Hi Guys,
I've tried to configure my View 5.2 environment with 2 Security and 2 Connection Servers with Load Balancer as shown in the video in following link.
Setting up PCoIP Remote Access with View 4.6 and Newer
I've few questions it would be great if you guys could answer them please.
1- Users will connect to myview.mydomain.com through Load Balancer VIP but we're not giving any URLs in the External URL instead we're giving an IP Address. Due to which View Admin console giving error that "SSL Certificate doesn't match the External URL".
2- Do I need to configure HTTP to HTTPS redirection on Load Balancer end? Because after configuring myview.mydomain.com as VIP, HTTP doesn't work anymore but only HTTPS works.
3- Can I use View Security Internal IPs (which are in DMZ) on External URL and PCoIP External URL?
Please find the attached screenshotsof my current configurations for Security Servers which works fine using Source Hash. Only 2 issues as dicussed above
View Administrators shows SSL Certificate does not match the External URLs and HTTP to HTTPs redirection.
Looking forward for your answers.
Cheers
Hi mobinqasim786
The video from the link Setting up PCoIP Remote Access with View 4.6 and Newer is really helpful.
1. If you have VIP with myview.domain.com, e.g. first view connection/security server1 myview1.domain.com, and second view connection/security server2 is myview2.domain.com, you would need SSL Certificate with Subject Alternative Name (UCC Certificate) so the SSL can accept multiple hostname SubjectAltName - Wikipedia, the free encyclopedia
To use the new certificate, you would need to import the certificate, follow the guide here "Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate" VMware View 5.2 Documentation Library
2. To allow HTTP connections, you would need to edit the locked.properties file on the View Connection Server or Security Server, see the Horizon View Administration Guide here "Allow HTTP Connections to Intermediate Servers":
VMware View 5.2 Documentation Library
3. For External URL, on 1st security server: myview1.domain.com, 2nd security server: myview2.domain.com. External URL should not be load balanced
Similar for blast, 1st sec server: https://myview1.domain.com:8443, 2nd sec server: https://myview2.domain.com:8443
PCoIP Secure Gateway, 1st sec server: 10.20.30.10:4172, 2nd sec server: 10.20.30.11:4172
There is a good blog post on this too http://vmfocus.com/2014/01/14/load-balancing-horizon-view-design/
Don't forget to check the Load Balancer whitepaper or configuration guide for load balancing Horizon View
Hope this helps.
Thanks,
Bayu
Make sure the thumbprints of both certificates are the same, had an issue with that in the past.
Can't work with non-secure connections anymore in 5.2/3 , make sure the certificates are correct and add SAN names to accomodate for alternative names.
I once wrote a blog about it, due to an issue I was experiencing.. perhaps it might be of help vThoughts of IT: VMware View certificates and thumbprints - Man in the middle issue
That would help you with the first question you had.
The second question, I think you know my answer... you don't want http, you have to alter the clients and the servers to allow it. I think it's better to go secure.
Hope this helps
gr
Rob