VMware Cloud Community
asyadav20
Contributor
Contributor

Console-Proxy for cloud director 10.2 behind NSX Advance Load balancer not working.

Hi,

We have deployed cloud director 10.2.1( appliances) in a multi- cell configuration and its being protected behind NSX Advance Load Balancer which is configured in "in-line mode".

We are able to access the Portal fine from external and internal using the VIP IP however we are not able to connect to webconsole of the virtual Machines running in cloud. 

Since its an appliance for the console proxy we have defined the external url with port 8443

on Load Balancer there are two services which are created.

1. one for portal access on port 443. We have applied the signed certificates and it is working fine.

2. 2nd service is created for port 8443 on the same public IP with no certs applied but application profile is L4 based.

I can successfully telnet on port 8443 from outside which tells me that communication is fine however console access does not work at all.

if anyone have configured AVI laod Balancer to protect Cloud Director appliances. I have not seen any official documentation giving any refrence of VCD behind AVI.

any ideas what could be wrong?

Reply
0 Kudos
3 Replies
Sreec
VMware Employee
VMware Employee

1.Please confirm that you are not terminating the console proxy sessions in AVI LB? 

2.If you are using WAF, kindly limit to learning mode for Console proxy VIP.

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Reply
0 Kudos
asyadav20
Contributor
Contributor

Hi Sreec,

I have done the config in the suggested way but may be I am missing something. Are you able to share an example config how exactly that is done at AVI service. 

Since we are using cloud director appliance, same public IP is being is used for http portal as well a consoleproxy on 8443. attached is a screenshot of the AVI service config for console-proxy showing service config and vmrc pool config.

Reply
0 Kudos
Sreec
VMware Employee
VMware Employee

Apologize for the late reply. Screenshots are not clear :), please do provide me the precise snippet. Also, can you confirm if you access direct VCD Cell IP and access console is it working? 

Cheers,
Sree | VCIX-5X| VCAP-5X| VExpert 6x|Cisco Certified Specialist
Please KUDO helpful posts and mark the thread as solved if answered
Tags (1)
Reply
0 Kudos