Load Balancing VMware View with Cisco ACE: Part1

I am currently working on a large VMware View Design project , thought of sharing my experience with some of the solutions that I have designed in this project , which will be useful  for others for reference. As this is a large View Farm, for resiliency we needed to have load balancing mechanism, the choice for the load balancer solution in this case was Cisco ACE 4710.In this article I will discuss about the architecture and the setup, in the next article on this series I will take you through the configuration of the CISCO ACE device.

In the View setup there were users who will access the view setup from LAN and there were remote users, for such scenarios you need to use the VMware View connection server with Replica server for LAN users and for remote users you need to have VMware View Security servers which will pass the remote connections to the View Connections servers. Generally the View security servers will be place in a DMZ setup.

Below is the logical Architecture diagram for this scenario.

As you can see in the diagram there is load balancing requirement in both LAN and Remote(WAN) scenarios , which means you need two load balancers for each use case LAN and WAN.

Let’s look at one of the scenarios in more detail; I am taking the LAN use case for further discussion in this article.

So, let me take you through some of the basic concepts and prerequisites of the configuration.

What is that we are trying to load balance here and why is this important?

We are doing load balancing for VMware View Connection servers which acts as a VDI broker between the Client and the Virtual Desktop, each connection server in the farm is responsible for these connections. So the use case for the load balancers apart from making sure that the load is evenly distributed to the connections servers is also to act as a failover components in case one of the connection servers is not available.

So how does the traffic flow from the View Client to the Virtual Desktop?

A View Client establishes an HTTPS connection to the View Connection Servers for the sake of initial authentication, pool association/entitlement, and View Agent VM association. The second phase connection is still between the View Client and the View Connection Server. The second phase connection uses an encapsulated RDP-in-HTTP or RDP-in-HTTPS session to the View Connection Server, which then “proxies” the RDP session to the View Agent VM.

Below are the references taken from the View 5.1 Architecture Planning Guide on the traffic flow.

The above traffic flow is without Security servers.

The above traffic flow is with Security servers.

Now let’s have a look at my physical design for the local LAN uses case.

There are two options for Cisco ACE configuration

  • One Arm Mode
  • Routed Mode

In my design the Cisco ACE load balancers are configured in One Arm mode and I have 2 ACE devices configured with one Virtual IP of 10.68.200.25, this is the IP which will be configured in the View Clients for access to the View desktops via the View Connection servers, the VIP will represent all the 3 View Connection servers. The traffic flow in One Arm Mode is below.

  • Traffic from the client to the Virtual IP (VIP) is routed normally by the L2/L3 switch or router.
  • Traffic from the Ace to the server is routed normally by the L2/L3 switch or router. In this configuration SNAT is being used, the source IP address is in the client NAT pool. Otherwise the source IP address remains the client IP address.
  • Traffic from the server is returned to the L2/L3 switch or router because the router is the server default gateway
  • The destination IP address in the server response is routed normally to the ACE device.
  • Traffic from the ACE to the client is routed normally by the router. Since SNAT is used in this scenario, the ACE will translate the destination IP address from the NAT pool IP address to the client IP address.

Below is the list of things which needs to be configured in the load balancer to start monitoring the View Connection server.

Item

Attribute

Specification

1

Support Virtual IP/DNS for VMware View

VIP representing set of View Connection Servers

2

Load balancing based on

Least Connections

3

Keepalive Mechanism

HTTP GET /favicon.ico

4

Keepalive / Health Check

Every 2 seconds

5

Keepalive Timeout

2 seconds

6

Ports to be monitored

443 (HTTPS)

7

Windows Service to be monitored

VMware View Connection Server Service

I will take you through the details of the Cisco ACE configuration in more detail in my next article in this series. Hope this article has given an idea on the architecture and guidance on how Cisco Ace can be integrated in a VMware View solution as a load balancer.

2 thoughts on “Load Balancing VMware View with Cisco ACE: Part1

  1. Samir,

    Nice write up!

    Diagrams for workflow should be swapped or your comments (above traffic flow is with or without security server) should be swapped.

  2. Pingback: Load Balancing VMware View with Cisco ACE: Part2

Leave a Reply

Your email address will not be published. Required fields are marked *

*


+ one = 4