Load Balance Security Servers - VMware View: Chapter 18

Load Balance Security Servers - VMware View

There are many options for load balancing your VMware View environment. Ideally, whatever solution you use should offer load balancing (as you might expect) but also be able to detect when nodes in the cluster become unavailable. Load balancers vary in quality and some do not handle this second requirement very efficiently. Of course, your availability issues could also be addressed with a combination of VMware High Availability and Fault Tolerance if your services were running in vSphere VMs.

Hercules is an IP-based load balancer that runs as a virtual appliance and is free to download from VMware’s Market Place. I first came across this system from teaching the old VMware Virtual Desktop Manager (VDM) course, where we used it in the student labs. It does the job and simplifies the end user connection as they only need to connect to one IP address. True load balancing appliances - either physical or virtual - are likely to come in pairs to prevent them becoming a single point of failure but respond to one single IP address. You can download Hercules from here:

http://www.vmware.com/appliances/directory/300

The default login is root and the password is root, you will have to use the Linux text editor Vi to edit the /etc/network/interfaces file to modify its IP address. Once you have set the IP address of Hercules, you can use its PEN command to set the two Security Servers, and it will load balance like so:

pen 443 192.168.2.175:443 192.168.2.176:443

Alternatively, a cost-effective solution is to use Microsoft Network Load Balancing to create an NLB cluster of two or more Security Servers. Microsoft NLB is relatively easy to set up, and while it does handle load balancing successfully, I’ve found it somewhat lacking in detecting whether one of the nodes in the NLB cluster has gone down. It doesn’t seem to have much awareness of the IP dependencies between the various components that it balances – additionally there will be scalability issues with NLB when you have a large enterprise deployment. The more I have investigated these options, the more I think how much simpler life would be if I only had one Security Server and Connection Server, and they were protected by VMware Fault Tolerance. However, the one thing that stops this configuration is patch management and upgrades. If you only have one Connection server and Security server, it becomes impossible to take down one of the roles to carry out maintenance of the server. Additionally, VMware FT does not protect a VM from service failure within the guest operation system.

What follows is very much a “Getting Started” guide to Microsoft NLB, it will not cover every single option or setting. My intention here is merely to show you an example of a load balancing system, and how it affects the configuration of the Security Server.

Want to read more of this guide?

Download the full “Administering VMware View 4.5” Guide (21 Chapters). The full guide contains additional step-by-step instructions and screen shots in each chapter.

This was first published in September 2010

Dig deeper on VMware Resources

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchServerVirtualization

SearchVirtualDesktop

SearchDataCenter

SearchCloudComputing

Close