Hoping the experts here a can help clarify something for me.
I have 2 data centers, one we will call EAST COAST and one we will call WEST COAST and both are configured with a pair of UAG's and connection servers. They are part of the Cloud Pod and I have configured the Global Entitlements with Home Sites enabled.
Originally, we only had the "EAST COAST" data center and my end users connected to the UAG's via the VIP that was referenced on my Load Balancer (ex: View.MyCompany.Com) which is also here in the East Coast side. This is also where our file server and an application server are located.
Now that I have users that are located in the other side of the country (west), we configured them to use their home site "West Coast". But users are obviously still pointed back to the UAG's on the East Coast Data Center (where View.MyCompany.Com is ), before being directed to use the West Coast Data Center compute resources.
Am I correct in thinking that once the users are through those UAG's, they are not actually traversing the network between the 2 Data Centers except to get to the File share(s) on the other Data Center?
Is there a better way to engineer this? Am I even on the right path?
EDIT: While discussing with our network team, we are in agreement that the interpod connectivity is done on the VIPA layer, but does anyone know what the MINIMUM network speeds are for this connection? We are on an IPSEC tunnel between the 2 sites and they are concerned with latency for users who are on the West coast, hitting the East Coast UAG's only to be redirected back to the West Coast.
Any help is greatly appreciated.
I think that for the VIPA there is not particular requirement for the network
Here a KB about the network requirement for an Horizon Environment --> https://kb.vmware.com/s/article/1027217
You can open a SR with a low level for request particular information about this question.
Regarding the design, the best practice is to have 2 UAG for site with one Local Load Balancer (preferibly in HA) for each couple of UAG and a Global Load Balancer for the two Local Load Balancers
The connection from end user to Connection Server via UAG is for "authentication level". After the user is enabled to a desktop pool, the connection is from user client to the horizon agent on VD.
If the the Virtual Desktop and the File server and others are on different location you do much network traffic fro VD to the server...and latency on the VD
I advice to have a "local" file server on the new datacenter that is the replica of the original file server, where the VD point to it, and eliminate any problem of network traffic and latency...
Depending on the GTM, you could set it that clients coming from the EAST coast IPs point directly attach to the local VIP in the EAST, but if a user from the WEST comes to the EAST and logins in and they are homesite is in the WEST they will go over the VPN between the DC's.
I created this flowchart to help with this
Not ideal, VMware now has Horizon Control Plane Services to get around this issue, for this use case it replaces the GTM with an smart brokering. When a user logins into the Control Plane URL it does a lookup to see if the user has a homesite and if so attaches it directly to the UAG VIP that's local to the users Homesite. If that site is down it will look to attach the user to another desktop in another available DC or Cloud service. This should remove the user hair pinning across the VPN between the DC's.
It does a lot more than just this, Horizon Control Plane Services | Cloud Control Plane | VMware