I would like to know how exactly Connection Server works in VMware View environment.
From my understanding Connection server
1) Authenticates user
2) Connection negotiation between the client and the virtual desktop
3) Assigns desktop
Once the user is connected to the desktop all traffic flows between view client and desktop and in between if connection server goes down, user can continue to work without any interruption? And if security server is installed all the traffic flows through security server? And also while connection server is down new users won’t be able to connect to their desktops.
I would also like to know the working of replica server from my understanding it is exact copy of connection server? In scenario where our primary connection server goes down will the replica server take over on its own or users will have to type in the replica server address in order to connect to their desktops and how can we load balance between connection server and replica server. Any help will be much appreciated.
The best answer on how the connection server works comes from PG 97 of the View installation doc http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-installation.pdf
The initial View Client connection, which is used for user authentication and View desktop selection, is created
over HTTPS when a user provides a domain name to View Client. If firewall and load balancing software are
configured correctly in your network environment, this request reaches the View Connection Server or security
server host. With this connection, users are authenticated and a desktop is selected, but users have not yet
connected to View desktops.
When users connect to View desktops, by default View Client makes a second connection to the View
Connection Server or security server host. This connection is called the tunnel connection because it provides
a secure tunnel for carrying RDP and other data over HTTPS.
When users connect to View desktops with the PCoIP display protocol, View Client can make a further
connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP
Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.
When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly
between the client system and the View desktop virtual machine, bypassing the View Connection Server or
security server host. This type of connection is called a direct connection.
Desktop sessions that use direct connections remain connected even if View Connection Server is no longer
running.
The way to use a replica server and a connection server is to place them behind a load balancer. Of one of the servers stops working the load balancer is changed to send all traffic to the working server. If you are also using security servers for connections outside the DMZ the security servers have a one to one connection to a connection server and the load balancer goes in front of the security servers.
Hope that helps
Chad
The best answer on how the connection server works comes from PG 97 of the View installation doc http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-installation.pdf
The initial View Client connection, which is used for user authentication and View desktop selection, is created
over HTTPS when a user provides a domain name to View Client. If firewall and load balancing software are
configured correctly in your network environment, this request reaches the View Connection Server or security
server host. With this connection, users are authenticated and a desktop is selected, but users have not yet
connected to View desktops.
When users connect to View desktops, by default View Client makes a second connection to the View
Connection Server or security server host. This connection is called the tunnel connection because it provides
a secure tunnel for carrying RDP and other data over HTTPS.
When users connect to View desktops with the PCoIP display protocol, View Client can make a further
connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP
Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.
When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly
between the client system and the View desktop virtual machine, bypassing the View Connection Server or
security server host. This type of connection is called a direct connection.
Desktop sessions that use direct connections remain connected even if View Connection Server is no longer
running.
The way to use a replica server and a connection server is to place them behind a load balancer. Of one of the servers stops working the load balancer is changed to send all traffic to the working server. If you are also using security servers for connections outside the DMZ the security servers have a one to one connection to a connection server and the load balancer goes in front of the security servers.
Hope that helps
Chad
Yes your users will still continue to work even if you reboot the connection server. I've done it several times. No users will be able to login when that server is rebooting. As for your replica server it uses the ADAM database in the first View connection server to replicate it to another ADAM instance on the replica. This is where VMware View stores all it's configuration information.
Take a look at this video I did on Security Servers. It outlines the traffic flow of security servers which is inline and will disconnect if you reboot a connection broker that is paired with a security server. http://www.virtualdojo.com/content/how-configure-security-server-security-servers-101