3. VMware NSX AVI Loadbalancer Integration with Horizon
To deploy AVI LoadBalancer, there are two main components involved:
AVI Controller:
The Avi Controller is a centralized brain that spans data centers and clouds. The Avi Controller has full visibility across the environments and automates the deployment and management of the load balancing endpoints, which we call Service Engines.
We need one AVI Controller to manage the Service Engine across the site if all the network configurations are in-place. In Our Lab, Avi Controller is pre-deployed in Site-2 which will manage both the Service Engines
Service Engine:
Service Engine is a Load Balancer Component which runs on each datacenter. Service Engine(SE) is managed by AVI Controller. In the lab we will see how SEs are configured as a Load Balancer to full-fill the request from Applications.
In Our case Applications are UAGs across both Site-1 and Site-2
Section 1 - AVI Integration with UAG Servers in Site1
FQDN | Entity Description |
Real IP |
---|---|---|
uag-hzn-avi01.techseals.co | FQDN of Avi LB VIP Site-1 | 172.16.20.100 |
uag-hzn-01a.techseals.co |
FQDN of UAG server 1 on site 1 |
172.16.20.10 |
uag-hzn-01b.techseals.co |
FQDN of uag server 2 on site 1 |
172.16.20.11 |
- On your ControlCenter Server
-
Open your Chrome Browser for Site-1
- from the Favourites bar,
- select Avi Vantage Controller
- from the Favourites bar,
-
Open your Chrome Browser for Site-1
- In the VMware NSX ALB (Avi) page
- In the Username area,
- enter admin
- In the Password area
- enter Pa$$w0rd
- select LOG IN
- In the Username area,
Verify Custom Health Monitor Profile
The next step is to validate the custom Health Monitor Profile.
Note:- This is pre-created
- From the NSX-ALB console,
- Navigate to Templates > Profiles
- Under Profiles
- Select Health Monitors > Horizon-HTTPS
- Click on the pencil icon to the right of Horizon-HTTPS
- Under Profiles
- Navigate to Templates > Profiles
- On the New Health Monitor page,
- Validate the following configuration
- Name: Horizon-HTTPS
- Type : HTTPS
- Send Interval 30
- Receive Timeout 10
- On the Edit Health Monitor: Horizon-HTTPS page,
- Scroll down to the HTTPS Settings section
- Under Client Request Header: GET /favicon.ico HTTP/1.0
- On the New Health Monitor: Horizon-HTTPS page,
-
Scroll down until you locate Response Code*
- Response Code* : 2XX
- Next to SSL Attributes: Checkbox is selected
- SSL Profile* : System-Standard.
-
Scroll down until you locate Response Code*
- On the New Health Monitor: Horizon-HTTPS page,
- Scroll down until you locate Maintenance Response Code*
- Maintenance Response Code :503
- Close the Edit Health Monitor: Horizon-HTTPS
- Do Not make any changes
We will now create Pools for Site-1
- From the NSX-ALB console
- navigate to Applications > Pools.
- In the Pools area
- to the right of the pane
- select CREATE POOL
- to the right of the pane
- In the CREATE POOL: window,
-
Step 1: Settings
- enter the required information:
- under Name*:
- enter Horizon-UAG-Pool-Site-1
- under Default Server Port
- enter 443
- under Load Balance Algorithm:
- validate the following
- that Least Connections is selected
- validate the following
- under Name*:
- enter the required information:
-
Step 1: Settings
- In the CREATE POOL: Horizon-UAG-Pool-Site-1 window
- select the Servers tab
- under Select Servers By IP Address
enter- 172.16.20.10,172.16.20.11
- select Add
- under Select Servers By IP Address
- select the Servers tab
-
Once Added,
- Both the UAG servers from Site 1 shows enabled.
- Note: 172.16.20.10 and 172.16.20.11 are two UAG Servers in Site1
- Both the UAG servers from Site 1 shows enabled.
- In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
- select the Health Monitor tab
- Make sure the checkbox next to:
- Enable Passive Health Monitor is checked
- Select ADD.
- from the dropdown,
- select is Horizon-HTTPS
- from the dropdown,
- Make sure the checkbox next to:
- select the Health Monitor tab
this is the health monitor that you validated earlier
- In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
- in the Health Monitors area
-
scroll up
-
below Append Port To Host Name
-
next to Never
- select the radio button
-
next to Never
-
below Append Port To Host Name
-
scroll up
- in the Health Monitors area
- In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
-
Health Monitor tab
-
Scroll down
- below the SSL section
- under SSL Profile
- select System-Standard.
- under SSL Profile
- next to the Enable TLS SNI
- ensure this box is Checked
- Leave all the remaining settings as defaults
- below the SSL section
-
Scroll down
-
Health Monitor tab
- In the CREATE POOL: Horizon-UAG-Pool-Site-1 window,
- In the bottom right corner
- select SAVE
- In the bottom right corner
Validating that Connection Multiplexing is disabled
- In the NSX-ALB console
- Navigate to Templates > Profiles> Application
- In the Application area
- select System-Secure-HTTP-VDI.
- To the right of System-Secure-HTTP-VDI
- Select the edit icon.
- In the Application area
- Navigate to Templates > Profiles> Application
- In Edit Application Profile: System-Secure-HTTP-VDI window
- Ensure the checkbox next to Connection Multiplexing is NOT selected
-
Select Cancel
- to close the Edit Application Profile: System-Secure-HTTP-VDI window
Creating the Virtual Service for Site-1
- In the NSX-ALB Console
- Navigate to Applications > Virtual Services
- In the Virtual Services area
- To the top right, select CREATE VIRTUAL SERVICE
- Select Advanced Setup.
- To the top right, select CREATE VIRTUAL SERVICE
- In the New Virtual Service wizard
-
Step 1: Settings area
- enter the following under:
-
Name*
- type Horizon-UAG-Site-1
-
VS VIP *
- select the dropdown,
- notice a Create VS VIP Green box appears
- select the dropdown,
-
Name*
- enter the following under:
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the VIP Address area
- select Create VS VIP
- In the VIP Address area
-
Step 1: Settings area
- In the Create VS VIP: page
- In the General tab,
- under Name
- type: VIP-Horizon-UAG-Site1
- Select ADD
- under Name
- In the General tab,
- In the Edit VIP: 1 page
- under IPv4 Address*
- type 172.16.20.100
- select SAVE
- type 172.16.20.100
- under IPv4 Address*
- In the Create VS VIP: VIP-Horizon-UAG-Site1 window
- select SAVE
- In the New Virtual Service wizard
-
Step 1: Settings area
-
Scroll down to the Service Port area
- under Services
- next to SSL
- enable the checkbox
- select Switch to Advanced
- next to SSL
- under Services
-
Scroll down to the Service Port area
-
Step 1: Settings area
- Under Service Port
- Click +Add Port
- In the New Virtual Service wizard
- Type 5001 in Port Min and 5005 to Port Max
- Enable SSL
- Enable Use as Horizon Primary/Tunnel Protocol Ports
- Uncheck Override TCP/UDP box if selected
- Enable Use as Horizon Primary/Tunnel Protocol Ports
- Enable SSL
- Select + Add Port again.
- Type 5001 in Port Min and 5005 to Port Max
- Under Override Application Profile dropdown
-
Select System-L4-Application
-
Select Override TCP/UDP
- Under Select Dropdown
- Select System-UDP-Fast-Path-VDI
- Under Select Dropdown
-
Select Override TCP/UDP
-
Select System-L4-Application
- Note: These internal ports will be used for Tunnel Connections. These non-standard ports, are required on the Avi virtual service only.
- Note: These ports do not have to be opened for UAG servers. These ports need to be opened on the firewall that is placed in front of the load balancer.
- Note: Ensure all the Service Port details matches as per the screenshot above.
- Select + Add Port again at the bottom
- Type 5001 in Port Min and 5005 to Port Max
- Type 20001 in Port Min and 20005 to Port Max
- Under Override Application Profile dropdown menu
- Select System-L4-Horizon-PCoIP
- Uncheck Override TCP/UDP box if selected
- Select System-L4-Horizon-PCoIP
- Select + Add Port again
- Type 20001 in Port Min and 20005 to Port Max
- Under Override Application Profile dropdown menu
-
Select System-L4-Horizon-PCoIP
- Select Override TCP/UDP
-
Select System-L4-Horizon-PCoIP
- Under Override Application Profile dropdown menu
- Type 20001 in Port Min and 20005 to Port Max
- Under Dropdown menu
- Select System-UDP-Fast-Path-VDI
- Note: Ensure all the Service Port details matches as per the screenshot above.
- Select + Add Port again at the bottom
- Under Override Application Profile dropdown menu
- Type 30001 in Port Min and 30005 to Port Max
- Under Override Application Profile dropdown menu
-
Select System-L4-Horizon-Blast
- Uncheck Override TCP/UDP box if selected
-
Select System-L4-Horizon-Blast
- Select + Add Port again
- Type 30001 in Port Min and 30005 to Port Max
- Under Override Application Profile dropdown menu
-
Select System-L4-Horizon-Blast
- Select Override TCP/UDP
-
Select System-L4-Horizon-Blast
- Under Override Application Profile dropdown menu
- Type 30001 in Port Min and 30005 to Port Max
- Under Dropdown menu
- Select System-UDP-Fast-Path-VDI
- Note: Ensure all the Service Port details matches as per the screenshot above.
- Under Override Application Profile dropdown menu
-
Ensure all the settings matches as per the screenshot above.
- Note: Ensure enough ports are opened on the virtual service to accommodate any new UAG servers you add to the UAG pool. In this example, six ports are opened for primary and secondary traffic:
- Note: Port 443
- This is for XML API traffic
- Note: Ports 5001 to 5005
- Horizon internal ports opened for L7 primary XML traffic to handle redirected traffic
- Note: Ports 30001 to 30005
- Blast
-
Note: Ports 20001 to 20005
- PCoIP
- Note: These non-standard ports, are required on the Avi virtual service only. These ports do not have to be opened for UAG servers. These ports need to be opened on the firewall that is placed in front of the load balancer.
- In the New Virtual Service wizard
-
Settings area, scroll up
- In the Profiles sub-area
- Below Application Profile*:
- From the dropdown
- Select System-HTTP-Horizon-UAG
- From the dropdown
- Below Error Page Profile:
-
From the dropdown
- Select Custom-Error-Page-Profile
-
From the dropdown
- Below Application Profile*:
- In the Profiles sub-area
-
Settings area, scroll up
- In the New Virtual Service wizard
-
Step 1: Settings area
- In the *Pool* sub-area
- Under Pool
- Select the dropdown
- Select: Horizon-UAG-Pool-Site1
- Select the dropdown
- Under Pool
- In the *SSL Settings* sub-area
- Under SSL Profile*
- Select the dropdown
- Select: System-Standard
- Select the dropdown
- Under SSL Certificate:
- Select the dropdown
- Select HZNcert2024
- Remove the System-Default-Cert
- Select HZNcert2024
- Leave all other settings as default
- Select the dropdown
- Under SSL Profile*
- In the *Pool* sub-area
- In the bottom right corner
- Select Next
-
Step 1: Settings area
- In the New Virtual Service wizard
-
Step 2: Policies area
- (Leave everything as default)
- Select Next
-
Step 2: Policies area
- In the New Virtual Service wizard
-
Step 3: Analytics area
- (Leave everything as default)
- Select Next
-
Step 4: Advanced tab,
- (Leave everything as default)
- Select Save
-
Step 3: Analytics area
- In the New Virtual Service wizard
-
Step 4: Advanced area
- (Leave everything as default)
- Select Save
-
Step 4: Advanced area
- From the NSX-ALB admin console
- Navigate to Applications > Virtual Services
- Select Horizon-UAG-Site-1 and click edit
- Navigate to Applications > Virtual Services
- In the Edit Horizon-UAG-Site-1 virtual service area
- Navigate to Polices > DataScripts
- Click + Add DataScript
- In the Edit Horizon-UAG-Site-1 virtual service area
- below Script To Execute
- from the dropdown
- select System-Standard-Horizon-UAG
-
In the bottom right corner
- select Save DataScript
- select Save
- from the dropdown
- below Script To Execute
- In the AVI Controller Admin Page
- navigate to Applications > Pools
- select Horizon-UAG-Pool-Site1
- navigate to Applications > Pools
- In the Pool: Horizon-UAG-Pool-Site1 window
- select the Servers tab
-
Make a Note all the custom ports
-
In this example
- UAG-01a (172.16.20.10) uses 5002 for tunnel, 20002 for PCoIP and 30002 for Blast
- UAG-02 (172.16.20.11) uses 5001 for tunnel, 20001 for PCoIP and 30001 for Blast
-
In this example
-
Make a Note all the custom ports
- select the Servers tab
Note: It is just an example and it may vary based on your environment
Note: We will use these custom ports while configuring UAGs
- On your ControlCenter Server
- Open your Chrome Browser for Site-1
- In the Address bar,
- select UAG-HZN-01a
-
In the UAG Login window
-
in the username: area
- enter admin
-
in the password: area
- enter Pa$$w0rd
-
in the username: area
-
In the UAG Login window
- select UAG-HZN-01a
- In the Address bar,
- Open your Chrome Browser for Site-1
- In the UAG Admin Console
- under Configure Manually
- click Select
- under Configure Manually
- In the UAG Admin Console
-
Scroll back-up to General Settings
- next to Edge Service Settings,
- move the TOGGLE to the right
- next to Horizon Settings
- select the GEAR icon
- next to Edge Service Settings,
-
Scroll back-up to General Settings
- In the UAG Admin Console
-
next to PCOIP External URL
-
edit the existing entry to the following
- 172.16.20.10:20002
-
Note: PCOIP Port number may different in your case.
- Refer Part 8 Section 1
- Note: PCOIP Port should be the custom port noted in previous section
- (Part 8 Section 1)
-
edit the existing entry to the following
- next to Blast External URL
- edit the existing entry to the following
-
next to PCOIP External URL
https://uag-hzn-01a.techseals.co:30002/?UDPPort=30002
- Note:Blast Port number may different in your case.
- Refer Part 8 Section 1
- Note: Blast Port should be the custom port noted in previous section
- Part 8 Section 1
-
scroll down
- at the bottom
- select Save
- at the bottom
- On your ControlCenter Server
- On your Chrome Browser for Site-1
- In the Address bar,
- select UAG-HZN-01b
- In the UAG Login window
- in the username: area
- enter admin
- in the password: area
- enter Pa$$w0rd
- in the username: area
- In the UAG Admin Console
- under Configure Manually
- click Select
- under Configure Manually
- In the UAG Admin Console
- In the General Settings area
- next to Edge Service Settings,
- move the TOGGLE to the right
- next to Horizon Settings
- select the GEAR icon
- next to Edge Service Settings,
- In the General Settings area
- In the UAG Admin Console
- next to PCOIP External URL
-
172.16.20.11:20001
- Note: PCOIP Port number may different in your case.
- Refer Part 8 Section 1
- Note: PCOIP Port should be the custom port noted in previous section
- Part 8 Section 1
- Note: PCOIP Port number may different in your case.
-
172.16.20.11:20001
- next to Blast External URL
- enter the following
- next to PCOIP External URL
https://uag-hzn-01b.techseals.co:30001/?UDPPort=30001
-
Note:Blast Port number may different in your case.
- Refer Part 8 Section 1
-
Note: Blast Port should be the custom port noted in previous section
-
Part 8 Section 1
-
scroll down
- at the bottom
- select Save
- at the bottom
-
scroll down
-
Part 8 Section 1
- On your ControlCenter server
- On the Desktop
- Open the Remote Desktops Folder
- open Site1
- launch W11Client-01a.rdp
-
login as Craig
- in the password area
- enter Pa$$w0rd
- in the password area
- select OK
-
login as Craig
- launch W11Client-01a.rdp
- open Site1
- Open the Remote Desktops Folder
- On the Desktop
- On your W11Client-01a
- Open Horizon Client from desktop
- In the Horizon Client,
- click on Add Server Button
- In the Name of the Connection Sever textbox,
- Type
-
uag-hzn-avi01.techseals.co
- Click Connect
-
uag-hzn-avi01.techseals.co
- Type
- In the Name of the Connection Sever textbox,
- Open Horizon Client from desktop
- In the Horizon Client textbox
- in the Username area
- enter craig
- in the Password area
-
enter Pa$$w0rd
- select login
-
enter Pa$$w0rd
- in the Username area
- In the Horizon Client
- double click the W11INST Pool
- You will be presented with the desktop
- This validates our testing and configuration
- select the More buttons
- from the dropdown
- select Logoff Desktop
- from the dropdown
- select the More buttons
- double click the W11INST Pool
- On your ControlCenter server
- on the Desktop
- open the Remote Desktops Folder
- open Site 2
- launch W11Client-02a.RDP
- login as malcolm
- In the password area
- enter Pa$$w0rd
- select OK to login
- In the password area
- login as malcolm
- launch W11Client-02a.RDP
- open Site 2
- open the Remote Desktops Folder
- on the Desktop
- In W11Client-02a
- Open Horizon Client from desktop
- In the Horizon Client,
- click on the Add Server Button
- In the Name of the Connection Sever box,
- enter
-
uag-hzn-avi02.techseals.co
- select Connect
-
uag-hzn-avi02.techseals.co
- enter
- In the Name of the Connection Sever box,
- click on the Add Server Button
- In the Horizon Client,
- Open Horizon Client from desktop
- In the Horizon Client textbox
- in the Username area
- enter malcolm
- in the Password area
-
enter Pa$$w0rd
- select login
-
enter Pa$$w0rd
- in the Username area
- In the Horizon Client
- double click the W11INST Pool
- You will be presented with the desktop
- This validates our testing and configuration
- select the More buttons
- from the dropdown
- select Logoff Desktop
- from the dropdown
- double click the W11INST Pool
Once the testing complete, this brings to the end of LTM configuration. Move to the next lab of GSLB configuration lab
0 Comments
Add your comment