cbaptiste
Hot Shot
Hot Shot

Hello and thanks for the reply.  We do have a load balancer (F5) available, but our goal is to try and keep the infrastructure on all VMware platforms if possible and avoid the use of 3rd party products in the mix.  In the scenario provided in the UAG documentation, they mention to use a 3rd party load balancer in front of the Connection Servers, and point each UAG at the VIP of the load balancer, to get around the issue of one Connection Server going down. I was just hoping that the HA feature of the UAG could get around this but I'm not seeing that the case..

NSX is a VMware product so that would solve your issue of not using third party software/hardware even though vmware itself is 3rd party since it does not belong to your organization but I understand what you are saying. You want to be more of a specific vendor centric

I have one more question then that is somewhat related. If we use two UAGs in our DMZ configured with UAG HA, can we then point the external connections at the VIP of the UAGs (and avoid a 3rd party load balancer there as well?).  I was told by a VMware engineer that this is OK to do, but I am looking for additional feedback.  Again, our goal is not to have load balancing but just HA (we are well under the 10,000 connection limit per node).

If you plan on having connection brokers on your DMZ, why do you need UAGs? You can have both but it seems to defeat the purpose. You use connection servers on your LAN network and UAGs on your DMZ. You then configure your UAGs to route connections to your connection servers. Again yes you can but unless you have a specific use case as to why you wish to do that, i would highly advised against it. Lastly, you do not use connection servers in DMZ. Use security servers.

Reply
0 Kudos