Requirements on the UAG

  1. Blast URL must point to the UAG hostname/FQDN with the correct port numbers as shown below, for example:

    1. UAG1 - https://<UAG1 FQDN>:5001/

    2. UAG2 - https://<UAG2 FQDN>:5002/

  2. Similarly, PCoIP must point to NSX Advanced Load Balancer VIP with correct port numbers.

    1. UAG1 - https://<NSX Advanced Load Balancer VIP IP on site 1>:4001/

    2. UAG2 - https://<NSX Advanced Load Balancer VIP IP on site 1>:4002/

  3. Host Redirect mapping must be configured on all UAGs.



    Note:

    Ensure the following:

    a. The source host is the NSX Advanced Load Balancer VS FQDN

    b. The redirect host is the UAG server’s FQDN

  4. Upload the NSX Advanced Load Balancer VS certificate on all the UAG servers.

On the DNS

  1. DNS entries - FQDN of individual UAG servers and NSX Advanced Load Balancer UAG Virtual service must all point to the NSX Advanced Load Balancer Virtual service IP address in the DNS entries.

  2. All the host names/FQDNs – NSX Advanced Load Balancer VS FQDN and UAG server FQDNs have to be added in SAML IDP if SAML authentication is used in Horizon

  3. Add the SAN certificate to UAG as explained in the Configuring TLS/SSL Certificates for Unified Access Gateway Appliances.

    Install the same certificate:key pair on NSX Advanced Load Balancer and bind it to the UAG L7 VS.

  4. View Connection Server instances and security servers that are directly behind a gateway, such as Access Point, must know the address by which browsers will connect to the gateway when users use HTML Access. As redirect mappings were added on the UAG, the following entries need to be added in the install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties file on the Connection servers:

    portalHost.1=<UAG VS FQDN>

    portalHost.2=<UAG1 FQDN>

    portalHost.3=<UAG2 FQDN>

    Restart the View Connection Server service for the changes to take effect. For more information, see Horizon 7.0.

  5. In cases where SAML is enabled on UAG, when accessing through VMware Horizon Client, multiple icons for the same address can be displayed as shown below:



  6. This issue will be resolved in the upcoming releases for Horizon Client.

Configuration for Load Balancing Connection Servers

Follow the steps mentioned under Load Balancing Traffic to Connection Servers to configure NSX Advanced Load Balancer entities for Connection server load balancing.