Forum Discussion

peedje's avatar
peedje
Icon for Nimbostratus rankNimbostratus
Jun 15, 2013

use f5 ltm as load balancer to vmware view security server

We have in dmz f5 ltm 11.2 and want to setup a vmware view 5.2 connection through the f5 to the vmware view security server as a load balancer. the problem we now have is that we get the login from vmware view client and after authentication the session is disconnected.

 

Can someone can tell me what the best practise is to use the f5 as loadbalancer connecting to a vmware view security server. We don't use the iApp because the app want to setup the f5 as security server and thereby must the vdi clients have a route to the internet and is forbiden in our company.

 

 

3 Replies

  • There are options in the current iApp that address the specific situation you are describing. The iApp https://devcentral.f5.com/wiki/iApp.VMware-View-iApp-v1-0-0.ashx does have a means of connecting the F5 to the Security server. The second diagram on page 4 is of this exact scenario. Make sure the pool members are your Security Servers and answer the following question on page 18. NO.

     

     

    Should PCoIP connections go through the BIG-IP system?

     

    Select whether PCoIP connections are routed through the BIG-IP system. No, PCoIP connections should not go through the BIG-IP system

     

  • peedje's avatar
    peedje
    Icon for Nimbostratus rankNimbostratus
    ppindell, I configured the connection by iApp. Now the situation is that the view client can login on the vmware view environment but when an vdi desktop is clicked the connection drops.

     

    I choice into the iApp ssl offload, no PCoIP, least connections (members), pool members on port 443, analytics. Rest is default. Outside the iApp i put in a ssl profile server and chanced the healt monitor on the pool (this because our security servers only may connected by 443).
  • peedje,

     

    It seems to me that you may have some ports not open between your DMZ and your view desktops. This document (beginning page 19; https://pubs.vmware.com/view-52/top...curity.pdf) summarizes the necessary firewall port configuration. As a point of reference I've attached a pdf of my configuration (generated by the iapp). We have all features of the VMware View 5.2 working internally and externally (I've attached the external config). This does not include the Blast Gateway. The iapp does not include that. For that you will need to create a new virtual server on the F5 for port 8443 and leave everything default except Source Address Translation (choose Auto Map) and make sure Port and Address Translation is checked (at least this is what I had to do to get it working). Hope this helps.