Ivanti AppSense
Contents
1 Introduction
Ivanti provides organizations with control of service delivery, management process, visibility of services, and infrastructure. Ivanti User Workspace Manager manages and simplifies deployment of desktops and administration, reducing IT costs and securing endpoints.
1.1 Document Purpose
This deployment guide provides instructions on how to configure the Kemp LoadMaster to load balance Ivanti services. This guide should only be used as a reference for the load balancing configuration of Ivanti because each environment is unique and may have different requirements.
1.2 Intended Audience
Anyone interested in configuring the Kemp LoadMaster to load balance Ivanti User Workspace Manager (AppSense) services.
2 Template
Kemp has developed a template containing our recommended settings for this workload. You can install this template to help create Virtual Services (VSs) because it automatically populates the settings. You can use the template to easily create the required VSs with the recommended settings. You can remove templates after use and this will not affect deployed services. If needed, you can make changes to any of the VS settings after using the template.
Download released templates from the following page: LoadMaster Templates.
For more information and steps on how to import and use templates, refer to the Virtual Services and Templates, Feature Description.
3 Ivanti User Workspace Manager (AppSense)
Ivanti User Workspace Manager simplifies the deployment of desktops providing a consistent, secure, and personalized user experience. The key features of Ivanti User Workspace Manager are:
- User personalization
- Desktop configuration
- File Sync
- Migration
4 LoadMaster Global Settings
Before setting up the Virtual Services, the following global settings should be configured to support the workload.
4.1 Enable Subnet Originating Requests Globally
It is best practice to enable the Subnet Originating Requests option globally.
In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.
In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B, Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.
When Subnet Originating Requests is enabled, the LoadMaster routes traffic so that the Real Server sees traffic arriving from the LoadMaster interface that is in that network/subnet.
When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether to enable Subnet Originating Requests on a per-Virtual Service basis.
To enable Subnet Originating Requests globally, follow the steps below:
1. In the main menu of the LoadMaster Web User Interface (WUI), go to System Configuration > Miscellaneous Options > Network Options.
2. Select the Subnet Originating Requests check box.
4.2 Health Check Interval
It is best practice to set the Check Interval to 30 seconds. This is to minimize the impact on the Management Center Server. This is a global setting and it may affect the health checking for other load-balanced services.
To update the check parameter interval, follow the steps below:
1. In the main menu of the LoadMaster Web User Interface (WUI), select Rules & Checking > Check Parameters.
2. Click the Check Interval drop-down arrow and select 30.
5 Ivanti Virtual Services
This step-by-step setup of VSs leverages the Kemp application template for Ivanti.
The table in each section outlines the settings configured by the application template. You can use this information to manually configure VSs using the WUI or Application Programming Interface (API)/automation tools.
5.1 Management Server
The following are the steps involved and the recommended settings to configure the Ivanti Management Server using the application template.
1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.
2. Type a valid Virtual Address.
3. Select the Ivanti Management Server template in the Use Template drop-down list.
4. Click Add this Virtual Service.
5. Expand the Real Servers section.
6. Click Add New.
7. Enter the Real Server Address.
8. Confirm that Port 7751 is entered.
9. Click Add This Real Server.
5.1.1 Management Server Application Template Settings (optional)
This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with scripts and automation tools.
|
Option |
Value |
|---|---|
|
VS Port |
7751 |
|
VS Protocol |
tcp |
|
Service Type |
HTTP-HTTP/2-HTTPS |
|
Subnet Originating Address |
Enabled |
| Persistence Mode | Source IP Address |
| Persistence Timeout | 2 Minutes |
|
Scheduling Method |
least connection |
| Real Server Check Method | HTTP Protocol |
|
Checked Port |
7751 |
|
HTTP Method |
GET |
|
Check URL |
/ManagementServer/deployment/pingmonitor.aspx |
5.2 Personalization Server
The following are the steps involved and the recommended settings to configure the Ivanti Personalization Server using the application template.
1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.
2. Type a valid Virtual Address.
3. Select the Ivanti Personalization Server template in the Use Template drop-down list.
4. Click Add this Virtual Service.
5. Expand the Real Servers section.
6. Click Add New.
7. Enter the Real Server Address.
8. Confirm that Port 7771 is entered.
9. Click Add This Real Server.
5.2.1 Personalization Server Application Template Settings (optional)
This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with scripts and automation tools.
|
Option |
Value |
|---|---|
|
VS Port |
7771 |
|
VS Protocol |
tcp |
|
Service Type |
HTTP-HTTP/2-HTTPS |
|
Subnet Originating Address |
Enabled |
|
Persistence Mode |
Source IP Address |
|
Persistence Timeout |
2 Minutes |
| Scheduling Method | least connection |
| Real Server Check Method | HTTP Protocol |
| Checked Port | 7771 |
| HTTP Method | GET |
|
Check URL |
/PersonalizationServer/pingmonitor.aspx |
5.3 File Director Offloaded
The following are the steps involved and the recommended settings to configure the Ivanti File Director Offloaded using the application template:
1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.
2. Type a valid Virtual Address.
3. Select the Ivanti File Director Offloaded template in the Use Template drop-down list.
4. Click Add this Virtual Service.
5. Expand the SSL Properties Section.
6. Select the certificate to use in the Available Certificates and click the "arrow" > to move it to Assigned Certificates.
7. Click Set Certificate.
8. Expand the Real Servers section.
9. Click Add New.
10. Enter the Real Server Address.
11. Confirm that Port 80 is entered.
12. Click Add This Real Server.
5.3.1 File Director Offloaded Application Template Settings (optional)
This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with automation tools.
| Option | Value |
| VS Port | 443 |
| VS Protocol | tcp |
| Service Type | HTTP-HTTP/2-HTTPS |
| Subnet Originating Address | Enabled |
| Scheduling Method | least connection |
| SSL Acceleration | Enabled |
| Cipher Set | Intermediate_compatibility |
| Real Server Check Method | HTTP Protocol |
| Checked Port | 8001 |
| HTTP Method | GETGet |
| Check URL | /status |
| Reply 200 Pattern | Success |
5.4 File Director HTTPS
The following are the steps involved and the recommended settings to configure Ivanti File Director Reencrypt using the application template:
1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.
2. Type a valid Virtual Address.
3. Select the Ivanti File Director HTTPS template in the Use Template drop-down list.
4. Click Add this Virtual Service.
5. Expand the Real Servers section.
6. Click Add New.
7. Enter the Real Server Address.
8. Confirm that Port 443 is entered.
9. Click Add This Real Server.
5.4.1 File Director HTTPS Application Template Settings (optional)
This table outlines the configuration options set using the Kemp application template. These settings can be used if doing a manual configuration or leveraged with automation tools.
| Option | Value |
| VS Port | 443 |
| VS Protocol | tcp |
| Service Type | HTTP-HTTP/2-HTTPS |
| Subnet Originating Address | Enabled |
| Scheduling Method | least connection |
| Real Server Check Method | HTTP Protocol |
| Checked Port | 8001 |
| HTTP Method | GET |
| Check URL | /status |
| Reply 200 Pattern | Success |
6 Troubleshooting
Refer to the sections below for details on some common issues seen when load balancing the Ivanti AppSense workload.
6.1 Connections Rejected
When using a non-default TCP port or offloading for Ivanti AppSense services, you must ensure the Real Server port is correct. This is a common mistake when configuring the Real Servers when the VS port is different from the Real Server port.
7 References
Some resources on Ivanti are listed below:
Useful, related Kemp documents are listed below:
SSL Accelerated Services, Feature Description
Kemp Web User Interface (WUI), Configuration Guide
Last Updated Date
This document was last updated on 21 June 2022.