VMware Horizon View 5.2

2 Introduction

VMware Horizon View (formerly VMware View) is a virtual desktop infrastructure solution that simplifies desktop management. It delivers personalized virtual desktops from a virtualized platform. This solution provides:

Reduction of complexity of PC management

Reduction of cost through virtualization

Increased PC uptime

Overall improved user experience

Simplified desktop security

The Horizon View server roles that require services from an Application Delivery Controller (ADC) for high availability are the Connection Server and the Security Server.

2.1 Document Purpose

Document Purpose.gif

The Virtual LoadMaster is VMware ready. This document is intended to provide guidance on how to configure KEMP LoadMaster products to provide high availability for a VMware Horizon View 5.2 environment. This document is not exclusively explicit to this version of VMware Horizon View nor does it claim explicit support for any or every other version of the application.

This documentation is created using a representative sample environment which is described later in the document. This document contains settings recommended by KEMP. This document does not to cover every possible deployment scenario; it may not address your unique setup, requirements, network layout or needs. In such an event that your infrastructure needs are not illustrated or reflected herein, the KEMP Engineering and Support Teams are available to provide guidance surrounding scenarios otherwise not explicitly defined.

2.2 Intended Audience

It is assumed that the reader is a server or network administrator who is familiar with networking, virtualization technologies, VMware, Virtual Desktop Infrastructure (VDI), DNS, Active Directory and general computer and network terminology. It is further assumed that you have set up the VMware Horizon View environment, DNS, Active Directory and have installed the KEMP LoadMaster. You should have reviewed the LoadMaster documentation and VMware Horizon View 5.2 documentation.

LoadMaster documentation is available at http://www.kemptechnologies.com/documentation

VMware Horizon View documentation is available at

http://pubs.vmware.com/view-52/index.jsp?topic=%2Fcom.vmware.ICbase%2FPDF%2Fic_pdf.html

3 Load Balancing VMware Horizon View

Descriptions of the VMware Horizon View server roles requiring high availability provided by an ADC and a descriptive VMware Horizon View diagram are described below.

3.1 Horizon View Connection Server

Horizon View Connection Server is the broker for client connections. It authenticates users to Active Directory and directs incoming user desktop requests to the correct endpoint. It also assigns packaged applications to desktops and pools and manages desktop sessions. In the deployment architecture defined herein, the LoadMaster does not handle the load balancing of PC over IP (PCoIP) traffic for connection servers.

3.2 Horizon View Security Server

Horizon View Security Server provides an extra layer of security for external Internet users who use a View Connection Server to access the internal network. Typically deployed in the DMZ, it proxies incoming connections to View Connection Servers on the trusted network. In the deployment architecture defined herein, LoadMaster does not handle the load balancing of PCoIP traffic for security servers.

To provide high availability and improved scalability, ADCs should be deployed to provide high availability and acceleration services for both security and connection servers.

Horizon View Security Server.png

3.3 Load Balancing VMware Horizon View Connection Servers

The steps and diagram below depict a KEMP LoadMaster deployment with VMware View Connection Servers:

1. The client establishes an SSL connection to the LoadMaster Virtual Service for the VMware View Connection Server pool.

2. LoadMaster performs SSL decryption and load balances the connection to the most appropriate Connection Server.

If desired, the LoadMaster can re-encrypt the connection before sending the traffic to the Connection Server.

3. Authentication, desktop entitlement and desktop selection all take place. Then, PCoIP connections are established directly to the selected View Desktop, bypassing the LoadMaster.

Load Balancing VMware Horizon_1.png

 

3.4 Load Balancing VMware Horizon View Security Servers

The steps and diagram below depict a KEMP LoadMaster deployment with VMware View Security Servers:

1. Client establishes SSL connection to the LoadMaster Virtual Service for the VMware View Security Server pool.

2. The LoadMaster performs SSL decryption and load balances the connection to the most appropriate Security Server. The LoadMaster re-encrypts the connection before sending the traffic to the Security Server.

3. Authentication, desktop entitlement and desktop selection take place. Then, PCoIP connections are established directly to the selected View Security Server, bypassing the KEMP LoadMaster.

Load Balancing VMware Horizon_2.png

4 Example Environment Setup

TestCompany has deployed VMware Horizon 5.2 in their environment to provide a VDI accessed both by internal and external clients. The deployment contains the following:

Two VMware Horizon View Connection Servers

Two VMware Horizon View Security Servers

Two KEMP LoadMaster HA Clusters

In the deployment architecture defined herein, the LoadMaster does not handle the load balancing of PCoIP traffic for Connection or Security servers. For this reason, the following should be noted:

Connectivity between external clients and the View Security servers is required

Connectivity between internal clients and the VMware infrastructure is required

The following scenarios are defined:

Access to the Horizon View environment using Connection Servers which are being load balanced and serviced by a KEMP LoadMaster ADC cluster

Access to Horizon View using Security servers which are being load balanced and serviced by a KEMP LoadMaster ADC cluster

5 Prerequisites

Minimally, you should have:

Implemented Active Directory, DNS and other core requirements for Horizon View

Installed VMware ESXi servers, vCenter server, View Connection and Security servers

Configured SSL certificates for authentication of View Connection and Security servers

Installed the LoadMaster(s) on the same network(s) as the servers to be load balanced

Established administrative access to the LoadMaster Web User Interface (WUI)

5.1 Allow HTTP Connections

To allow SSL-offloaded connections from the LoadMaster to the Connection Servers that are not re-encrypted, the Connection Servers must be configured to accept HTTP connections from intermediate devices. This is accomplished by modifying the locked.properties file on each Connection Server on which HTTP connections are desired. Steps on how to do this are outlined below. The servers will also continue to accept HTTPS connections.

1. Navigate to the locked.properties file in the SSLGateway configuration folder on the Connection Server, for example <install_directory>\VMware\VMware View\Server\sslgateway\conf\locked.properties

2. Add the serverProtocol property. Set it to http using lower case letters

3. The next two steps are optional:

a) If desired, change the HTTP listening port from 80 to a non-default port by setting the serverPortNonSSL to an alternate port number on which the LoadMaster will communicate with the Connection Server for HTTP connections.

b) If the Connection Server has multiple network interfaces and you would like to designate a single interface for HTTP connections, set the server Host to the IP address of the desired interface.

4. Save the locked.properties file.

5. Restart the View Connection Server service on the server

SSL offloading is not supported with smart card authentication.

5.2 Modify Secure Tunnel External URL

The following changes to the Secure Tunnel External URL parameters are required for the LoadMaster and the VMware Horizon View environment to interoperate correctly:

1. Log in to the View Manager Administrator tool.

2. Expand View Configuration and click Servers.

3. Select the Connection Servers tab.

4. Select each Connection server and click the Edit button after which the Edit View Connection Server Settings box will open.

5. Navigate to the General tab. In the HTTP(S) Secure Tunnel External URL text box, enter the LoadMaster Virtual Service IP address or DNS FQDN to be used for the Security Server pool followed by a colon and the appropriate port number.

6. Select the Use Secure Tunnel Connection to Desktop check box.

7. Click OK.

8. Next, select each Security Server and click the Edit button.

9. On the General tab in the HTTP(S) Secure Tunnel External URL text box, enter the LoadMaster Virtual Service IP address or DNS FQDN to be used for the Security Server pool followed by a colon and the appropriate port number.

10. Click OK.

Do not change the IP address configured in the PCoIP External URL field.

5.3 DNS

Access to the DNS system used in the network environment must be available to set up name resolution of your Horizon View namespaces to the Virtual Service IP addresse(s) that will be configured on the LoadMaster.

5.4 SSL Certificate Import on the LoadMaster

Follow the steps below to import the relevant View Connection and Security certificates on the KEMP LoadMaster:

1. In the main menu of the LoadMaster WUI, go to Certificates & Security > SSL Certificates.

2. Click Import Certificate.

SSL Certificate Import on.png

3. Click Choose File in the Certificate File field.

4. Browse to and select the signed certificate file which is in use in the Horizon View infrastructure.

This must be a .pfx file containing private keys for the certificate used on the Horizon View servers.

5. If relevant, click Choose File in the Key File (optional) field to browse to and select the key file.

6. Enter the Pass Phrase.

7. Enter a recognizable name in the Certificate Identifier text box.

8. Click Save.

9. If required, repeat the steps above to add a Security certificate.

6 Template

KEMP has developed a template containing our recommended settings for this workload. You can install this template to help when creating Virtual Services, as it automatically populates the settings. This is quicker and easier than manually configuring each Virtual Service. If needed, changes can be made to any of the Virtual Service settings after using the template.

Download released templates from the Templates section on the KEMP documentation page: http://kemptechnologies.com/documentation.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the KEMP Documentation Page.

For steps on how to manually add and configure each of the Virtual Services using the recommended settings, refer to the steps in this document.

7 Virtual Service Configuration

The sections below outline instructions on how to add Virtual Services for the View Connection and Security servers.

7.1 View Connection Servers

To add a Virtual Service for the View Connection Servers, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

View Connection Servers.png

2. Enter a valid IP address in the Virtual Address field.

3. Enter 443 as the Port.

4. Enter a recognizable Service Name, for example View Connection.

5. Click Add this Virtual Service.

View Connection Servers_1.png

6. Expand the SSL Properties section.

7. Select the Enabled check box.

8. Click OK.

View Connection Servers_2.png

9. Click Manage Certificates.

View Connection Servers_3.png

10. In the relevant certificate, select the IP address of the View Connection Virtual Service in the Available VSs list and click the right arrow to assign the Virtual Service to the certificate.

11. Click Save Changes.

12. Expand the Standard Options section.

View Connection Servers_4.png

13. Remove the tick from the Transparency check box.

14. Select Server Cookie as the Persistence Mode.

15. Select 6 Minutes as the Timeout value.

16. Enter JSESSIONID in the Cookie name field and click Set Cookie.

17. Select least connection as the Scheduling Method.

18. Expand the Real Servers section.

View Connection Servers_5.png

19. Enter a forward-slash (/) in the URL text box and click Set URL.

20. Select GET as the HTTP Method.

21. Click Add New.

View Connection Servers_6.png

22. Enter the relevant Real Server Address.

23. Enter 80 as the Port.

24. Click Add This Real Server.

25. Click OK.

26. Continue to add the remaining Real Servers by entering the Real Server Address and clicking Add This Real Server until all servers in the pool are added. When finished, click the Back button.

27. In the main menu of the LoadMaster WUI, click View/Modify Services.

28. Confirm that the newly created service is listed with a status of Up and that all of the added member servers are listed in black, non-bold font.

7.2 View Security Servers

To add the Virtual Service for the View Security Servers, follow the steps below:

1. In the main menu of the LoadMaster WUI, select Virtual Services and Add New.

View Security Servers.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 443 as the Port.

4. Enter a recognizable Service Name, for example View Security Pool.

5. Click Add this Virtual Service.

View Connection Servers_1.png

6. Expand the SSL Properties section.

View Security Servers_1.png

7. Select the Enabled check box.

8. Click OK.

9. Select the Reencrypt check box.

10. Click Manage Certificates.

View Security Servers_2.png

11. In the relevant row for the View Security certificate, in the Available VSs drop-down list, select the relevant IP address of the View Security Virtual Service. Click the right arrow to assign the Virtual Service to the certificate.

12. Click Save Changes.

13. Expand the Standard Options section.

View Security Servers_3.png

14. Select Server Cookie as the Persistence Mode.

15. Select 6 Minutes as the Timeout value.

16. Enter JSESSIONID as the Cookie name and click Set Cookie.

17. Select least connection as the Scheduling Method.

18. Expand the Real Servers section.

View Security Servers_4.png

19. Enter a forward-slash (/) in the URL text box and click Set URL.

20. Select GET as the HTTP Method.

21. Click Add New.

View Security Servers_5.png

22. Enter the relevant Real Server Address.

23. Click Add This Real Server.

24. Click OK.

25. Continue to add Real Servers until every server in the pool has been added. Then, click the Back button.

26. In the main menu of the LoadMaster WUI, select View/Modify Services.

27. Confirm that the newly created service is listed with a status of UP. Ensure that all member servers are listed in black, non-bold font.

References

The below links contain further information.

VMware Horizon View Documentation

http://www.vmware.com/support/pubs/view_pubs.html

Web User Interface, Configuration Guide

http://kemptechnologies.com/documentation.

Virtual Services and Templates, Feature Description

http://kemptechnologies.com/documentation.

Document History

Date

Change

Reason for Change

Version

Resp.

Sep 2014

Minor change

Defect fixed

1.8

LB

Nov 2014

Minor change

Defect fixed

1.9

LB

Jan 2015

Minor change

Renamed document

1.10

LB

Sep 2015

Screenshot updates

LoadMaster WUI reskin

3.0

KG

Dec 2015

Release updates

Updates for 7.1-32

4.0

LB

Jan 2016

Minor change

Updated Copyright Notices

5.0

LB

Mar 2016

Release updates

Updates for 7.1-34

6.0

LB

Jan 2017

Minor change

Enhancements made

7.0

LB

July 2017 Minor change Enhancements made 8.0 LB

 

Was this article helpful?

1 out of 1 found this helpful

Comments