SSL Offloading and Ports

khloh · ‎10-26-2016

I have an environment whereby user Client machine will connect to the Connection Server(CS) thru a Load Balancer(LB)

SSL will be terminated/offload at the LB, therefore the connection from View Client to LB will be HTTPS and the connection from LB to CS will be HTTP

No Security Server setup as this is for internal connection

On the Connection Server:

- Configured both Connection Server 1 and Connection Server 2 to accept http traffic by creating the locked.properties files (KB 2146314)

serverProtocol=http

- Configure HTTPS secure tunnel URL : lb.example.com:443 (to point to my LB)

Ports required:

From Client Machine to LB : port 443(HTTPS), 4172(PCOIP), 8443(Blast), 3389(MMR)

From LB to Connection Server : port 80(HTTP), 4172(PCOIP), 8443(Blast), 3389(MMR)

I am able to connect to my View remote desktop using PCOIP or Blast display protocol BUT NOT with RDP display protocol.

I get the error : "The connection to the remote computer ended" (after I selected the Desktop Pool)

Do I need to allow port 443 (from LB to Connection Server) if SSL is offloaded to LB?

Hope anyone with the same scenario can share the configuration steps. Thanks!

markbenson · ‎10-31-2016

It is better to configure the load balancer to also use HTTPS 443 between LB and VCS. This is often termed SSL bridging not SSL offload. That way the connection is secure right through and the performance impact is minimal. Install the same SSL server certificate on the LB and VCS.

Note that 3389 from the client to LB or LB to VCS is not required as that communication is either direct to the virtual desktop or tunnelled through the HTTPS tunnel on port 443.

Mark

All

SSL Offloading and Ports