In an n+1 deployment only the primary protocol traffic (XML/API traffic) will go through NSX Advanced Load Balancer VIP. Blast and PCoIP traffic will go to UAG servers directly.
Prerequisites
Ensure the following prerequisites are met:
NSX Advanced Load Balancer Controller is set up.
The NSX Advanced Load Balancer cloud configuration is complete.
DNS entries are configured properly as explained in the example below.
UAG servers configured as per requirements along with other Horizon components for n+1 deployments.
Sample Topology
Consider the request flow with the sample topology:
The sample topology illustrates UAG deployment in a DMZ network. However, NSX Advanced Load Balancer supports deployment in both DMZ and non-DMZ networks.
FQDN |
Entity Description |
IP Address used for DNS Entries |
Real IP |
---|---|---|---|
uagvip.site1.com |
FQDN of NSX Advanced Load Balancer LB VIP |
VIP 1 |
10.10.5.200 |
uag1.site1.com |
FQDN of UAG server 1 on site 1 |
UAG server1 IP on site 1, that is, 10.58.17.163 |
10.58.17.163 |
uag2.site1.com |
FQDN of UAG server 2 on site 1 |
UAG server2 IP on site 1, that is, 10.58.17.164 |
10.58.17.164 |
The IP and FQDN used in the example are for illustration purposes only. Replace this with your real environment details.
Request Flow for Load Balancing UAG Servers for (n+1) Deployments
The request-flow this deployment is as shown below:
User sends a request to access uagvip.site1.com over the internet.
The request comes to NSX Advanced Load Balancer.
The NSX Advanced Load Balancer load balancer does the load balancing and sends the request to one of the backend UAG servers. In this case, assume that NSX Advanced Load Balancer sent the request to UAG server 1 that is, uag1.site1.com
UAG sends 307 redirect to client with uag1.site1.com FQDN. UAG servers must be configured with the 307 feature as explained in Unified Access Gateway Support for HTTP Host Redirect. A sample UAG configuration is shown in Important Configuration to Check on UAG for this Solution.
Client looks for location header and queries the host in the location header (uag1.site1.com).
Due to the DNS entries that were created (shown in the tables above), the FQDN (uag1.site1.com) will be resolved to UAG server IP.
All further flows, including the ones for secondary protocol (Blast/PCoIP), will now go to uag1.site1.com directly, bypassing NSX Advanced Load Balancer.
Configurations for Load Balancing UAG servers
The configuration steps for load balancing UAG are as below:
Important Configuration to Check on UAG for this Solution
Host Redirect mapping must be configured on all UAGs.
Ensure the following:
The source host is the LB FQDN. For example, uagvip.site1.com
The redirect host is the UAG’s FQDN. For example, uag1.site1.com
Upload the TLS server certificate for the internet interface on all the UAG servers
Other Considerations
If SAML authentication is used on UAG, all the host names/FQDNs must be added in SAML IDP as shown in the example below:
In some cases, when accessing the VMware Horizon Client, multiple icons for the same site can be displayed as shown below:
This issue will be resolved in the upcoming releases for Horizon Client.