Login window
            • in the username: area
              • enter admin
            • in the password: area
              • enter Pa$$w0rd
  1. In the UAG Admin Console
    • under Configure Manually
      • click Select
  1. In the UAG Admin Console
    • Scroll back-up to General Settings
      • next to Edge Service Settings,
        • move the TOGGLE to the right
      • next to Horizon Settings
        • select the GEAR icon
  1. In the UAG Admin Console
    • next to PCOIP External URL
      • edit the existing entry to the following
        • 172.16.20.10:20002
      • Note: PCOIP Port number may different in your case.
        • Refer Part 8 Section 1
      • Note: PCOIP Port should be the custom port noted in previous section
        • (Part 8 Section 1)
    • next to Blast External URL
      • edit the existing entry to the following
https://uag-hzn-01a.techseals.co:30002/?UDPPort=30002
  • Note:Blast Port number may different in your case.
    • Refer Part 8 Section 1
  • Note: Blast Port should be the custom port noted in previous section
    • Part 8 Section 1
  • scroll down
    • at the bottom
      • select Save
Section 3. Add the custom ports to the respective UAG-01b Blast and PCoIP external URLs
  1. On your ControlCenter Server
    • On your Chrome Browser for Site-1
    • In the Address bar,
      • select UAG-HZN-01b
    • In the UAG Login window
      • in the username: area
        • enter admin
      • in the password: area
        • enter Pa$$w0rd
  1. In the UAG Admin Console
    • under Configure Manually
      • click Select
  1. In the UAG Admin Console
    • In the General Settings area
      • next to Edge Service Settings,
        • move the TOGGLE to the right
      • next to Horizon Settings
        • select the GEAR icon
  1. In the UAG Admin Console
    • next to  PCOIP External URL
      • 172.16.20.11:20001
        • Note: PCOIP Port number may different in your case.
          • Refer Part 8 Section 1
        • Note: PCOIP Port should be the custom port noted in previous section
          • Part 8 Section 1
    • next to Blast External URL
      • enter the following
https://uag-hzn-01b.techseals.co:30001/?UDPPort=30001
  • Note:Blast Port number may different in your case.
    • Refer Part 8 Section 1
  • Note: Blast Port should be the custom port noted in previous section
    • Part 8 Section 1
      • scroll down
        • at the bottom
          • select Save
Part 9: Testing LTM Configuration
Part  9 Section 1: Testing Site1 LTM
  1. On your ControlCenter server
    • On the Desktop
      • Open the Remote Desktops Folder
        • open Site1
          • launch W11Client-01a.rdp
            • login as Craig
              • in the password area
                • enter Pa$$w0rd
            • select OK
  1. On your  W11Client-01a
    • Open Horizon Client from desktop
      • In the Horizon Client,
      • click on Add Server Button
        • In the Name of the Connection Sever textbox,
          • Type
            • uag-hzn-avi01.techseals.co
              • Click Connect
  1. In the Horizon Client textbox
    • in the Username area
      • enter craig
    • in the Password area
      • enter Pa$$w0rd
        • select login
  1. In the Horizon Client
    • double click the W11INST Pool
      • You will be presented with the desktop
      • This validates our testing and configuration
        • select the More buttons
          • from the dropdown
            • select Logoff Desktop
Part  9 Section 2: Testing Site2 LTM
  1. On your ControlCenter server
    • on the Desktop
      • open the Remote Desktops Folder
        • open Site 2
          • launch W11Client-02a.RDP
            • login as malcolm
              • In the password area
                • enter Pa$$w0rd
                • select OK to login
  1. In  W11Client-02a
    • Open Horizon Client from desktop
      • In the Horizon Client,
        • click on the Add Server Button
          • In the Name of the Connection Sever box,
            • enter
              • uag-hzn-avi02.techseals.co
                • select Connect
  1. In the Horizon Client textbox
    • in the Username area
      • enter malcolm
    • in the Password area
      • enter Pa$$w0rd
        • select login
  1. In the Horizon Client
    • double click the W11INST Pool
      • You will be presented with the desktop
      • This validates our testing and configuration
    • select the More buttons
      • from the dropdown
        • select Logoff Desktop

Once the testing complete, this brings to the end of LTM configuration. Move to the next lab of GSLB configuration lab

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.