I have set up 2 vCloud director servers for redundancy:
http address: vcd1.example.com
console proxy address: vcdcon1.example.com
http address: vcd2.example.com
console proxy address vcdcon2.example.com
I have set up a public URL through a load balancer: vcd.example.com. This works perfectly - I can login to the public URL on the load balancers and vCD functions correctly.
https://vcd.example.com load balanced to back end vCD servers vcd1.example.com and vcd2.example.com.
Now I am trying to get the console proxy going through the load balancers and have not been able to get this working.
I first verified that the remote console works when connecting to the consoleproxy addresses on the vCD servers, for example vcdcon1.example.com and vcdcon2.example.com. The console connects fine and I can login to the VM.
I have set up a public consoleproxy address on the load balancers, for example https://vcdcon.example.com which load balances to vcdcon1.example.com and vcdcon2.example.com.
When the remote console to a VM is launched I get the following error:
Unable to connect to the MKS: Timeout while attempting read.
I have tried this on a Juniper DX load balancer and a Zeus Traffic Manager appliance and get the same results. On the Zeus I can see the last HTTP request sent from my PC before the above error is seen:
CONNECT 10.10.10.100:902 HTTP/1.1
10.10.10.100 is the public console proxy IP, i.e. vcdcon.example.com.
I am using self signed certificates for public and back end https.
Does anyone have load balancing working for vCD consoleproxy addresses?
TIA - Trevor
Thanks for the tip.
Another thing: I had assumed that I would need to get the load balancer to do the SSL termination and it appears that that is the wrong approach. It seems for the console proxy, the load balancer needs to pass through the communication unprocessed in any way.
I used round robin load balancing with persistence based on client IP address, and no SSL termintation/offloading and this works for both load balancers.
For the Juniper DX 3250 load balancer:
-Set up a Forwarder with an listener IP x.x.x.x Port 443
-Target hosts set to the two console proxy IP addresses
-SSL Listen Side: Disable
-SSL target Side: Disable
-Load balancing Policy: Round Robin Sticky Load Balancing: clientip
-Advanced: Enable Sticky Failover
For Zeus Traffic Manager I have attached a PDF with the settings I made.
If anyone reading this has set this up successfully with F5 or Citrix then please post your settings here to share with the community.
Once again, thanks Max for pointing me in the right direction.
you can only use ssl termination for HTTP service ,not for proxy-console.
You cannot terminate the ssl session and after recreate. proxy-console service has been designed in this manner for speed reason.