VMware Horizon Community
vmmaj
Enthusiast
Enthusiast
‎05-29-2020 12:32 PM

VDI Remote access via Internet Zero Clients - Security Server - Drops

Hi all,

Covid-19 has had us move many of our workers home. Our workers are on VDI desktops. They have brought home their zero client and connect in via a security server\connection server.

For the most part it works wonderfully but it does have some problems that are bringing me much grief. Some of the users will experience the dreaded black screen at most inopportune times and some will get dropped entirely and have to re-login. I suspect this is due to poor internet connections and home network issues. I myself have my zero client\VDI running at all times from home and have never been dropped or seen the black screen.

Anyway, is there a way to make the connection more robust so that it does not drop as easy, any tweaks i can do on the agent or connection server.

Are UAGs better at this then a a security server setup?

Thanks for your replies.

Martin.

0 Kudos
2 Replies
mat2k7
Enthusiast
Enthusiast
‎05-30-2020 09:33 AM

Hi,

we are running Horizon 7.12 with UAG with most workers home and no issues so far.

What i have seen with poor connection on workers end is laggy respondig to input or black stripes which go away very slowly. The  blackscreen issues we had in the past were related to very high latency  or complete internet connection drop on workers end.  Firewall misconfiguration eg. blocked ports or high firewall workload could also play a role.

regards

Mat

0 Kudos
Shreyskar
VMware Employee
VMware Employee
‎05-31-2020 08:33 AM

Hi vmmaj

If connections drop only for users having weak internet connection and not for others, it means horizon environment is fine.You may also check zero client compatibility guide with horizon https://www.vmware.com/resources/compatibility/pdf/vi_view_guide.pdf

You can tweak pcoip settings for varying network conditions like you can set pcoip max bandwidth floor, turn off build to lossless feature etc. Modifying these settings can improve an end user's VDI experience with constraint network condition:

PCoIP Bandwidth Settings

You can also check https://virtualizationreview.com/articles/2019/06/14/drilling-down-on-pcoip-settings-on-vmware-horiz...

pastedImage_2.png

Answering to your second question,UAG is far superior than security server. Below are the advantages of using UAG over security servers:

View Security Server    

Has dependency on Windows OS, can always has security concerns.

Needs one to one mapping with connection server.

Does not support other EUC products.

Unified Access Gateway

  • Linux Appliance, More secure.
  • No need of one to one mapping to connection server, we can map to a VIP
  • It can support Airwatch, Horizon View,VIDM.
  • It is easy to install and deploy instead of security server. UAG has very nice GUI to manage.
  • It is possible to separate traffic, you can have a UAG with 1 NIC, 2 NIC’s or 3 NICS, where with 1 NIC it is the same situation with a Security Server. 2 NIC’s you separate DMZ Internet with DMZ Internal Traffic (where internal/management traffic is over 1 Interface (NIC). And 3 NIC’s where every part has its own network, 1 NIC for DMZ Internet, 1 NIC for DMZ Internal Traffic and 1 Interface for DMZ Internal Management Traffic. So every part is separated and thus more secure.
  • When you have the UAG up and running, you can export the configuration. Whenever the appliance breaks due to mistakes, security breaches or whatever, you deploy a new UAG and import the Configuration.
  • When you need to upgrade the appliance, you can do an in-place-upgrade, or just roll-out a new version and import the configuration as simple as that.