version 3 jetNEXUS ALB-X – VMware Horizon View 5.2 Deployment Guide

jetNEXUS ALB-X – VMware Horizon View 5.2 Deployment Guide

Pre-requisites

The following are general prerequisites and configuration notes for this guide:

  • It is assumed that the reader is a network administrator or person familiar with networking and general computer terminology
  • You must have an existing VMware Horizon View 5.2 deployment
  • This deployment guide contains configuration procedures to configure jetNEXUS ALB-X appliances only
  • Minimum Software Version 3.53.2 (Build 1510) or later on your jetNEXUS ALB-X

Overview

  • The ALB-X is an Application Delivery Controller (ADC) sometimes referred to as a next generation load balancer.
  • The ALB-X provides intelligent load balancing, scalability and fail-over for VMware Horizon View Connection Servers
  • The ALB-X provides intelligent load balancing, scalability and fail-over for VMware Horizon View Security Servers
  • This document assumes a degree of familiarity with the ALB-X GUI. For more general information on the ALB-X and the GUI, please refer to the User Guide

Why jetNEXUS?

  • Layer 4 & Layer 7 Load Balancing
Application layer server health checks are able to detect and route around problems to eliminate downtime
  • Session Persistence
Cookie based or IP based session persistence. Session timers can be adjusted
  • Reverse Proxy
jetNEXUS ALB-X can provide Reverse-Proxy architecture, enabling secure remote client connections to internal resources
  • Compression
Content Compression features improve remote client performance
  • SSL Offload
Enables end-to-end secure encrypted traffic between client and load balancer, freeing the content servers from the resource hungry process of encryption
  • SSL Re-Encryption
Enables end-to-end secure encrypted traffic between client and internal resources whilst still delivering acceleration and traffic manipulation with flightPATH
  • flightPATH
jetNEXUS ALB-X is able to intelligently redirect clients to the correct resources
  • jetPACK
Quick and easy deployment using jetPACK application templates

What is a jetPACK?

A jetPACK is a simple text file that you can upload to your appliance that contains all of the configuration needed to deploy an application such as VMware Horizon View

  • The jetNEXUS ALB-X can be configured automatically with a VMware View “jetPACK” template, which is fully-tuned with all of the application-specific settings that you need in order to enjoy optimised service delivery from your ALB-X
  • If you supply the virtual IP address and real server IP addresses to support@edgenexus.io we will send you a custom jetPACK that you simply upload to your jetNEXUS ALB-X
  • The upload can be done via the GUI and will result in a fully configured ALB-X within less than 1 minute
  • The relevant jetPACK can be applied to multiple jetNEXUS ALB-X appliances saving valuable time and eliminating simple mistakes
  • To download the jetPACK please visit https://appstore.edgenexus.io/user-guides-version-3-32bit-jetnexus-software/current-user-guide/jetpack/#vmwareSSL

VMware View Description

A VMware View deployment offers many options for securing virtual desktops. End users can access their desktops from supported Web browsers, laptops and a range of other devices inside or outside the corporate firewall.

View Connection Servers:

A View Connection Server acts as a broker for client connections. View Connection Servers authenticate users through Windows Active Directory and directs the request to the appropriate virtual machine.

View Security Servers:

A View Security Server is a special instance of a View Connection Server that runs a subset of View Connection Server functions. They add an extra layer of security and typically sit in a DMZ. Each security server is paired with an instance of View Connection Server and forwards traffic to that instance.

Deployment Scenarios

jetNEXUS ALB-X can be deployed in the following scenarios:

Connection Servers only – Internal Clients

The following diagram shows a typical deployment using connection servers only to support non-public connections.

Diagram 1.1
internalviewdiagram

Traffic Flow:

  • 1.The client machine (Mac, Windows, iPad or Zero Clients) makes an SSL connection to the Virtual Service IP presented by the jetNEXUS ALB-X. PCoIP and USB redirects around the ALB-X
  • 2.The SSL connection is terminated on the ALB-X. The ALB-X will then re-encrypt the traffic, or offload the SSL and establish a connection to the Connection Servers
  • 3.After authentication, desktop entitlement and selection are complete, desktop connections proceed to the appropriate View Desktop
  • 4.The ALB-X does not proxy UDP connections in the Software Version:3.53.2 (Build 1510)

Creating your Virtual Service – Connection Servers with SSL Offload

Please complete the following procedures:

1. Create a Virtual Service for HTTPS

  • Navigate to the IP Services page
  • Click Add IP to add a blank row in top Channel Details section
  • Complete the column details as per the screen shot below
  • Note the Primary column will be blank unless you have enabled failover. Please see section on failover / high availability in the online userguide here
  • Start by double clicking on IP Address column of your blank row
  • Once complete you can TAB to the next column to edit

2. Add Real Servers to the Virtual Service

  • With the Destination tab highlighted click Add New in the bottom Content Servers section
  • A blank row will appear. Double Click on this row below each column starting with the IP Address column to add your servers
  • To save the server details click the Update button on the right hand side of this section
  • You can add additional servers with the Add New button

viewipservicesconnectionoffload (1)

3. Import or Create a Certificate

Please see the userguide link here on how to create or import an SSL certificate

4. Set the Actions for the channel

Apply the following actions:

viewactionsssloffload (1)

5. Allow HTTP Connections from jetNEXUS ALB-X

When SSL is offloaded to a load balancer like jetNEXUS ALB-X, you can configure View Connection Server instances to allow HTTP connection from client-facing, intermediate devices. The intermediate device (jetNEXUS ALB-X) must accept HTTPS for View Client connections. To allow HTTP connections between View Connection Servers and jetNEXUS ALB-X you must configure the locked properties file on each View Connection Server Instance and security server on which HTTP connections are allowed.
Note that even when HTTP connections are allowed View servers will continue to accept HTTPS connections also.

Security Servers only – External Clients

The diagram below shows the traffic flow when deploying using Security Servers and Connection Servers. This architecture is typically used when looking to support secure public/WAN connections.

Diagram 1.2
externalviewdiagram

Traffic Flow

  • 1.The client machine (Mac, Windows, iPad or Zero Clients) makes an SSL connection to the Virtual Service IP presented by the jetNEXUS ALB-X. PCoIP and USB redirects around the ALB-X
  • 2.The SSL connection is terminated on the ALB-X. The ALB-X will then re-encrypt the traffic and establish a connection to the Security Servers
  • 3.After authentication, desktop entitlement and selection are complete, desktop connections proceed to the appropriate View Desktop
  • 4.The ALB-X does not proxy UDP connections in the Software Version:3.53.2 (Build 1510)

Creating your Virtual Service – Security Servers with SSL Re-Encryption

Please complete the following procedures:

1. Create a Virtual Service for HTTPS

  • Navigate to the IP Services page
  • Click Add IP to add a blank row in top Channel Details section
  • Complete the column details as per the screen shot below
  • Note the Primary column will be blank unless you have enabled failover. Please see section on failover / high availability in the online userguide here
  • Start by double clicking on IP Address column of your blank row
  • Once complete you can TAB to the next column to edit

2. Add Real Servers to the Virtual Service

  • With the Destination tab highlighted click Add New in the bottom Content Servers section.
  • A blank row will appear. Double Click on this row below each column starting with the IP Address column to add your servers
  • To save the server details click the Update button on the right hand side of this section.
  • You can add additional servers with the Add New button

viewipservicessecurity (1)

3. Set the Actions for the channel

Apply the following actions:
viewactionssslreencryption (1)

Troubleshooting

Further help can be found on the main edgeNEXUS website

Contact Us

We hope you have found this Deployment Guide informative, but if you need any clarification or further information, please do not hesitate to get in contact with edgeNEXUS Support:

E-mail support@jetNEXUS.com
Phone +44 (0870) 382 5529
Blog http://jetNEXUS.blogspot.com/

CONTACT US

We're not around right now. But you can send us an email and we'll get back to you, asap.

Sending

Log in with your credentials

or    

Forgot your details?