VMware Horizon Community
blackhug0
Contributor
Contributor

3 Services - 1 public IP and 1 UAG everything on port 443

Hi,

I have a little challenge and maybe you can help me 🙂

My situation:

I want to connect my Horizon Environment (Blast), my Identity Manager and VMware Tunnel from external. The problem is, that I only have one public IP, I have no load balancer and can only use one UAG and on top of that everything should be reachable over port 443 tcp.

I thought the UAG is made for this challenge but now I think it is not.

Here is what I did and my findings:

I deployed a new UAG 3.2.1 with tls port sharing enabled.

I setup horizon blast on UAG with Port 443 instead of 8443. Till now everythin is fine 🙂

I setup reverse proxy for Identity Manager and here is the first issue. Reverse Proxy and UAG enabled on the same port 443 do not recognize the different hostname (for example horizon.xxx.com and idm.xxx.com). They only listen on the different proxy pattern and in my case the /* should be in both proxy pattern to reach both services without typing something behind the slash.

Isn’t it a typical reverse proxy that listen on the differnt subdomains?

Then I tried to setup VMware Tunnel - also on Port 443.

What I can see in the Tunnel log is “TLS Port Sharing enabled - Swtiching to Port 8443“

I think in this case I should enter my hostname and port in TLS SNI Rules. For Example tunnel.xxx.com:443

But I can‘t see any connection in tcpdump on Port 443. Is it the right way to use TLS SNI rule to redirect incomming connection on port 443 to tunnel on port 8443?

Is Vmware Tunnel on port 443 possible and is it possible with other services on the same UAG - same Port?

Every suggestion can help.

Thanks.

Nils

Reply
0 Kudos
0 Replies