VMware Horizon Community
edawg
Enthusiast
Enthusiast

Load Balanced Security Servers

Hello-

I currently have a working POC running View 5.3 with a security server, in the DMZ, paired to an internal connection broker.  Security server has a signed certificate and is reachable from the Internet. Network team has Natted and firewall rules in place to successfully allow connections back into our network. So far so good.

Management wants to move this from POC to Production so I need to add another security server and pair it back to a second connection broker.  My problem is we don't have external load balancers I can use so I am looking for other ways I can provide a highly available environment.  One thought is to configure Microsoft Network Load Balancing between the two security servers and have the firewall pass the connections back to the clustered IP address.  Has anyone seen this working in the DMZ?  Also, does anyone have any suggestions regarding how I can provide HA for the security servers assuming I don't have load balancers in house to use and can't get MNLB to work?

Thank you in advance,

Erik

2 Replies
rcporto
Leadership
Leadership

Check if helps: Load Balancing View Security Servers - vmwiki

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
cgrubbe
Enthusiast
Enthusiast

If I were going to load balance, which I don't think you're technically supposed to do, I would use a couple of Linux boxes, in a cluster, running HAProxy as a load balancer in front of both external Security Servers and in front of a separate set of Connection Managers for internal clients.  Smiley Wink  Gives you a fully redundant setup for your connection managers.

I've had this running for years without any trouble.  Others had worked with our network team to get MS NLB working in the past to no avail, so this was the most cost effective and in the long run, highly reliable option.  If I had it to do all over again I'd probably skip clustering the linux boxes, since HAProxy is rock solid and any outage from updating the OS is minimal.  I've also been able to use the same HAProxy instance for load balancing a handful of other services at the same time. 

-Chris