VMware Horizon Community
MaxStr
Hot Shot
Hot Shot
‎06-13-2022 07:51 AM

How to set up UAG access with dual ISPs?

We have primary and backup internet providers, but our UAG is only accessible on the primary IP address and hostname. So if our primary internet goes down, we can't access Horizon due to public DNS pointing to the primary IP address.

I think I need to set up a second public DNS entry, (for example vdi2.example.com) with a different IP address. Is it possible to add another interface to my existing UAG's with a second hostname, or do I need to create a completely new UAG with its own IP and hostname "vdi2.example.com"?

Labels (1)
Labels
0 Kudos
2 Replies
sjesse
Leadership
Leadership
‎06-13-2022 07:57 AM

The best option would be to have a loadbalancer in front of it, but adding a second uag is probably best. You could look at the UAG HA mode if the virtual ip can float to either side.

0 Kudos
ggordon
VMware Employee
VMware Employee
‎06-20-2022 08:46 AM

You will probably have a listener on your primary internet firewall that is forwarding traffic to the UAG (or the load balancer in front of the UAGs). Setup a second listener with a separate IP address on your backup internet connection. It should also forward traffic to the UAG (or UAG LB).

You've then got a choice of how to give access, depending on what works best for you:

  1. At failover, change your DNS record to point to the second listener IP address.
  2. Setup a second DNS record, and direct users to use this in an outage.

Note that you might need to watch for Origin Checking as the new DNS FQDN might not match what the Connection Servers are expecting. The load balanced name used to initiate a connection would not match the actual Connection Server name. This can cause the Connection Server to reject the request. See the Origin checking section of https://techzone.vmware.com/resource/horizon-configuration#post-installation-configuration