QUESTION

Is it possible to have this setup

Internal Client: connect directly to the VMware View Agent

External Client: connect via tunnelled mode through the Security Server

How?

BACKGROUND

I am trying to achieve the following

2x view connection servers load balanced using HAProxy

2x view security servers load balanced using HAProxy

I want to be able to place one into maintenance mode (disabled in HAProxy) perform my maintenance and then reboot it, bring it out of maintenance mode all without the users desktops being disconnected

I can achieve this if I

DISABLE: Use HTTPS Secure Tunnel

DISABLE: Use PCoIP Secure Gateway

Once those 2 options are disabled I can see that the clients connect directly to the VMware View Agent installed on the desktop they are connected too.

This works fine, I have then tested, rebooting the vmware view connection servers one at a time, stopping the services, forcing it to crash etc. The desktops remain connected the entire time so long as one of the connection servers is active. This is great.

My issue is, I am now trying to add some Security Servers to the mix.

I want the Security Server to act as a proxy so that the PCoIP and HTTPS are directed through the Security Server and not direct to the desktop.

I have allowed all traffic (for testing) from the Security Servers (in DMZ) to the Connection Servers (in LAN)

The desktops won't connect

I imagine it's because they are trying to connect directly, and that I need to enable those mentioned options.