VMware Horizon Community
MattG
Expert
Expert

Basic View design questions

I need to setup a external facing View environment.  Plan is to have an internal pair of replication connection servers with DMZ'd Security Servers that map 1-to-1 with the Conn servers.

If I load balance the Security Servers and one of the Connection Servers goes down,  won't the load balancer still send the packet down the Security Server with the down Connection server as their is no way for the LB to know that the associated Conn Server is down?

Also,  is is possible to configure a replicated pair of Connection servers with one requiring RSA auth and the other not?   Use case would be a single group of 4 replicated servers,  with 2 connecting to Security Server (req RSA)  and 2 not connected to Security Servers that would be used for internal users?

If this is not possible and I need to create 2 pairs of replicated Conn servers,  would this be treated like 2 separate View environments,  including licensing?

Thanks,

-MattG

-MattG If you find this information useful, please award points for "correct" or "helpful".
Reply
0 Kudos
1 Reply
mpryor
Commander
Commander

> ...no way for the LB to know that the associated Conn Server is down?

This works fine. If you've correctly configured the load balancer to do a proper https query to the security server, if the linked CS goes down you'll get a 503 response instead of the expected 200. If you're doing something too simple like a basic ping test that won't be sufficient and you'll need to change your LB settings.

> is possible to configure a replicated pair of Connection servers with one requiring RSA auth and the other not?

Yes that is possible, SecurID configuration is configured per connection server. This is actually one of the example deployments in our documentation (pod of 4, with 2 configured for SecurID or RADIUS).

Reply
0 Kudos