Hello,
We are planning to implement Horizon 7 on top of NSX environment and using the NSX load balancer from an ESG.
What is recommended to use ? One arm or Inline ?
Please advise,
Either option can work, however, inline mode is recommended for production deployments according to the VMware® NSX for vSphere End-User Computing Design Guide 1.2 This is discussed in more detail starting at the bottom of page 58.
as i know in Inline mode we have to change the Default Gateway of load balanced servers ? correct ?
thanks for the Guide.
Correct. Since the LB doesn't perform SNAT in inline mode, VMs in the pool(s) behind it must have it set as their default gateway to ensure that return traffic goes back through the load balancer.
As I see, VIEW has internal variables that make the SNAT mode insufficient for production deployments.(p 59)
P 60: Horizon has internal variables that make the inline mode the recommended topology for production deployments
Do you know what are the weak points for One armed ? and if it is sufficient for production environments with 200 user ?
I'm not sure what the specific issue with regards to Horizon is, however, if I had to guess I'd say that the most likely scenario is scale. Since the ESG load balancer can only do SNAT to a single IP address and there are only about 16,000 ephemeral ports to use for client sessions, one wouldn't be able to reach the published maximum of 20,000 active connections per pod in that scenario because you'd run out of ports to SNAT sessions to.
The only other potential issue might be some sort of reliance on seeing the real source IP, however, I expect that if that were the case they'd just call one-armed mode unsupported.