VMware Horizon Community
Bert2017
Contributor
Contributor
‎01-17-2024 08:40 AM

Horizon 8 CPA and internal users

Hi,

I'm looking at using Horizon 8 CPA within the same location but to allow different versions of Horizon 8 to run under a single name space as we have some old RHEL agents that are still needed for the next 18 to 24 months.  The single name space used for CPA means I can just add "sites" and pods as needed without the users having to login to multiple Horizon environments.  Looking at the architecture, I can only see how external users would connect via UAGs, how would internal users on the corporate network login to the same single name space but avoid going through the UAGs???  Would they in theory resolve to the GSLB but due to the source IP be redirected to the connection servers and from there the 2nd protocol is client to agent (so not tunnelled through the UAG)???

Thanks in advance.

0 Kudos
3 Replies
Mickeybyte
Hot Shot
Hot Shot
‎01-17-2024 11:30 PM

@Bert2017 

The best way would be to setup an internal load balancer to group your connection servers and let internal users connect to that LB. 

Just a remark: running different Horizon version in CPA is supported during upgrades, but not on a long term basis. Not saying it won't work, just "not supported". 

 


Regards,
Mickeybyte (ITPro blog)

If you found this comment useful or an answer to your question, please mark as 'Solved' and/or click the 'Kudos' button, please ask follow-up questions if you have any.
0 Kudos
ymagalif
Enthusiast
Enthusiast
‎01-19-2024 03:13 PM

Bert2017,

If your load balancer (and you need one for this) is advanced enough (like F5 or Netscaler), then it can direct connections to your GSLB single name based on determining where the source IP originates (internal or external networks).

However, that is not normally how most of these setups are configured.

Instead, configure Split DNS. Let's says your unified GSLB name is desktops.company.com. In order to do Split DNS, group your Connection servers under one specific virtual IP (VIP) on your load balancer, which will be a private IP (let's say 10.10.10.20). Then, group your UAGs under a different specific virtual IP (VIP) on your load balancer, which will be a public IP (let's say 68.3.50.22).

On your internal DNS, configure your unified name, desktops.company.com to resolve to 10.10.10.20. With your external public DNS provider (or self-hosted), configure your unified name, desktops.company.com to resolve to 68.3.50.22. 

And you are correct, for the internal connection, if your Connection Servers do not have tunneling enabled (3 checkboxes on the Edit page of the Connection server in Horizon Administrator), then after the Connection Server sets up the connection, it passes the data traffic to the Client and Agent, and does not participate in the data flow (but still monitors the connection).

Sincerely,

Yury Magalif

0 Kudos
Bert2017
Contributor
Contributor
‎01-25-2024 01:03 AM

Hi Gents,

Sorry for the late response but been away for a few days.

Looks like we have an internal GSLB service that I will hook into for this.  As for running the 2309 POD alongside an earlier version, I'm being given the impression by our HQ architecture team that this is going to be fine but I will have to try and fight them off that until such time we are able to upgrade the whole environment (the HQ architecture team do not seem to worry about the support side of things....).

Thanks both for your input.

0 Kudos