Dell Wyse vWorkspace

 

1Introduction

Dell Wyse vWorkspace provides desktop and application virtualization to organizations. Workspace virtualization helps to group and deliver a list of applications or desktops together as a single complete virtual workspace. vWorkspace delivers secure, full-featured virtual workspaces from a centralized infrastructure, that consists of virtual and physical computers, and provisions new users quickly.

1.1Document Purpose

This deployment guide provides instructions on how to configure the KEMP LoadMaster to load balance the various roles in the Dell Wyse vWorkspace environment.

1.2Intended Audience

This document is intended to be read by anyone who is interested in finding out how to configure the LoadMaster to load balance Dell Wyse vWorkspace.

2Load Balancing vWorkspace

Figure 2‑1: Load balancing example 1

The figure above shows a scenario where the KEMP LoadMaster can be used to load balance vWorkspace services. In this configuration, both Secure Access Services and Web Access are deployed in the DMZ. If your configuration differs from this configuration and there are issues deploying the LoadMaster, please contact the local KEMP Support Team for assistance: http://kemptechnologies.com/load-balancing-support/kemp-support

Figure 2‑2: Load balancing example 2

The figure above shows a different scenario where the KEMP LoadMaster can be used to load balance vWorkspace services. In this configuration the Secure Access Services are deployed in the DMZ and the Web Access is deployed in the corporate network. If your configuration differs from this configuration and there are issues deploying the LoadMaster, please contact the local KEMP Support Team for assistance: http://kemptechnologies.com/load-balancing-support/kemp-support

2.1vWorkspace Roles

Wyse vWorkspace consists of various roles. The KEMP LoadMaster can be configured to load balance some of these roles. The sections below discuss the various scenarios in which the KEMP LoadMaster can be used load balance vWorkspace.

2.1.1Load Balancing Web Access Services

Web Access is a web application that acts as a web-based portal to a vWorkspace farm. It provides users with a list of available applications and desktops via their web browser.

The Web Access role also authenticates users with multiple vWorkspace farms within the same Active Directory domain.

2.1.2Load Balancing Secure Access Services

vWorkspace Secure Access Service is an SSL gateway that simplifies the deployment of applications over the Internet. The Secure Access Service allows access to published applications through the vWorkspace Web Access client and starts these applications over SSL connections.

The Secure Access Service provides a proxy connection to vWorkspace components such as RDP Sessions, the Web Access client and connection brokers.

3General Configuration

3.1Subnet Originating Requests

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B - Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

When Subnet Originating Requests is enabled, the LoadMaster will route traffic so that the Real Server will see traffic arriving from the LoadMaster interface that is in that network/subnet.

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether or not to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

 

  1. In the main menu of the LoadMaster WUI, go to System Configuration > Miscellaneous Options > Network Options.

 

Figure 3‑1: Subnet Originating Requests

2. Tick the Subnet Originating Requests check box.

3.2SSL Certificates

An SSL certificate is required to be installed on the LoadMaster to support load-balanced components such as the Secure Access Service.

The certificate needs to match the hostname which is used to connect to the load-balanced services of the LoadMaster and can be a single wildcard, for example *.domain.com, or multiple regular certificates, for example secure.domain.com.

To install an SSL certificate on the LoadMaster, follow the steps below in the LoadMaster Web User Interface (WUI):

  1. In the main menu, select Certificates & Security > SSL Certificates.
  2. Click Import Certificate.

Figure 3-3: Select the certificate

  1. Click Choose File or Browse.
  2. Browse to and select the certificate.
  3. Enter a Pass Phrase if needed.
  4. Enter a name (preferably the DNS name of the service) in the Certificate Identifier field.
  5. Click Save.
  6. Click OK.

This certificate will be assigned to some of the Virtual Services in later steps.

Figure 3-4: Administrative Certificate

It is also possible to use this certificate for administrative purposes (browsing the LoadMaster WUI). To do this, on the Manage Certificates screen, select the certificate in the Administrative Certificate drop-down list and click Use Certificate.

4Configure Virtual Services for vWorkspace

4.1Secure Access Prerequisites

As described in Section 3.2, implementing load balancing for vWorkspace Secure Access Services requires connectivity over HTTPS protocol (port 443).

This document will cover an example of the settings required for vWorkspace. The vWorkspace administrator should follow the Deployment Guide provided by Dell to complete the configuration based on their unique topology.

Before adding Virtual Services to the KEMP LoadMaster, ensure to have the DNS names and IP addresses available for all Secure Access Service roles in your deployment. The DNS Names used must be included in the Certificate that was installed in Section 3.2.

  1. Install the Certificate that will be used to encrypt the traffic on each of the Secure Access Servers.

Figure 4-1: Secure Access Configuration

  1. On each of the vWorkspace Secure Access Servers, launch the Secure Access configuration utility from the Windows Server 2012 Start Menu.

Figure 4-2: Secure Access Properties

  1. Under the properties of the Secure Access Service, configure the following settings:

a)In the RDP Proxy section:

  1. Select the Local IP Address.
  2. Enter 443 as the Local Port.
  3. Select the SSL certificate to be used to encrypt traffic.

b)In the Web Interface Proxy section:

  1. Select the Local IP Address.
  1. Enter 443 as the Local Port.
  2. Enter 80 as the Dest. Port.
  3. Enter the Destination Host URL for the Web Access Server.

This will point to the KEMP LoadMaster Virtual Service for the Web Access Role.

c)In the Connection Broker Proxy section:

  1. Select the Local IP Address.
  1. Enter 443 as the Local Port.
  2. Enter 8080 as the Dest. Port.
  3. Enter the Destination Host(s) for the internal Connection Broker(s).
  1. Click OK

4.2Virtual Services – Secure Access

Configure the LoadMaster settings by following the steps below in the LoadMaster WUI:

  1. In the main menu, select Virtual Services and Add New.

Figure 4-3: Add a Virtual Service

  1. Enter the relevant IP address in the Virtual Address text box.
  2. Enter 443 as the Port.
  3. Enter a recognizable Service Name, such as vWorkspace Secure Access Service.
  4. Click Add this Virtual Service.

Figure 4-4: Standard Options section

  1. Expand the Standard Options section.
  2. Select Source IP Address as the Persistence Mode.
  3. Select 6 Minutes as the Timeout.
  4. Select Least Connection as the Scheduling Method.

Figure 4-5: SSL section

  1. Expand the SSL Properties section.
  2. Select Enabled.
  3. Click OK.
  4. Select Reencrypt.
  5. Select the certificate in the Available Certificates box.
  6. Click the right arrow to move the certificate to the Assigned Certificates box.
  7. Click Set Certificates.

Figure 4-6: Real Servers section

  1. Expand Real Servers
  2. Select HTTPS Protocol from the first drop-down list.
  3. Enter 443 as the Checked Port.
  4. Click Set Check Port.

The LoadMaster will use this information to check if the Secure Access servers are reachable.

  1. Click Add New to add the Secure Access servers as Real Servers.

Figure 4-7: Real Server settings

  1. Enter the Real Server Address.
  2. Enter 443 as the Port.
  3. Click Add This Real Server.
  4. Repeat steps 22to 24above until all Real Servers have been added.

4.3Web Access Prerequisites

Before configuring the KEMP LoadMaster, ensure to have the DNS names and IP addresses available for all Web Access roles in your deployment.

This document will cover an example of the settings required for vWorkspace. The vWorkspace administrator should follow the Deployment Guide provided by Dell to complete the configuration based on their unique topology.

Figure 4-8: Web Access Configuration

  1. Configure the website on each of the Web Access Servers using the Web Access Site Manager.

Figure 4-9: Web Access Properties

  1. Within the vWorkspace Management Console, select Web Access in the left-hand navigation, and add the website for each of the Web Access servers.

4.4Virtual Services – Web Access

Configure the LoadMaster settings by following the steps below in the LoadMaster WUI:

  1. In the main menu, select Virtual Services and Add New.

Figure 4-10: Add a Virtual Service

  1. Enter the relevant IP address in the Virtual Address text box.
  2. Enter 80 as the Port.
  3. Enter a recognizable Service Name, such as vWorkspace Web Access.
  4. Click Add this Virtual Service.

Figure 4-11: Standard Options section

  1. Expand the Standard Options section.
  2. Select Source IP Address as the Persistence Mode.
  3. Select 6 Minutes as the Timeout.
  4. Select Least Connection as the Scheduling Method.

Figure 4-12: Real Servers section

  1. Expand the Real Servers section.
  2. Select HTTP Protocol from the first drop-down list.
  3. Enter 80 as the Checked Port.
  4. Click Set Check Port.

The LoadMaster will use this information to check if the Web Access servers are reachable.

  1. Click Add New to add the Secure Access servers as Real Servers.

Figure 4-13: Real Server settings

  1. Enter the Real Server Address.
  2. Enter 80 as the Port.
  3. Click Add This Real Server.
  4. Repeat steps 15to 17above until all Real Servers have been added.

5Testing

After following the implementation steps in the previous section, follow the steps below to test the load-balanced vWorkspace environment:

  1. Open a web browser that is able to reach the load-balanced IP.
  1. Browse to the configured DNS name for the load-balanced service, for example https://Secure.kempdemo.com/access. A web page should be presented with the vWorkspace login page. This indicates that the LoadMaster has redirected the session to a Real Server.

Figure 5-1: Login Page

  1. Enter a username and password with permissions to access the vWorkspace environment.
  1. In the LoadMaster WUI, go to Statistics > Real Time Statistics.
  2. Click the Real Servers button.

Figure 5‑19: Real Server statistics

This overview shows the active sessions, sessions over the last hour, in addition to how many requests each Real Server handled.

  1. Open another web browser on a different client and perform steps 1 to 3 above.

Figure 5‑20: Real Server Statistics

  1. Refresh the LoadMaster statistics page. Notice that, based on the load balancing method we chose, load is spread over both Secure Access Servers (192.168.20.14 and 192.168.20.15).

References

Some resources on Dell Wyse vWorkspace are listed below:

Dell Wyse vWorkspace home page

http://www.dell.com/us/business/p/dell-software-vworkspace/pd

Dell Wyse vWorkspace Datasheet

http://i.dell.com/sites/doccontent/shared-content/data-sheets/en/Documents/Dell_vWorkspace_Datasheet.pdf

Dell Wyse Reference Architecture

http://www.dell.com/learn/us/en/04/business~solutions~engineering-docs~en/documents~dvs-windows-server-2012.pdf

Dell Wyse vWorkspace Administration Guide

http://documents.software.dell.com/vworkspace/8.6/administration-guide

Dell Wyse vWorkspace product documents

https://support.software.dell.com/vworkspace/release-notes-guides

Dell Wyse vWorkspace Community

http://en.community.dell.com/techcenter/virtualization/vworkspace

Document History

Date

Change

Reason for Change

Version

Resp.

Oct 2015

Initial draft

First draft of document

1.0

LB

Dec 2015

Release updates

Updated for 7.1-32

2.0

LB

Jan 2016

Minor updates

Updated

3.0

LB

Mar 2016

Release updates

Updated for 7.1-34

4.0

LB

Was this article helpful?

0 out of 0 found this helpful

Comments