VMware Horizon Community
Gabrie1
Commander
Commander
‎02-25-2011 01:19 AM
Jump to solution

New 4.6 and fixed IP address for PCoIP

Hi

I read this post http://myvirtualcloud.net/?p=1685 and especially this part got me a bit concerned:

"During the installation it is required to specify the external PCoIP URL, in addition to the external address for the SSL connectivity. This address must be an IP Address, not a DNS name. The installation wizard will also configure Windows Firewall automatically with the required configuration."

For one customer I have a Round Robin DNS setup which has 2 external IP addresses, two firewalls and they both end up on the same Security Server. And for my test lab, I have an ADSL connection with dynamic IP.

How would I design for these two situations?

Gabrie

http://www.GabesVirtualWorld.com
0 Kudos
1 Solution

Accepted Solutions
mpryor
Commander
Commander
‎02-25-2011 02:58 AM
Jump to solution

The PCoIP connection must go through a specific server, not a load balanced address, since another security/connection server would not be tracking that specific authenticated session. Ensuring the connection goes to the correct server is the same requirement as the existing tunnel connection, though since that supports DNS names several customers still use a load balanced address with affinity rules to ensure that it goes to the correct one (*).

(*) Slightly off topic, but when using a load balancer with tunnelling clients I recommend an N+1 setup for View, with the external URLs pointing to individual server addresses but clients initially connecting to the LB address, I've seen many customers misconfigure LB rules so that the tunnel connection gets routed to the wrong server. View documentation goes into this in detail but when using the tunnel you have two connections, the initial XML-API connection to talk to the broker to authenticate, request desktops, etc. and the tunnel connection which handles the desktop connection data, other than the sessionId you've got no guarantee as to their origin (e.g. client coming from behind a multi-IP NAT), and to get that information you need to decode SSL on the LB which obviously has performance implications, and not all LBs play well with the bi-direction tunnel data encapsulated in HTTPS.

View solution in original post

0 Kudos
2 Replies
mpryor
Commander
Commander
‎02-25-2011 02:58 AM
Jump to solution

The PCoIP connection must go through a specific server, not a load balanced address, since another security/connection server would not be tracking that specific authenticated session. Ensuring the connection goes to the correct server is the same requirement as the existing tunnel connection, though since that supports DNS names several customers still use a load balanced address with affinity rules to ensure that it goes to the correct one (*).

(*) Slightly off topic, but when using a load balancer with tunnelling clients I recommend an N+1 setup for View, with the external URLs pointing to individual server addresses but clients initially connecting to the LB address, I've seen many customers misconfigure LB rules so that the tunnel connection gets routed to the wrong server. View documentation goes into this in detail but when using the tunnel you have two connections, the initial XML-API connection to talk to the broker to authenticate, request desktops, etc. and the tunnel connection which handles the desktop connection data, other than the sessionId you've got no guarantee as to their origin (e.g. client coming from behind a multi-IP NAT), and to get that information you need to decode SSL on the LB which obviously has performance implications, and not all LBs play well with the bi-direction tunnel data encapsulated in HTTPS.

0 Kudos
Gabrie1
Commander
Commander
‎03-10-2011 02:34 AM
Jump to solution

Found a solution myself for the fixed IP address for my home lab, which has dynamic IP:

http://www.gabesvirtualworld.com/enabling-vmware-view-4-6-pcoip-with-dynamic-ip-address/

Gabrie

http://www.GabesVirtualWorld.com
0 Kudos