Ivanti AppSense

1 Introduction

Ivanti provides organizations with control of service delivery, management process, visibility of services, and infrastructure. Ivanti User Workspace Manager manages and simplifies deployment of desktops and administration, reducing IT costs and securing endpoints.

1.1 Document Purpose

This deployment guide provides instructions on how to configure the Kemp LoadMaster to load balance Ivanti services. This guide should only be used as a reference for the load balancing configuration of Ivanti because each environment is unique and may have different requirements.

1.2 Intended Audience

Anyone interested in configuring the Kemp LoadMaster to load balance Ivanti User Workspace Manager (AppSense) services.

 

2 Template

Kemp has developed a template containing our recommended settings for this workload. You can install this template to help create Virtual Services (VSs) because it automatically populates the settings. You can use the template to easily create the required VSs with the recommended settings. You can remove templates after use and this will not affect deployed services. If needed, you can make changes to any of the VS settings after using the template.

Download released templates from the Templates section on the Kemp Documentation Page.

For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description on the Kemp Documentation Page.

3 Ivanti User Workspace Manager (AppSense)

Ivanti User Workspace Manager simplifies the deployment of desktops providing a consistent, secure, and personalized user experience. The key features of Ivanti User Workspace Manager are:

  • User personalization
  • Desktop configuration
  • File Sync
  • Migration

 

New brand1.png

4 LoadMaster Global Settings

Before setting up the Virtual Services, the following global settings should be configured to support the workload.

4.1 Enable Subnet Originating Requests Globally

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B, Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

When Subnet Originating Requests is enabled, the LoadMaster routes traffic so that the Real Server sees traffic arriving from the LoadMaster interface that is in that network/subnet.

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether or not to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > Miscellaneous Options > Network Options.

image305.png

2. Select the Subnet Originating Requests check box.

4.2 Health Check Interval

It is best practice to set the Check Interval to 30 seconds. This is to minimize the impact on the Management Center Server. This is a global setting and it may affect the health checking for other load-balanced services.

To update the check parameter interval, follow the steps below:

1. In the main menu of the LoadMaster Web User Interface (WUI), select Rules & Checking > Check Parameters.

image3_1.png

2. Click the Check Interval drop-down arrow and select 30.

5 Ivanti Virtual Services

This step-by-step setup of VSs leverages the Kemp application template for Ivanti.

The table in each section outlines the settings configured by the application template. You can use this information to manually configure VSs using the WUI or Application Programming Interface (API)/automation tools.

5.1 Management Server

The following are the steps involved and the recommended settings to configure the Ivanti Management Server using the application template.

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

image1.png

2. Type a valid Virtual Address.

3. Select the Ivanti Management Server template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Enter the Real Server Address.

8. Confirm that Port 7751 is entered.

9. Click Add This Real Server.

5.1.1 Management Server Application Template Settings (optional)

This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with scripts and automation tools.

Option

Value

VS Port

7751

VS Protocol

tcp

Service Type

HTTP-HTTP/2-HTTPS

Subnet Originating Address

Enabled

Persistence Mode Source IP Address
Persistence Timeout 2 Minutes

Scheduling Method

least connection

Real Server Check Method HTTP Protocol

Checked Port

7751

HTTP Method

GET

Check URL

/ManagementServer/deployment/pingmonitor.aspx

5.2 Personalization Server

The following are the steps involved and the recommended settings to configure the Ivanti Personalization Server using the application template.

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

image2.png

2. Type a valid Virtual Address.

3. Select the Ivanti Personalization Server template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Enter the Real Server Address.

8. Confirm that Port 7771 is entered.

9. Click Add This Real Server.

5.2.1 Personalization Server Application Template Settings (optional)

This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with scripts and automation tools.

Option

Value

VS Port

7771

VS Protocol

tcp

Service Type

HTTP-HTTP/2-HTTPS

Subnet Originating Address

Enabled

Persistence Mode

Source IP Address

Persistence Timeout

2 Minutes

Scheduling Method least connection
Real Server Check Method HTTP Protocol
Checked Port 7771
HTTP Method GET

Check URL

/PersonalizationServer/pingmonitor.aspx

5.3 File Director Offloaded

The following are the steps involved and the recommended settings to configure the Ivanti File Director Offloaded using the application template:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

image_2.png

2. Type a valid Virtual Address.

3. Select the Ivanti File Director Offloaded template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the SSL Properties Section.

6. Select the certificate to use in the Available Certificates and click the “arrow” > to move it to Assigned Certificates.

7. Click Set Certificate.

8. Expand the Real Servers section.

9. Click Add New.

10. Enter the Real Server Address.

11. Confirm that Port 80 is entered.

12. Click Add This Real Server.

5.3.1 File Director Offloaded Application Template Settings (optional)

This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with automation tools.

Option Value
VS Port 443
VS Protocol tcp
Service Type HTTP-HTTP/2-HTTPS
Subnet Originating Address Enabled
Scheduling Method least connection
SSL Acceleration Enabled
Cipher Set Intermediate_compatibility
Real Server Check Method HTTP Protocol
Checked Port 8001
HTTP Method GETGet
Check URL /status
Reply 200 Pattern Success

 

5.4 File Director HTTPS

The following are the steps involved and the recommended settings to configure Ivanti File Director Reencrypt using the application template:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

image1_2.png

2. Type a valid Virtual Address.

3. Select the Ivanti File Director HTTPS template in the Use Template drop-down list.

4. Click Add this Virtual Service.

5. Expand the Real Servers section.

6. Click Add New.

7. Enter the Real Server Address.

8. Confirm that Port 443 is entered.

9. Click Add This Real Server.

5.4.1 File Director HTTPS Application Template Settings (optional)

This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with automation tools.

Option Value
VS Port 443
VS Protocol tcp
Service Type HTTP-HTTP/2-HTTPS
Subnet Originating Address Enabled
Scheduling Method least connection
Real Server Check Method HTTP Protocol
Checked Port 8001
HTTP Method GET
Check URL /status
Reply 200 Pattern Success

 

6 Troubleshooting

Refer to the sections below for details on some common issues seen when load balancing the Ivanti AppSense workload.

6.1 Connections Rejected

When using a non-default TCP port or offloading for Ivanti AppSense services, you must ensure the Real Server port is correct. This is a common mistake when configuring the Real Servers when the VS port is different from the Real Server port.

7 References

Some resources on Ivanti are listed below:

Ivanti User Workspace Manager

Useful, related Kemp documents are listed below:

SSL Accelerated Services, Feature Description

Kemp Web User Interface (WUI), Configuration Guide

Last Updated Date

This document was last updated on 12 August 2019.

Was this article helpful?

0 out of 0 found this helpful

Comments