VMware Horizon Community
MikeSchreina
Contributor
Contributor

Horizon 7 Connection Server and Replica Server

i am trying to get an idea of how to have a redundant solution for my Horizon Connection Servers.

Is this solution supposed to go behind a load balancer like an F5?

Does it come w/ its own built in loadbalancing solution?  I remember Microsoft had a software based solution like this.

I am wondering mostly becauase our entire network is secured w/ a firewall on each vlan.  I just complted a 1 Connection Server solution, now i have to duplicate all the firewall requests.  UHHHHHHggghhh.....

Reply
0 Kudos
2 Replies
MatthewDay
Enthusiast
Enthusiast

I had this same question when I built my Horizon 7 environment and through some research I found out that it really isn't feasible to have a "redundant" Horizon environment.

Here's why:

Connection servers are essentially broker servers and are used to establish a connection to the VDI desktop. A user logs on to that desktop through the connection server. SO when a connection server crashes, all the desktop sessions being brokered by that server will also go down. Existing sessions cannot be automatically rerouted to another connection server without causing a disconnect. (We can assume this is a security feature, otherwise session hijacking would be very real problem).

Since a truly redundant scenario is not possible, you can instead work on reliability. By having multiple connection servers you can balance the load of your users between them, so in the event one goes down, you only drop the connections of a portion of your users. For this to work automagically, you will need some form of a load balancer. check out this link below, it discusses the pros and cons of different load balancing techniques.

https://vmfocus.com/2014/01/14/load-balancing-horizon-view-design/

Without one of these load balancing techniques, you will have to manually set the connection server on the Horizon Client and portion your users accordingly.

This is what I've experienced in my environment so if anybody has anything different to add, I would also be very interested to hear.

Reply
0 Kudos
MikeSchreina
Contributor
Contributor

We were able to get this working.  one security server behind the F5 worked, but the other did not.  finally, we told our Security Team to look at the working IP, and the non working IP and find the difference.  They finally did that, and it worked.

Reply
0 Kudos