VMware Horizon Community
paulc1
Enthusiast
Enthusiast
‎02-28-2019 07:07 PM

UAG 3.4 HA vs Load Balancing and Number of Horizon Connection Servers

So UAG 3.4 is supposed to allow us to no longer use a load balancer with its built in HA. I currently have my UAG's setup on an internal network with a Netscaler sending the traffic through the firewall. Isn't this a more secure option than having two appliances externally accessible?

I have no control of the netscaler or firewall (different departments) so I'm just wondering if its worth the hassle of getting it all reconfigured.

Also a secondary question. If we aren't using tunneling is there any reason to have 4 connection servers? I think that was recommended when we first started using Horizon 7.0, but the connections are all being handled by the UAG's it doesn't seem like there's much point in having more than 2 connection servers.

We don't really have a way of doing a split DNS setup for internal/external. Something else I have no control of. It would be nice for internal connections to go directly to the connection servers, but as it is they just hit the external VIP like external traffic. Not ideal, but my hands are tied there.

Thanks!

Labels (1)
Labels
Tags (2)
Reply
2 Replies
BenFB
Virtuoso
Virtuoso
‎03-03-2019 08:33 PM

Not knowing how many users you have and your peak connections you might be able to get away with 2 connection servers. I prefer a minimum of 3 so I can do maintenance on one and always have two up in case of an unplanned failure.

Reply
techguy129
Expert
Expert
‎03-04-2019 03:14 AM

UAG HA is active/passive. With the Netscaler, you are active/active for load balancing and high availability. If you are going from the UAG to the endpoints directly, then having the netscaler in front just adds one more layer of protection.

As already mention, having more then two CS depends on your load. You still need the connection servers for web browser connections.

I was advised by VMware, and I recommend it as well, to send all your traffic through the UAG. I had the same DNS issue and it was simple to send all traffic through the external UAG.

I recommend reading up on architecture planning.

https://docs.vmware.com/en/VMware-Horizon-7/7.6/horizon-architecture-planning.pdf

Reply