Load Balancing VMware Horizon View

VMware Horizon View by increasing application performance and removing single points of failure in the deployment. For high availability and scalability, VMware recommends that multiple Connection servers and Security servers be deployed in a load balanced cluster. 

Horizon View Connection servers broker client connections, authenticate users and directs incoming requests to the correct endpoint. Load balancer serves as a central aggregation point for traffic flow between clients and Connection servers, sending clients to the best performing and most available Connection server instance. Horizon View Security servers provide an additional layer of security for View infrastructures that are published to users on the internet. Typically deployed in the DMZ, they proxy incoming connections to View Connection Servers on the trusted network. To improve their availability, Load Balancer is used to publish a single virtual service that external clients connect to for secure access to the environment.

VMware recommends that when large numbers of remote users are being serviced, load balancer SSL termination should be considered to offload secure traffic from the View Security servers to improve performance. When inbound traffic is decrypted prior to being passed to View Security servers for processing, the required resources is reduced and the overall solution performance increases.

Note: Configure Load Balancer based on the fact that View Client Connection Process would be in 2 phases these are:

Phase 1: Initial connection establishment, authentication, entitlement.

Phase 2: Client to Virtual Desktop connection.

Minimum prerequisites:

  • Implemented Active Directory, DNS and other core requirements for Horizon View
  • Installed VMware ESXi servers, vCenter server, View Connection and Security servers Configured SSL certificates for authentication of View Connection and Security servers
  • Installed the Load balancer on the same network as the servers to be load balanced
  • Configure the Load balancer topology which suites your organization, consult vendor documentation..

Allow HTTP Connections

To allow SSL-offloaded connections from the Load Balancer to the Connection Servers that are not re-encrypted, the Connection Servers must be configured to accept HTTP connections from intermediate devices. This is accomplished by modifying the locked.properties file on each Connection Server on which HTTP connections are desired. Steps on how to do this are outlined below. The servers will also continue to accept HTTPS connections.

  1. Navigate to the locked.properties file in the SSLGateway configuration folder on the
  2. Connection Server, for example <install_directory>VMwareVMware ViewServersslgatewayconflocked.properties
  3. Add the serverProtocol property. Set it to http using lower case letters
    The next two steps are optional:
    If desired, change the HTTP listening port from 80 to a non-default port by setting the serverPortNonSSL to an alternate port number on which the Load balancer will communicate with the Connection Server for HTTP connections.
    If the Connection Server has multiple network interfaces and you would like to designate a single interface for HTTP connections, set the server Host to the IP address of the desired interface.
  4. Save the locked.properties file.
  5. Restart the View Connection Server service on the server

Modify Secure Tunnel External URL The following changes to the Secure Tunnel External URL parameters are required for the Load balancer and the VMware Horizon View environment to interoperate correctly:

  1. Log in to the View Manager Administrator
  2. Expand View Configuration and click Servers.
  3. Select the Connection Servers tab.
  4. Select each Connection server and click the Edit button after which the Edit View Connection Server Settings box will open.
  5. Navigate to the General tab. In the HTTP(S) Secure Tunnel External URL text box, enter the Loadbalancer Virtual Service IP address or DNS FQDN to be used for the Security Server pool followed by a colon and the appropriate port number.
  6. Select the Use Secure Tunnel Connection to Desktop check box.

Source: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2127195#sf40032378

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s