medvmwadm
Enthusiast
Enthusiast

Cloud Pod Architecture with UAGs

Jump to solution

Hello:

I'm trying to find this information in the documentation and so far cannot find the answer.  We are setting up a new Horizon environment and linking it to our old environment at another site using Cloud Pod Architecture.  Everything is working good internally.  Now we are going to set up external access using UAGs.  What I'm trying to find out is if the UAGs at the new site need to communicate directly to the Connection Server at the old site.  To better phrase the question:

We have Site A, and Site B, both linked with CPA.

I have UAGs in Site B in a DMZ.  We want to point all users to the UAGs in Site B, for VMs running in Site A.

Do the UAGs in Site B, need to be able to reach the Connection Servers in Site A, for authentication?   Or will they only need to reach Connection Servers at their site (Site B)?  Currently the UAGs are pointed at the Connection Servers at Site B.

Hopefully this is a simple answer.  We are just trying to get firewall rules in place for our DMZ network.

Thank you.

0 Kudos
1 Solution

Accepted Solutions
nburton935
Hot Shot
Hot Shot

Because both sites are in the same CPA, you can point the UAGs to either site’s Connection Servers as long as the pools are behind Global Entitlements, and your GE scope is set to all pods.

Are there desktop pools in both sites? Home sites and dedicated assignments can be used to manipulate which site the user actually connects to behind the Global Entitlement.

View solution in original post

0 Kudos
2 Replies
nburton935
Hot Shot
Hot Shot

Because both sites are in the same CPA, you can point the UAGs to either site’s Connection Servers as long as the pools are behind Global Entitlements, and your GE scope is set to all pods.

Are there desktop pools in both sites? Home sites and dedicated assignments can be used to manipulate which site the user actually connects to behind the Global Entitlement.

View solution in original post

0 Kudos
medvmwadm
Enthusiast
Enthusiast

Thank you for the reply.  At the moment, we only have desktop pools at the old Site A.  At some point we will need to repoint our access URL to the Site B UAGs for users to access.  Based on my understanding, we should be able to update our access URL at any time, and the users can traverse through Site B's UAGs and Connection Servers and access everything at Site A (to start with).  We will be building new pools at Site B and will eventually cut them over.  The overall plan is to migrate all users from the old Site A, all to Site B, pool by pool.

Also, our VMware engineer also shared this video with us which helped also, for those that may be looking at doing the same thing.

https://techzone.vmware.com/vmware?share=video1232

Thank you.

0 Kudos