Zero downtime upgrade enables you to upgrade Unified Access Gateway with no downtime for the users.

When the Quiesce Mode toggle is turned on, the Unified Access Gateway appliance is shown as not available when the load balancer checks the health of the appliance. Requests that come to the load balancer are sent to the next Unified Access Gateway appliance that is behind the load balancer.

Prerequisites

  • Two or more Unified Access Gateway appliances configured behind the load balancer.
  • The Health Check URL setting configured with a URL that the load balancer connects to check the health of Unified Access Gateway appliance.
  • Check the health of the appliance in the load balancer. Type the REST API command GET https://UAG-IP-Address:443/favicon.ico.

    The response is HTTP/1.1 200 OK, if the Quiesce Mode toggle is turned off, or HTTP/1.1 503, if the Quiesce Mode toggle is tuned on.

    Note:
    • Do not use any other URL other than GET https://UAG-IP-Address:443/favicon.ico. Doing so will lead to incorrect status response and resource leaks.
    • If High Availability setting is enabled, then Quiesce Mode (zero downtime) applies to Web Reverse Proxy and Horizon only.
    • If third party load balancers are used, then Quiesce Mode (zero downtime) is applicable if they are configured to perform health check using GET /favicon.ico.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the Advanced Settings section, click the System Configuration gearbox icon.
  3. Turn on the Quiesce Mode toggle to pause the Unified Access Gateway appliance.
    When the appliance is stopped, existing sessions that the appliance is serving are honored for 10 hours, after which the sessions are closed.
  4. Click Save.

    New requests that come to the load balancer are sent to the next Unified Access Gateway appliance.

What to do next

  • For a vSphere deployment:
    1. Back up the JSON file by exporting the file.
    2. Delete the old Unified Access Gateway appliance.
    3. Deploy the new version of Unified Access Gateway appliance.
    4. Import the JSON file you exported earlier.
  • For a PowerShell deployment:
    1. Delete the Unified Access Gateway appliance.
    2. Redeploy the Unified Access Gateway with the same INI file that was used during the first deployment. See Using PowerShell to Deploy the Unified Access Gateway Appliance.
Note: If you see a Tunnel Server certificate error message after re-enabling the load balancer, apply the same SSL server certificate and private key PEM files that was used earlier on the Unified Access Gateway appliance. This is required because the JSON or INI file cannot contain private keys associated with an SSL server certificate since private keys cannot be exported, due to security reasons. With a PowerShell deployment, it is done automatically and you do not need to reapply the certificate.