Let’s say you are going to run a Proof of Concept (PoC) for VMware Horizon and you want to include some basic load balancing. It is best practice after all. Not everyone has an existing load balancer to tack Horizon onto, or maybe it’s a time-consuming process to request and get a new VIP or two. Luckily VMware has a load balancer that pairs nicely with VMware Horizon.
The goal of this post is to share a basic Avi configuration for a test/PoC Horizon environment. To keep it simple I’m using only self-signed certificates and just focusing on load balancing for the Horizon Connection servers. I wouldn’t recommend this configuration for production without proper signed-certs, but those can always be added later.
Avi is simple enough that it can be included in a PoC with little extra work and with official documentation outlining support for Avi and Horizon there is no better pairing. All while gaining the awesome analytics from Avi to help monitor and troubleshoot those pesky Horizon user session complaints.
FYI Avi Vantage is now called NSX Advanced Load Balancer (ALB).
*Please keep in mind this is a basic setup to just get Avi acting as a load balancer for Horizon. If you move this to production you should review all the settings and configurations and utilize signed certificates.
Prep Work
Install an Avi Controller or controller cluster and add your vCenter as a Cloud Infrastructure. I covered a vSphere install of Avi in a previous post.
It might be good to review the official documentation to be sure your environment doesn’t require anything different from what I’ve outlined here.
Avi Vantage for VMware vCenter
Configure Avi Vantage for VMware Horizon
Be sure to have your Horizon environment stood up as well. I will not be covering that here.
Load Balancing Traffic to Horizon Connection Servers
Step 1: Connection Server Health Monitor
After logging into your Avi Controller from the UI navigate to Templates > Profiles > Health Monitors. Click Create.
Within the New Health Monitor start by giving it a Name (1) such as Horizon-HTTPS. Next select Type > HTTPS (2). Set the Send Interval (3) to 30 seconds and the Receive Timeout (4) to 10 seconds. Then enter the Health Monitor Port (5) as 443.
Scroll down within the New Health Monitor to set the Response Code to 2XX (1). Check the box next to SSL Attributes (2). Then select the appropriate SSL Profile (3). Here we are simply using the built-in System-Standard. Once complete click Save.
Step 2: Create an SSL Profile
Navigate to Templates > Security > SSL/TLS Profile. Click CREATE > Application Profile.
Give the new SSL Profile a Name (1). Then select the dropdown under Accepted Versions (2) and add TLS 1.1. If you know you only need TLS 1.2 you can leave 1.1 out, but in case of any backward compatibility, we can enable it. Then deselect Enable SSL Session Reuse (3) before clicking Save.
Step 3: Create a Server pool
Navigate to Applications > Pools and then click CREATE POOL.
Next, select the appropriate Cloud (1) where you need to provide the load balancing service. Here I’m selecting my on-prem vCenter where the connection servers live. Make your selection and click Next (2).
First, provide a Name (1) for the new server pool. I’ve chosen to call it Horizon Connection Server Pool L7. Below, change the Default Server Port (2) to 443. For Persistence, we can keep it simple with System-Persistence-Client-IP(3). Leave the other options at their default values and move down to the SSL to Backend Server section and select the check box for Enable SSL (4). Under SSL Profile (5) select the previously configured profile. I selected the HorizonConnServer-SSL-Profile I created in Step 2. Now click Next.
On the Servers tab either enter the Horizon Server IP address(s) or DNS Names into the Server IP Address field. Alternatively, click the button to Select Servers by Network as I’ll demonstrate. Since I added my vCenter server as a cloud resource I can view the network resources within it.
The select server option may not be available depending on what type of cloud and the permissions you configured when setting up Avi. In that case, simply enter the IP or DNS of the servers and click the Add Server button for each.
If you are selecting by Network choose the appropriate vCenter network (1) where your Horizon Connection Servers are connected. You can then search or scroll to the appropriate servers and select the checkboxes (2) next to their name. Once you’ve selected them click the ADD SERVERS (3) button.
You should now see your Horizon Connection servers listed under the Servers section. Click Next.
On the Advanced page, you can leave everything default and click Next.
If everything looks correct on the Review page click Save.
Step 4: Create an Application Profile
Navigate to Templates > Profiles > Application and click Create > HTTP.
On the General page enter a Name (1). I’ve called mine App-Profile-ConnectionServer. Deselect the options for Connection Multiplex (2) and X-Forwarded-For (3). Click Save as none of the other options need to be set.
Step 5: Create the L7 Virtual Service
Navigate to Applications > Virtual Services and click Create Virtual Service > Advanced Setup.
Select the appropriate Cloud where you need to provide the load balancing service. Here I’m selecting my on-prem vCenter where the connection servers live. Make your selection and click Next.
First, provide a Name (1) for the new Virtual Service. Then under the VIP Address section enter the FQDN or IPv4 Address (2) for your load balanced Virtual IP (VIP). This is the address Horizon Clients will connect to and ultimately be load balanced between all your connection servers. Assuming DNS was properly configured in advance Avi will pull the corresponding IP for the FQDN from DNS. Next, select the checkbox for SSL (3). Then select the Pool (4) created in Step 3. Now under the SSL Profile (5) select the Horizon SSL Profile created in Step 2 of this guide. Click Next.
Leave the defaults for the Policies page and click Next.
Again, leave the defaults for the Analytics page and click Next.
The Advanced page can also be left with the default options. Click Save.
Assuming you gave Avi write-access to your vCenter, as I’ve done, it will begin deploying an Avi Service Engine (SE). From the Avi Controller, you will see the state transition to Creating.
You will also see in vCenter the SE is being deployed. It should only take a few minutes to complete depending on your hardware.
At this point, the Avi side configuration should be done for load balancing Horizon Connection Servers. There are a few settings to consider on the Horizon side, such as Tunnel Services and allowing HTML access with the load balancer. I’ll cover those in a separate blog post.
Thanks for reading!
One thought on “Avi Load Balancing for VMware Horizon”