Solved: Re: View 5.0 Connection server working ?

Avnish07 · ‎10-21-2012

I would like to know how exactly Connection Server works in VMware View environment.

From my understanding Connection server

1) Authenticates user

2) Connection negotiation between the client and the virtual desktop

3) Assigns desktop

Once the user is connected to the desktop all traffic flows between view client and desktop and in between if connection server goes down, user can continue to work without any interruption? And if security server is installed all the traffic flows through security server? And also while connection server is down new users won’t be able to connect to their desktops.

I would also like to know the working of replica server from my understanding it is exact copy of connection server? In scenario where our primary connection server goes down will the replica server take over on its own or users will have to type in the replica server address in order to connect to their desktops and how can we load balance between connection server and replica server. Any help will be much appreciated.

ChadRitt · ‎10-21-2012

The best answer on how the connection server works comes from PG 97 of the View installation doc http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-installation.pdf

The initial View Client connection, which is used for user authentication and View desktop selection, is created

over HTTPS when a user provides a domain name to View Client. If firewall and load balancing software are

configured correctly in your network environment, this request reaches the View Connection Server or security

server host. With this connection, users are authenticated and a desktop is selected, but users have not yet

connected to View desktops.

When users connect to View desktops, by default View Client makes a second connection to the View

Connection Server or security server host. This connection is called the tunnel connection because it provides

a secure tunnel for carrying RDP and other data over HTTPS.

When users connect to View desktops with the PCoIP display protocol, View Client can make a further

connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP

Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.

When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly

between the client system and the View desktop virtual machine, bypassing the View Connection Server or

security server host. This type of connection is called a direct connection.

Desktop sessions that use direct connections remain connected even if View Connection Server is no longer

running.

The way to use a replica server and a connection server is to place them behind a load balancer. Of one of the servers stops working the load balancer is changed to send all traffic to the working server. If you are also using security servers for connections outside the DMZ the security servers have a one to one connection to a connection server and the load balancer goes in front of the security servers.

Hope that helps

Chad

View solution in original post

ChadRitt · ‎10-21-2012

The best answer on how the connection server works comes from PG 97 of the View installation doc http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-installation.pdf

The initial View Client connection, which is used for user authentication and View desktop selection, is created

over HTTPS when a user provides a domain name to View Client. If firewall and load balancing software are

configured correctly in your network environment, this request reaches the View Connection Server or security

server host. With this connection, users are authenticated and a desktop is selected, but users have not yet

connected to View desktops.

When users connect to View desktops, by default View Client makes a second connection to the View

Connection Server or security server host. This connection is called the tunnel connection because it provides

a secure tunnel for carrying RDP and other data over HTTPS.

When users connect to View desktops with the PCoIP display protocol, View Client can make a further

connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP

Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.

When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly

between the client system and the View desktop virtual machine, bypassing the View Connection Server or

security server host. This type of connection is called a direct connection.

Desktop sessions that use direct connections remain connected even if View Connection Server is no longer

running.

The way to use a replica server and a connection server is to place them behind a load balancer. Of one of the servers stops working the load balancer is changed to send all traffic to the working server. If you are also using security servers for connections outside the DMZ the security servers have a one to one connection to a connection server and the load balancer goes in front of the security servers.

Hope that helps

Chad

vedeht · ‎10-22-2012

Yes your users will still continue to work even if you reboot the connection server. I've done it several times. No users will be able to login when that server is rebooting. As for your replica server it uses the ADAM database in the first View connection server to replicate it to another ADAM instance on the replica. This is where VMware View stores all it's configuration information.

Take a look at this video I did on Security Servers. It outlines the traffic flow of security servers which is inline and will disconnect if you reboot a connection broker that is paired with a security server. http://www.virtualdojo.com/content/how-configure-security-server-security-servers-101

Try our VMWare View Demo on www.virtualdojo.com

All

View 5.0 Connection server working ?