Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

Dell Wyse vWorkspace

1 Introduction

Dell Wyse vWorkspace provides desktop and application virtualization to organizations.  Workspace virtualization helps to group and deliver a list of applications or desktops together as a single complete virtual workspace. vWorkspace delivers secure, full-featured virtual workspaces from a centralized infrastructure, that consists of virtual and physical computers, and provisions new users quickly.

1.1 Document Purpose

This deployment guide provides instructions on how to configure the Kemp LoadMaster to load balance the various roles in the Dell Wyse vWorkspace environment.

1.2 Intended Audience

This document is intended to be read by anyone who is interested in finding out how to configure the LoadMaster to load balance Dell Wyse vWorkspace.

2 Load Balancing vWorkspace

Load Balancing vWorkspace_01.png

The figure above shows a scenario where the Kemp LoadMaster can be used to load balance vWorkspace services. In this configuration, both Secure Access Services and Web Access are deployed in the DMZ. If your configuration differs from this configuration and there are issues deploying the LoadMaster, please contact the local Kemp Support Team for assistance: http://kemptechnologies.com/load-balancing-support/kemp-support

Load Balancing vWorkspace_02.png

The figure above shows a different scenario where the Kemp LoadMaster can be used to load balance vWorkspace services. In this configuration the Secure Access Services are deployed in the DMZ and the Web Access is deployed in the corporate network. If your configuration differs from this configuration and there are issues deploying the LoadMaster, please contact the local Kemp Support Team for assistance: http://kemptechnologies.com/load-balancing-support/kemp-support

2.1 vWorkspace Roles

Wyse vWorkspace consists of various roles. The Kemp LoadMaster can be configured to load balance some of these roles. The sections below discuss the various scenarios in which the Kemp LoadMaster can be used load balance vWorkspace.

2.1.1 Load Balancing Web Access Services

Web Access is a web application that acts as a web-based portal to a vWorkspace farm. It provides users with a list of available applications and desktops using their web browser.

The Web Access role also authenticates users with multiple vWorkspace farms within the same Active Directory domain.

2.1.2 Load Balancing Secure Access Services

vWorkspace Secure Access Service is an SSL gateway that simplifies the deployment of applications over the Internet. The Secure Access Service allows access to published applications through the vWorkspace Web Access client and starts these applications over SSL connections.

The Secure Access Service provides a proxy connection to vWorkspace components such as RDP Sessions, the Web Access client and connection brokers.

3 General Configuration

3.1 Enable Subnet Originating Requests Globally

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B, Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

Enable Subnet Originating Requests Globally v.2.png

When Subnet Originating Requests is enabled, the Real Server sees traffic originating from 10.20.20.21 (LoadMaster eth1 address) and responds correctly in most scenarios.

With Subnet Originating Requests disabled, the Real Server sees traffic originating from 10.0.0.15 (LoadMaster Virtual Service address on eth0) and responds to eth0 which could cause asymmetric routing.

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster User Interface (UI), go to System Configuration > Miscellaneous Options > Network Options.

2. Select the Subnet Originating Requests check box.

3.2 SSL Certificates

An SSL certificate is required to be installed on the LoadMaster to support load-balanced components such as the Secure Access Service.

The certificate needs to match the hostname which is used to connect to the load-balanced services of the LoadMaster and can be a single wildcard, for example *.domain.com, or multiple regular certificates, for example secure.domain.com.

To install an SSL certificate on the LoadMaster, follow the steps below in the LoadMaster Web User Interface (WUI):

1. In the main menu, select Certificates & Security > SSL Certificates.

2. Click Import Certificate.

SSL Certificates.png

3. Click Choose File or Browse.

4. Browse to and select the certificate.

5. Enter a Pass Phrase if needed.

6. Enter a name (preferably the DNS name of the service) in the Certificate Identifier field.

7. Click Save.

8. Click OK.

This certificate will be assigned to some of the Virtual Services in later steps.

SSL Certificates_1.png

It is also possible to use this certificate for administrative purposes (browsing the LoadMaster WUI). To do this, on the Manage Certificates screen, select the certificate in the Administrative Certificate drop-down list and click Use Certificate.

4 Configure Virtual Services for vWorkspace

4.1 Secure Access Prerequisites

As described in the SSL Certificates section, implementing load balancing for vWorkspace Secure Access Services requires connectivity over HTTPS protocol (port 443). 

This document will cover an example of the settings required for vWorkspace. The vWorkspace administrator should follow the Deployment Guide provided by Dell to complete the configuration based on their unique topology.

Before adding Virtual Services to the Kemp LoadMaster, ensure to have the DNS names and IP addresses available for all Secure Access Service roles in your deployment. The DNS Names used must be included in the Certificate that was installed in the SSL Certificates section.

1. Install the Certificate that will be used to encrypt the traffic on each of the Secure Access Servers. 

Secure Access Prerequisites.png

2. On each of the vWorkspace Secure Access Servers, launch the Secure Access configuration utility from the Windows Server 2012 Start Menu.

Secure Access Prerequisites_1.png

3. Under the properties of the Secure Access Service, configure the following settings:

a) In the RDP Proxy section:

i. Select the Local IP Address.

ii. Enter 443 as the Local Port.

iii. Select the SSL certificate to be used to encrypt traffic.

b) In the Web Interface Proxy section:

iv. Select the Local IP Address.

v. Enter 443 as the Local Port.

vi. Enter 80 as the Dest. Port.

vii. Enter the Destination Host URL for the Web Access Server.

This will point to the Kemp LoadMaster Virtual Service for the Web Access Role.

c) In the Connection Broker Proxy section:

viii. Select the Local IP Address.

ix. Enter 443 as the Local Port.

x. Enter 8080 as the Dest. Port.

xi. Enter the Destination Host(s) for the internal Connection Broker(s).

4. Click OK.

4.2 Virtual Services - Secure Access

Configure the LoadMaster settings by following the steps below in the LoadMaster WUI:

1. In the main menu, select Virtual Services and Add New.

Virtual Services Secure Access.png

2. Enter the relevant IP address in the Virtual Address text box.

3. Enter 443 as the Port.

4. Enter a recognizable Service Name, such as vWorkspace Secure Access Service.

5. Click Add this Virtual Service.     

6. Enter the details shown in the following table:

Section

Option

Value

Comments

Standard Options

Persistence Mode

Source IP Address

 

 

Timeout

6 minutes

 

 

Scheduling Method

least connection

 

SSL Properties

SSL Acceleration

Enabled

 

 

Reencrypt

Enabled

 

  Assigned Certificates Selected Select the certificate in the Available Certificates box. Click the right arrow to move the certificate to the Assigned Certificates box then click Set Certificates

Real Servers

Real Server Check Method

HTTPS Protocol

 

 

Checked Port

443

Click Set Check PortNew.

                                                 

7. Select Reencrypt.

The LoadMaster will use this information to check if the Secure Access servers are reachable.

8. Add the Real Servers.

a) Click Add New to add the Secure Access servers as Real Servers.

b) Enter the Real Server Address.

c) Enter 443 as the Port.

d) Click Add This Real Server.

e) Repeat the three steps above until all Real Servers have been added.

4.3 Web Access Prerequisites

Before configuring the Kemp LoadMaster, ensure to have the DNS names and IP addresses available for all Web Access roles in your deployment.

This document will cover an example of the settings required for vWorkspace. The vWorkspace administrator should follow the Deployment Guide provided by Dell to complete the configuration based on their unique topology.

Web Access Prerequisites.png

1. Configure the website on each of the Web Access Servers using the Web Access Site Manager.

Web Access Prerequisites_1.png

2. Within the vWorkspace Management Console, select Web Access in the left-hand navigation, and add the website for each of the Web Access servers.

4.4 Virtual Services - Web Access

Configure the LoadMaster settings by following the steps below in the LoadMaster WUI:

1. In the main menu, select Virtual Services and Add New.

Virtual Services Web Access.png

2. Enter the relevant IP address in the Virtual Address text box.

3. Enter 80 as the Port.

4. Enter a recognizable Service Name, such as vWorkspace Web Access.

5. Click Add this Virtual Service.

6. Enter the details shown in the following table:

Section

Option

Value

Comments

Standard Options

Persistence Mode

Source IP Address

 

 

Timeout

6 minutes

 

 

Scheduling Method

least connection

 

Real Servers

Real Server Check Method

HTTP Protocol

 

 

Checked Port

80

Click Set Check Port.

The LoadMaster will use this information to check if the Web Access servers are reachable.

7. Add the Real Servers.

a) Click Add New to add the Secure Access servers as Real Servers.

b) Enter the Real Server Address.

c) Enter 80 as the Port.

d) Click Add This Real Server.

e) Repeat the three steps above until all Real Servers have been added.

5 Testing

After following the implementation steps in the previous section, follow the steps below to test the load-balanced vWorkspace environment:

1. Open a web browser that is able to reach the load-balanced IP.

2. Browse to the configured DNS name for the load-balanced service, for example https://Secure.kempdemo.com/access. A web page should be presented with the vWorkspace login page. This indicates that the LoadMaster has redirected the session to a Real Server.

Testing.png

3. Enter a username and password with permissions to access the vWorkspace environment.

4. In the LoadMaster WUI, go to Statistics > Real Time Statistics.

5. Click the Real Servers button.

Testing_1.png

This overview shows the active sessions, sessions over the last hour, in addition to how many requests each Real Server handled.

6. Open another web browser on a different client and perform the first three steps above.

Testing_2.png

7. Refresh the LoadMaster statistics page. Notice that, based on the load balancing method we chose, load is spread over both Secure Access Servers (192.168.20.14 and 192.168.20.15).

References

Some resources on Dell Wyse vWorkspace are listed below:

Dell Wyse vWorkspace Datasheet

http://i.dell.com/sites/doccontent/shared-content/data-sheets/en/Documents/Dell_vWorkspace_Datasheet.pdf

Dell Wyse Reference Architecture

http://www.dell.com/learn/us/en/04/business~solutions~engineering-docs~en/documents~dvs-windows-server-2012.pdf

Dell Wyse vWorkspace Administration Guide

http://documents.software.dell.com/vworkspace/8.6/administration-guide

Dell Wyse vWorkspace product documents

https://support.software.dell.com/vworkspace/release-notes-guides

Dell Wyse vWorkspace Community

http://en.community.dell.com/techcenter/virtualization/vworkspace

Last Updated Date

This document was last updated on 01 February 2022.


Was this article helpful?
0 out of 0 found this helpful

Comments