VMware Horizon Community
tonyflan1
Enthusiast
Enthusiast
‎06-08-2021 06:06 AM

UAG deployment and Connection Server Settings

Good Afternoon.

We have configured an Horizon infrastructure running on version 2012 and currently we have an internal connection server pair load balanced through F5 to provide access to users on our network.

The original plan was to give the internal connections (internal wan/lan and direct access users, basically on or internal network IP ranges) a direct connection through the connection servers (auth 443 and then direct between client and VDI on 22443).

We then had to factor in a new Zscaler (ZPA) deployment that doesn't provide the end user an internal ip address so we changed the config for Blast on the connection servers to 'Use Blast Secure Gateway for all Blast connections to machine'.

I've built another pair of connection servers that I was hoping to use for connections from the external internet via a pair of UAG's that would have tags on the connection servers/pools to route the external users.

The issue I can't get me head round is that is states in the config instructions that the secure gateway's (Blast pcoip https) should be turned off on the connection servers, which would break what I already have in place for the internal traffic/load balancer. The connection servers are in synch so I can't use different configs for both pairs of CS.

Can anyone explain what would be the best way of achieving this in my situation.

Regards

T

 

Reply
0 Kudos
3 Replies
sjesse
Leadership
Leadership
‎06-08-2021 06:19 AM

You can turn off the connection server gateways independtly even if they are replicas. If you use UAGs the secure gateways are moved to the UAG so you need to have them off/

Reply
Mickeybyte
Hot Shot
Hot Shot
‎06-08-2021 06:19 AM

@tonyflan1 ,

You can enable/disable the gateway services on each connection server separately. So if you enable them on the 2 connection servers for internal connections and disable them on the 2 connection servers for the external users, you should be fine. 

You'll probably need to split them up with 2 load balancers I think, one for internal, one for external and put 2 connection servers behind each LB.

 

 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
Reply
tonyflan1
Enthusiast
Enthusiast
‎06-08-2021 06:26 AM

Cheers Mickeybyte.

I thought these settings were being synched up and any changes to the one set would change the others. That's good news then thanks.

Reply
0 Kudos