Archive | NSX RSS feed for this section

VMware EUC – Horizon, UAG, VIDM and AppVolumes – NSX Load Balancing – Health Check Monitors

2 Feb

There is no single place to find a consolidated list of Load balancer health check monitors (aka Service Monitors in NSX) for the VMware EUC products:

I have been using VMware NSX load balancer across the board. The below details will provide an overview of what to enter for the health monitors. Note – If you are using something more meaningful  for your environment leave feedback in the comments section. I will try to implement the same and update the blog later.

VMware Unified Access Gateway (UAG)

Create a new Service Monitor under NSX and call is UAG_https_monitor. Refer to the screenshot for more details.

UAG Service Monitor

Send String: GET /favicon.ico
Response code: 200s

VMware Identity Manager or Workspace ONE Access

Create a new Service Monitor under NSX and call is VIDM_https_monitor. Refer to the screenshot for more details.

VIDM Service Monitor
Send String: GET /SAAS/auth/login
Response code: 200s

VMware Horizon Connection Servers

Update 13th Sep 2021 – For all Horizon version 7.10 and above please start using the following service monitor within NSX.

Send String: GET /favicon.ico
Response code: 200s

You can use this string for versions 7.7 or upto 7.10. Create a new Service Monitor under NSX and call is Horizon_https_monitor. Refer to the screenshot for more details.

image
Send String: GET /broker/xml/
Receive string: /styles/clientlaunch-default

VMware App Volumes

Create a new Service Monitor under NSX and call is AV_https_monitor. Refer to the screenshot for more details.

AV Service Monitor

I hope you will find these monitors useful in monitoring the VMware EUC products.

Thanks,
Aresh Sarkari

NSX Load Balancing for VMware Unified Access Gateway – Part2

5 Mar

In this post we shall go over the remaining configuration on “Pools” and “Virtual Servers” of the NSX Load Balancing for VMware Unified Access Gateway.

4. Configure the Load Balancing – Pools

  • Overall we will be creating four Pools as follows:
    Pools
  • Click on the green plus sign to add a new pool
    • In the Name field, type: XXX-UAG-POOL-8443
    • Leave the Description blank
    • For Algorithm, pick IP-HASH
    • Leave Algorithm Parameters blank
    • For Monitors, pick default_tcp_monitor
      Pools_8443
  • Click on the green plus sign to add a new pool
    • In the Name field, type: XXX-UAG-POOL-4172TCP
    • Leave the Description blank
    • For Algorithm, pick IP-HASH
    • Leave Algorithm Parameters blank
    • For Monitors, pick default_tcp_monitor
      Pools_4172_TCP
  • Click on the green plus sign to add a new pool
    • In the Name field, type: XXX-UAG-POOL-4172UDP
    • Leave the Description blank
    • For Algorithm, pick IP-HASH
    • Leave Algorithm Parameters blank
    • For Monitors, pick default_tcp_monitor
      Pools_4172_UDP
  • Click on the green plus sign to add a new pool
    • In the Name field, type: XXX-UAG-POOL-443
    • Leave the Description blank
    • For Algorithm, pick IP-HASH
    • Leave Algorithm Parameters blank
    • For Monitors, pick default_https_monitor
      Pools_443

5. Configure the Load Balancer – Virtual Servers

  • Overall we will be creating six virtual servers as follows:
    Virtual_Server
  • Click on the green plus sign to add a new Virtual Server
    • Click on Enable Virtual Server
    • Click on Enable Acceleration
    • Set the Application Profile to XX-External-UDP
    • In the Name field, type: XXX-UAG-8443UDP
    • Leave the Description blank
    • For IP Address, select IP address by click on the link
    • For Protocol select UDP
    • In Port/Port Range type 8443
    • Set Default Pool select XXX-UAG-Pool-8443
    • Everything else should be default
      UDP_Virtual_Server
  • Click on the green plus sign to add a new Virtual Server
    • Click on Enable Virtual Server
    • Click on Enable Acceleration
    • Set the Application Profile to XX-External-UDP
    • In the Name field, type: XXX-UAG-4172UDP
    • Leave the Description blank
    • For IP Address, select IP address by click on the link
    • For Protocol select UDP
    • In Port/Port Range type 4172
    • Set Default Pool select XXX-UAG-Pool-4172UDP
    • Everything else should be default
      UDP_Virtual_Server
  • Click on the green plus sign to add a new Virtual Server
    • Click on Enable Virtual Server
    • Click on Enable Acceleration
    • Set the Application Profile to XX-External-TCP
    • In the Name field, type: XXX-UAG-8443TCP
    • Leave the Description blank
    • For IP Address, select IP address by click on the link
    • For Protocol select TCP
    • In Port/Port Range type 8443
    • Set Default Pool select XXX-UAG-Pool-8443
    • Everything else should be default
      TCP_Virtual_Server
  • Click on the green plus sign to add a new Virtual Server
    • Click on Enable Virtual Server
    • Click on Enable Acceleration
    • Set the Application Profile to XX_external_ssl_offload
    • In the Name field, type: XXX-UAG-443HTTPS
    • Leave the Description blank
    • For IP Address, select IP address by click on the link
    • For Protocol select TCP
    • In Port/Port Range type 443
    • Set Default Pool select XXX-UAG-Pool-443
    • Everything else should be default
      HTTPS_Virtual_Server
  • Click on the green plus sign to add a new Virtual Server
    • Click on Enable Virtual Server
    • Click on Enable Acceleration
    • Set the Application Profile to XX_external_tcp
    • In the Name field, type: XXX-UAG-4172TCP
    • Leave the Description blank
    • For IP Address, select IP address by click on the link
    • For Protocol select TCP
    • In Port/Port Range type 4172
    • Set Default Pool select XXX-UAG-Pool-4172TCP
    • Everything else should be default
      TCP_Virtual_Server

Previous configuration around the “Global Configuration”, “Application Profiles” and “Service Monitoring” the NSX Load Balancing for VMware Unified Access Gateway – Part1

We haven’t configured any “Application Rules”. I hope you find these steps useful and don’t have to invent the wheel when it comes to NSX LB for VMware UAG.

Thanks,
Aresh

NSX Load Balancing for VMware Unified Access Gateway – Part1

5 Mar

This blog post will be a two part series showing you step by step on how to load balance VMware Unified Access Gateway (UAG) using the VMware NSX. There are quite a few options such as F5, KEMP etc. available to do the load balancing of the UAG appliance but in this post we shall deep dive into NSX Load balancing. The objective in a production deployment is to load balance multiple UAG appliances deployed in the DMZ.

UAG Load BalancingLoad Balancing of multiple VMware UAG Appliances

There are plenty of guidance available on how to create the NSX Edge to do the load balancing. I am not going to cover those steps in this blog. Instead I will fast forward to the Load Balancing configurations required to do Unified Access Gateway.

Pre-Installation Checklist

This list should include everything that needs to be available BEFORE we start to install the UAG Load Balancer.

  • A pair of UAG Appliances should be deployed
  • The admin page of both the UAG appliances should be accessible
  • Create a X-Large NSX Edge and make sure its deployed using HA (Active/Passive)
  • Enable Syslog on the NSX Edge
  • Reserve the VIP IP address used by NSX

Step-by-Step guide (Part1 – We shall cover Global Configuration, Application Profiles and Service Monitoring)

1. Configure the Load Balancing – Global Configuration

  • Log into the Edge GW you need to configure and go to the Manage tab then the Load Balancer tab.
  • Click on Global Configuration
    • Check the Enable Load Balancer checkbox
    • Check the Enable Acceleration checkbox
    • Check the Logging checkbox
    • Change the Log Level dropdown to Warning
    • Leave the rest as the default
    • Click Ok
      Global Configuration

2. Configure the Load Balancer – Application Profiles

  • Overall we will be creating three Profiles – HTTPS, TCP and UDP as follows:
    Application Profiles
  • Click on the green plus sign to add the HTTPS profile
    • Set the Name to XX_External-SSL_Offload
    • Set the Type to HTTPS
    • Set Enable SSL Passthrough
    • Persistent to Source IP
    • Expires in (seconds): 28800 (Preferably match it from Horizon Administrator – Global Configuration Settings)
    • Everything else should be blank, grayed out, or None
    • Click Ok
      SSL_Offload
  • Click on the green plus sign to add the TCP profile
    • Set the Name to XX_External-TCP
    • Set the Type to TCP
    • Persistent to Source IP
    • Everything else should be blank, grayed out, or None
    • Click Ok
      TCP_Profile
  • Click on the green plus sign to add the UDP profile
    • Set the Name to External-UDP
    • Set the Type to UDP
    • Persistent to Source IP
    • Everything else should be blank, grayed out, or None
    • Click Ok
      UDP_Profile

3. Configure the Load Balancer – Service Monitoring

  • Overall we will be creating three Service Monitors – HTTPS, TCP and UDP as follows:
    Service_Monitoring
  • Click on the green plus sign to add the Access Point TCP Monitor.  This one monitor will be used for all APs.
    • Set the Name to default_tcp_monitor
    • Set the Interval to 5
    • Set the Timeout to 15
    • Set the Max Retries to 3
    • Set the Type to TCP
    • Click Ok
      TCP_Monitor
    • Click on the green plus sign to add the Access Point HTTP Monitor.  This one monitor will be used for all APs.
      • Set the Name to default_http_monitor
      • Set the Interval to 5
      • Set the Timeout to 15
      • Set the Max Retries to 3
      • Set the Type to HTTP
      • Set the Method to GET
      • Click Ok
        HTTP_Monitor
      • Click on the green plus sign to add the Access Point HTTPS Monitor.  This one monitor will be used for all APs.
        • Set the Name to default_https_moinitor
        • Set the Interval to 5
        • Set the Timeout to 15
        • Set the Max Retries to 3
        • Set the Type to HTTPS
        • In the Expected field, type:  HTTP/1.1 200 (note there is a space between the 1.1 and 200)
        • Set the Method to GET
        • In the URL field, type /favicon.ico
        • Click Ok
          HTTPS_Monitor

Remaining configuration around the “Pools” and “Virtual Servers” to be continued in the NSX Load Balancing for VMware Unified Access Gateway – Part2

I hope you find these steps useful and don’t have to invent the wheel when it comes to NSX LB for VMware UAG.

Thanks,
Aresh