The VMware Tunnel can be load balanced for improved performance and high availability. Using a load balancer requires additional considerations.
The Per-App Tunnel component requires authentication of each client after a connection is established. Once connected, a session is created for the client and stored in memory. The same session is then used for each piece of client data so the data can be encrypted and decrypted using the same key. When designing a load balancing solution, the load balancer must be configured with IP/session based persistence enabled. The load balancer sends data from a client to the same server for all its traffic during the connection. An alternative solution might be to – on the client side – use DNS round robin, which means the client can select a different server for each connection.
The proxy component authenticates devices based on HTTP header information in the request. Ensure that the load balancer is configured to Send Original HTTP Headers so that these headers are not removed when going through the load balancer to VMware Tunnel.
For more information on load balancing with Unified Access Gateway appliances, see the Unified Access Gateway Documentation Center: https://www.vmware.com/support/pubs/access-point-pubs.html.