Deployment of AVI Loadbalancer For Horizon on VMware Cloud on AWS

Overview

In previous post, I explained about the AVI Load Balancer Architectures which can be achieved for VMware Horizon deployment. In this post, I will provide the step by step guidance on how to deploy AVI load balancer for Horizon on VMware Cloud (VMC) on AWS .

Basically I will cover “Single L4 Virtual Service” and “(n+1) VIP” architecture deployments in this post.

Planning

  • AVI Controller : 172.16.103.10 (stand alone)
  • Service Engines : 172.16.103.11, 172.16.103.12
  • Virtual Service (VIP) in front of Unified Access Gateway (UAG)
    • Single L4 VIP Deployment : 172.16.104.11
    • (n+1) VIP Deployment : 172.16.104.12
  • Virtual Service (VIP) in front of Connection Server (CS) : 172.16.104.10
  • UAG IP : 172.16.102.21, 172.16.102.22 (DMZ Network)
  • Connection Server IP : 172.16.101.9, 172.16.101.10
  • Public IP for External Access

A. Deployment Layout for “Single L4 VIP”

Deployment of AVI Networks Controller and Service Engine

For deployment of AVI Networks Controller and Service Engines, follow the official guide provided by AVI Networks. Prior to proceeding below steps AVI Controller and Service Engine deployment must be completed.

Create Cloud

In this section, we will create a “Cloud” for Horizon on VMC deployment. The word “Cloud” in AVI Networks is the type of infrastructure on which you are going to configure load balancer i.e. VMware vCenter/vSphere (on-premises), AWS, Azure etc. For VMware cloud on AWS deployment, we need to choose the cloud option [No Orchestrator].

1. Log in to AVI Networks admin consoles.

2. From left top corner menu, select [Infrastructure] > [Cloud] > [Create]

3. Give a name of your choice and select [No Orchestrator] for VMware Cloud (VMC) on AWS deployment.

4. Leave as default and select [Save].

5. Now you have created a cloud “VMC” as seen below.

Create IP Groups

6. From left top corner menu, select [Templates] > [Groups] > [Create IP Group].

7. This is a IP group for UAG, so enter all the IP addresses of UAGs which exist in your environment and [Save].

8. Create a IP group for Horizon connection server as well. Once you created the groups, you will see the list of IP groups as below.

Create Pools

In this section we will create two pools. One for connection server load balancer and another for UAG load balancer.

9. From left top corner menu, select [Applications] > [Pools] > [Create Pool].

10. Select the cloud you created earlier in step-5.

  • Pool for connection server load balancer.

11. Enter the parameters for pool.

11. Confirm first pool in list as seen below.

  • Pool for UAG load balancer.

12. Next we will create a pool for VS in front of UAGs. Enter the parameters as seen below and [Save].

Creating Health Monitor (optional)

14. Confirm second pool is created and exists in [Pools] list.

Create Virtual Services

In this section we will create two virtual services. One for load balancing connection server traffic and another for load balancing unified access gateway traffic.

15. From left top corner menu, select [Applications] > [Virtual Services] > [Create Virtual Service].

  • Virtual service for load balancing connection server traffic

16. Enter the parameters for Virtual Service and [Save].

  • Virtual service for load balancing UAG traffic

17. Enter the parameters for Virtual Service and [Save].

18. Confirm Virtual Services are created successfully and exist in list as seen below.

19. Go to dashboard and click in [Expand] hyperlink to confirm the health of components. If there is any component in error state, there might be some issue with configuration.

20. In this stage, if your configuration is correct, you should be able to access horizon environment with loadbalancer VIP address as seen below.

  • Accessing horizon via loadbalancer (VS) IP in front of CS
  • Accessing horizon via loadbalancer (VS) IP in front of UAG

Configure NAT Rule IN VMware CLoud

21. Log in to VMware Cloud (VMC) on AWS console >[Networking & Security]>[NAT] > [Add RULES].

Here you will configure the NAT for public IP used for external access vs loadbalancer IP which sits in front of UAG. For test purpose, I am allowing all the traffics towards UAG but for production environment you can allow only the ports which are required for Horizon.

Configure Unified Access Gateway

22. Log in to Unified Access Gateway admin console and configure as below.

  • Connection Server URL = Loadbalancer IP sits in front CS
  • PCoIP External URL = Public IP used for external access
  • Blast External URL = Public DNS record registered with public IP
  • Tunnel Proxy URL=Public DNS record registered with public IP

This must be configured on all the UAGs exist in horizon environment.

Validations

23. Access external URL via Horizon Client app or web browser and confirm you are able to lunch horizon desktops or apps.

24. You can confirm the user access detail from AVI Networks admin console. Go to [Virtual Services] > select respective [Virtual Service] for which you want to check the detail > [Logs].

25. To view virtual service analytics, go to [Virtual Services] > select respective [Virtual Service] for which you want to check the detail > [Analytics].

26. To view virtual service health, go to [Virtual Services] > select respective [Virtual Service] for which you want to check the detail > [Healths].


B. Deployment Layout for “(n+1) VIP”

Create Pool

27. Create a pool for (n+1) VIP.

  • Load Balance= Least Connections
  • Persistence=System-Persistence-Http-Cookie

Create Virtual Service

28. Create a L7 virtual service.

  • Application Profile = System-Secure-HTTP
  • TCP/UDP Profile = System-TCP- Proxy
  • Service Port = 443

29. Disable “response_with_100_continue” on AVI controller.

SSH to Avi Controller > go to shell and follow the steps below:

Configure NAT Rules In VMware Cloud

29. Here we need to configure three NAT rules since VS and each of UAG holds public IP in (n+1) VIP deployment.

Configure Unified Access Gateway

30. Each UAG need to be configured separately. Point the connection server URL to VS sits in front of connection servers (same for all UAG). For the external access (PCoIP & Blast), enter public IP which are NATed to UAG private IP in step-29. External access IP/URL will be unique to each UAG.

  • UAG-1
  • UAG2

Validation

31. Access to horizon external URL via Horizon Client app or web browser and confirm you are able to lunch horizon desktops or apps.

Leave a Reply

Your email address will not be published. Required fields are marked *