QUESTION
Is it possible to have this setup
Internal Client: connect directly to the VMware View Agent
External Client: connect via tunnelled mode through the Security Server
How?
BACKGROUND
I am trying to achieve the following
2x view connection servers load balanced using HAProxy
2x view security servers load balanced using HAProxy
I want to be able to place one into maintenance mode (disabled in HAProxy) perform my maintenance and then reboot it, bring it out of maintenance mode all without the users desktops being disconnected
I can achieve this if I
DISABLE: Use HTTPS Secure Tunnel
DISABLE: Use PCoIP Secure Gateway
Once those 2 options are disabled I can see that the clients connect directly to the VMware View Agent installed on the desktop they are connected too.
This works fine, I have then tested, rebooting the vmware view connection servers one at a time, stopping the services, forcing it to crash etc. The desktops remain connected the entire time so long as one of the connection servers is active. This is great.
My issue is, I am now trying to add some Security Servers to the mix.
I want the Security Server to act as a proxy so that the PCoIP and HTTPS are directed through the Security Server and not direct to the desktop.
I have allowed all traffic (for testing) from the Security Servers (in DMZ) to the Connection Servers (in LAN)
The desktops won't connect
I imagine it's because they are trying to connect directly, and that I need to enable those mentioned options.
You have to use different connection servers for your external and internal users. Enable tunnelling on the connection servers you use to serve your external users. If you want to use the same URL for connecting external and internal users, have your internal and external DNS servers to resolve different IP's
As mougT said, you need to use different connection servers for your internal and external users - the tunnel setting is per connection server, so you must pair your security servers with a connection server that has the option enabled and point internal clients to one without. See the "security server topologies" section of the admin guide: http://pubs.vmware.com/view-51/topic/com.vmware.view.planning.doc/GUID-955BC8CA-B662-43ED-BE39-50C96...
Mike
Thanks guys,
was hoping that wasnt the case
as to eliminate a single point of failure I would require 6 servers just for the vmware view part then, yes?
2 x Connection Servers ( Used for Internal)
2x Connection Servers ( Used for External) paired with 2x Security Servers in DMZ
+ multiple load balancers
dam, I only have 200 users thats alot of servers just for them