Configure NSX-V Edge Load Balancer for Horizon

In this blog post I will walkthrough of how to create a load balancer VIP to balance traffic between VMware Connection servers.

In the below case, I’ll configure an NSX edge to load balance traffic between my connection servers.

 

 

 

 

 

Step 1 : Deploy a NSX Edge

In networking and Security, clic on NSX Edges and Add

Configure a name and a host name for your NSX Edge, in my case i’ll do not use HA.

Configure a username and a password, take care that the policy is more restrictive than usual.

For lab purpose, compact deployment will be far enough

Configure an interface where the edge will communicate, this ip will handle the VIP for your loadbalancer.

Configure a gateway

Again for lab purpose, i’ll use a default policy which allow all traffic.

Step 2 : Configure the load balancer

First of all, enable the load balancer service on your edge

Step 3 : Create an application profile

In a first time, i’ll do not use any certificate. Each broker will show its own self signed certificate.

Configure SSL Passtrough, and use SSL Session ID for the persistence mode

Step 4 : Create a new pool containing my two broker

Use IP-HASH algorithm, and the default https rules for monitoring traffic

Add your brokers in members, and configure port 443.

Step 5 : Create a virtual server

Create a virtual server, with https protocol and redirecting to the previously created Horizon pool

Step 6 optionnal : Add a self signed certificate

Go back in the configure tab of your Edge, select certificates, in the CSR Actions, clic generate certificate

Select your previously generated CSR and select self sign certificate.

Go back into your application profile and select HTTPS End to End instead of SSL passtrough.
Self your self signed certificate on the Client and Server side.

In my case, you can see that the horizon certificate is presented, not the broker one.

You might be interested in …

Configure App Volumes Manager

AppVolumes, VMware

In my previous post we installed the App Volumes Manager. Now it is time for it’s configuration. In this post I will show you the basic configuration to start of with App Volumes. Before we start make sure you have a Service Account ready for App Volumes. During the configuration, you will need this account to […]

Read More

Unified Access Gateway with Microsoft Azure AD Integration using SAML

Many customers are moving towards extending their Datacenter workloads to the clouds, and Microsoft Azure is one of the partners that the VMware EUC team works very closely with. VMWare Unified Access Gateway, what we called “UAG,” is available in the Azure AD app gallery directly, reducing and simplifying the efforts of integration and configurations.  […]

Read More

How to Change Workspace ONE Access SAML Signing Certificate

VMware, Workspace ONE Access

In my previous engagement, a customer asked to change the Workspace ONE Access SAML signing cert after a year and a half in production.  WS1 Access was fully deployed along with DR sites and configured as 3rd party IDP with ADFS for O365 use cases. Background: SAML signing certificates ensure that messages are coming from […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *