• No results found

How To Create A Web Server On A Zen Nlb (Networking) With A Web Browser On A Linux Server On An Ipad Or Ipad On A Raspberry Web 2.4 (

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Create A Web Server On A Zen Nlb (Networking) With A Web Browser On A Linux Server On An Ipad Or Ipad On A Raspberry Web 2.4 ("

Copied!
29
0
0

Loading.... (view fulltext now)

Download now ( 29 Page )

Full text

(1)

Wyse vWorkspace 8.6 - Setting up load

balancing using ZEN NLB Appliance

Dell Cloud Client-Computing Revision 20150828

(2)

Revisions

Date Description August 2015 Initial release

(3)

THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND.

© 2013 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell.

PRODUCT WARRANTIES APPLICABLE TO THE DELL PRODUCTS DESCRIBED IN THIS DOCUMENT MAY BE FOUND AT: http://www.dell.com/learn/us/en/19/terms-of-sale-commercial-and-public-sector Performance of network reference architectures discussed in this document may vary with differing deployment conditions, network loads, and the like. Third party products may be included in reference architectures for the convenience of the reader. Inclusion of such third party products does not necessarily constitute Dell’s recommendation of those products. Please consult your Dell representative for additional information.

Trademarks used in this text:

Dell™, the Dell logo, Dell Boomi™, Dell Precision™ ,OptiPlex™, Latitude™, PowerEdge™, PowerVault™,

PowerConnect™, OpenManage™, EqualLogic™, Compellent™, KACE™, FlexAddress™, Force10™ and Vostro™ are trademarks of Dell Inc. Other Dell trademarks may be used in this document. Cisco Nexus®, Cisco MDS®, Cisco

NX-0S®, and other Cisco Catalyst® are registered trademarks of Cisco System Inc. EMC VNX®, and EMC Unisphere® are

registered trademarks of EMC Corporation. Intel®, Pentium®, Xeon®, Core® and Celeron® are registered trademarks of

Intel Corporation in the U.S. and other countries. AMD® is a registered trademark and AMD Opteron™, AMD

Phenom™ and AMD Sempron™ are trademarks of Advanced Micro Devices, Inc. Microsoft®, Windows®, Windows

Server®, Internet Explorer®, MS-DOS®, Windows Vista® and Active Directory® are either trademarks or registered

trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat® and Red Hat® Enterprise

Linux® are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell® and SUSE® are

registered trademarks of Novell Inc. in the United States and other countries. Oracle® is a registered trademark of

Oracle Corporation and/or its affiliates. Citrix®, Xen®, XenServer® and XenMotion® are either registered trademarks or

trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware®, Virtual SMP®, vMotion®,

vCenter® and vSphere® are registered trademarks or trademarks of VMware, Inc. in the United States or other

countries. IBM® is a registered trademark of International Business Machines Corporation. Broadcom® and

NetXtreme® are registered trademarks of Broadcom Corporation. Qlogic is a registered trademark of QLogic

Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and/or names or their products and are the property of their respective owners. Dell disclaims proprietary interest in the marks and names of others.

(4)

Table of contents

1 Requirements ... 7

1.1 Infrastructure Services ... 7

1.2 vWorkspace farm ... 7

1.3 Zen Load Balancer Appliance ... 7

2 Installing a new vWorkspace server ... 8

3 Configuring the new Connection Broker ... 9

4 Configuring Web Access ... 10

4.1 Creating new web sites ... 10

4.2 Configuring vWorkspace Web Access ... 11

5 Configuring Secure Access ... 13

5.1 Importing the existing Certificate ... 13

5.2 Configuring the Secure Access service ... 13

6 Configuring User Profile Management ... 15

6.1 Configuring the User Profile Management role ... 15

6.2 Create a DNS Entry for the UPM Storage server ... 16

7 Configuring the Load Balancer ... 17

7.1 Creating a virtual NIC ... 17

7.2 Adding new farms ... 19

7.2.1 Farm settings for Port 80 ... 19

7.2.2 Farm settings for Port 443 ... 20

7.2.3 Farm settings for Port 5206 ... 21

8 Configuring DNS Records for the Load Balancer ... 22

9 Configuring the vWorkspace connection configuration ... 23

10 Testing the new configuration ... 24

10.1 Health Check of Web Access ... 24

(5)
(6)

Executive summary

This document describes how to set up load balancing and failover (HA) for Wyse vWorkspace 8.6 using a ZEN Load Balancer virtual Appliance.

The purpose of this document is to summarize the steps to enable HA for an existing vWorkspace farm, but does not provide detailed instructions on how to to set up and configure vWorkspace in general. In this example, two virtual machines are used to host the roles of the Connection Broker, Web Access portal, the Secure Access Service and User Profile Management.

In a test environment or during a Proof of Concept (PoC) it it is common practice to host all roles on a single machine, and hence this document explains how to set up a high available deployment with the least effort in regards to ressources and overall complexity. However, in a production environment the Secure Access role is usually hosted on a diedicated machine in the DMZ, and Web Access may or may not be installed on the Broker depending on the customer needs.

(7)

1

Requirements

1.1

Infrastructure Services

It is assumed that Active Directory, DNS and DHCP already exists on the network and are fully operational.

1.2

vWorkspace farm

An existing vWorkspace farm with Connection Broker, Web Access Server and Secure Access Service and User Profile Management roles installed is the foundation for this excercise. In this example, these roles are installed on a machine called vWork1 with IP Address 192.168.0.20.

1.3

Zen Load Balancer Appliance

For non-production use and testing purposes, Zen Load Balancer Community Edition is installed in a virtual machine hosted on Hyper-V.

The details how to install and configure ZEN is explained in the ZLB Administration Guide. The document Wyse vWorkspace and Zen Load Balancer Configuration Guide.pdf explains the configuration of the ZLB Appliance, but this is also covered in the later sections of this document.

(8)

2

Installing a new vWorkspace server

On the new server called vWork3 (with IP Address 192.168.0.22), vWorkspace 8.6 is installed with the option Connect to an existing database:

Perform an Advanced setup and select the roles for Connection Broker, Management Console, Web Access, User Profile Management Storage and Secure Access

(9)

3

Configuring the new Connection Broker

With the installation of the Connection Broker role on the new server it is automatically being added to the existing farm:

If the communication between the broker servers should be encrypted, import* and then select the existing certificate on the new server using the vWorkspace Management Console:

That’s it - vWorkspace will automatically balance connection attempts between the brokers so there is nothing else to do to add scalability and resilience for the Connection Broker role.

(10)

4

Configuring Web Access

4.1

Creating new web sites

On vWork3, open the Web Access Site Manager and create new website(s) as required.

In this example, a site called Native and another site called HTML5 already exist on vWork1. Because it is desired to enable load balancing for these two sites, it is best practice to create the new sites with the exact same settings for Friendly Name and Virtual Directory:

These names are only used within IIS and can later be renamed in the vWorkspace console so each site on every server does have a unique site name.

(11)

4.2

Configuring vWorkspace Web Access

Using the vWorkspace Management Console, add the new sites to the farm and apply the same settings as used for the existing websites.

When creating a new site it is also possible to import the configuration from an existing site rather than configuring every new site manually:

(12)

You can also copy the WebSettings.xml file from the existing site(s) to any other Web Acess server. This option becomes handy when there are multiple web servers and an altered configuration should be deployed without manually updating each site separately:

(13)

5

Configuring Secure Access

5.1

Importing the existing Certificate

Import the SSL certificate from the existing Secure Access server to the Trusted Root Certificate store on the new server:

5.2

Configuring the Secure Access service

On the new server, configure SAS with the same settings as on the existing server but adjust the IP Address settings accordingly:

(14)

In above example, the Destination Host for Web Interface and Connection Broker Proxy point to the same machine (192.168.0.22), but also to the existing server (192.168.0.20), separated by a comma. This enables Secure Access service to failover automatically after a (not configurable) timeout if the service on the host specified is unavailable. Having a second destination host is optional.

(15)

6

Configuring User Profile Management

6.1

Configuring the User Profile Management role

Right click on the User Profile Management Node and select Properties:

Create two entries for the servers running the UPM role and a third one for load balancing using the desired DNS Name (i.e. UserProfiles).

(16)

Next, create Silos as applicable and point the to the hostname of the load balanced IP used for UPM:

6.2

Create a DNS Entry for the UPM Storage server

In the DNS Console, create a new Host record for the load balanced UPM Storage Sever and point it to the virtual IP set up at the load balancer:

(17)

7

Configuring the Load Balancer

Open a Web Browser and navigate to the management website of the ZLB appliance, in example https://192.168.0.3:444

7.1

Creating a virtual NIC

Navigate to Settings > Interfaces and add a new virtual interfaces.

In this example, one virtual NIC with IP 192.168.0.4 is used to load balance traffic for port 80 (HTTP traffic to internal Web Access sites) and 443 (HTTPs traffic to Web Access and SSL encrypted communication with Secure Access service):

(18)
(19)

7.2

Adding new farms

Navigate to Manage > Farms and add new farms: one for port 80, one for port 443, an another one for port 5206. Within each farm, specify the IP Addresses of the two vWorkspace servers as “Real Servers”.

(20)
(21)
(22)

8

Configuring DNS Records for the Load Balancer

In DNS, create a new Host record to point to the virtual IP of the Load Balancer used for ports 80 and 443 and give it the same name as the Certificate used for the SSL Gateway:

(23)

9

Configuring the vWorkspace connection configuration

In the vWorkspace Management Console, navigate to Connector Management > Configuration and adjust the configuration(s) as applicable:

(24)

10

Testing the new configuration

10.1

Health Check of Web Access

Ensure all services are running on both servers and the ZEN NLB Farm status is UP. Open a Web Browser and navigate to the following sites:

 http://vwork1.wyse.demo/native>

 http://vwork1.wyse.demo/html5>

 https://vwork1.wyse.demo/native>

 https://vwork1.wyse.demo/html5>

This will show if the web sites on vWork1 are accessible via port 80 and 443 without the ZEN NLB. Repeat for the web sites on the new server:

 http://vwork3.wyse.demo/native>

 http://vwork3.wyse.demo/html5>

 https://vwork3.wyse.demo/native>

 https://vwork3.wyse.demo/html5>

This will show if the web sites on vWork3 are accessible via port 80 and 443 without the ZEN NLB.

10.2

Health Check of Web Access via NLB

Open a Web Browser and navigate to the following sites:

 http://connect.wyse.demo/native

 http://connect.wyse.demo/html5

 https://connect.wyse.demo/native

 https://connect.wyse.demo/html5

This will show if the Load Balancer is able to forward requests on port 80 and 443 to the Real Servers specified for this interface.

(25)

10.3

Failover of Web Access

Stop the World Wide Web Publishing Service on one of the servers and perform the same tests as in 9.2.

Next, start the service and repeat the test with the service down on the other server.

Each site must be accessible via HTTP and HTTPs anytime.

In this example, the Welcome Message on each site has been modified to include the host name (vWork1 / vWork3) so it easy noticeably to which host you have been redirected.

(26)

10.4

Failover of Secure Access

Stop the vWorkspace Secure Access service on one of the servers and connect to the farm using the vWorkspace connector. As a quick test, launch any of the Managed Applications available in your environment.

Next, start the service and repeat with the service down on the other server.

Establishing a connection to the vWorkspace farm using the vWorkspace native connector must be possible anytime, from the internal and external network.

10.5

Failover of the Broker

(27)

10.6

Failover of the User Profile Management Service

Log on to a Desktop and make some changes (i.e. to IE Favorites) which are part of the User Profile Management settings. Log off.

Stop the Quest MetaProfile Server service on one of the servers and connect to the farm using the vWorkspace connector. Verify your settings are in place.

Next, start the service and repeat with the service down on the other server.

The User Profile Management must work regardless which server is used to access the profile folder on the file share.

(28)

A

Configuration Example with multiple VLANs

Below is an example of a ZEN NLB Appliance routing traffic trough Secure Access Service from the external interface (eth1:1) to two servers on the internal network with SAS role installed.

On the internal network, multiple virtual IPs are set up to load balance the Secure Access Service, Web Access and User Profile Management. Each of this virtual Network interfaces has a Farm configured for every port it should load balance on, and like for the external SAS, two or more “Real Servers” are specified as target incoming packets are forwarded to.

(29)

B

Additional resources

Support.dell.com is focused on meeting your needs with proven services and support.

DellTechCenter.com is an IT Community where you can connect with Dell Customers and Dell employees for the purpose of sharing knowledge, best practices, and information about Dell products and

installations.

 Wyse vWorkspace 8.6 Administration Guide:

https://support.software.dell.com/vworkspace/8.6/release-notes-guides#

 Wyse vWorkspace Community forum and blog:

http://en.community.dell.com/techcenter/virtualization/vworkspace

 Wyse vWorkspace Product Support: https://support.software.dell.com/de-de/vworkspace/8.6

 Wyse vWorkspace Video Tutorials: https://support.software.dell.com/de-de/vworkspace/videos

References

Download now ( PDF - 29 Page - 2.09 MB )

Related documents

Living, Breathing Asia

• Enriched account statement and transaction advice • Extend statement retention period to 6 months • Enquire on trade import, export, and loan limits • Check available

Acceptability of road pricing and revenue use in the Netherlands

Six different possibilities were evaluated on acceptance by the respondents (general budget, new roads, improve public transport, abandon existing car taxation, lower fuel taxes,

The Impression Management Strategy of the Candidates of Governor-Vice Governor of DKI Jakarta on Social Media

The use of social media is not only important but also strategic means of political communication in the Regional Leader Election (Pilkada) of DKI Jakarta and

Wealth Management Update

Further, when a cash value policy is bought by a transferee, upon a later sale to a third party, any gain up to the policy’s cash surrender value will be taxed as ordinary income..

Competencies for community psychology practice in Spain: Standards, quality and challenges in social intervention

supervised practice refer to activities such as assessment of social needs, analysis of community readiness, social skills training, initiatives for community prevention and

ELECTRICITY REGULATION AND DEREGULATION

In some cases (e.g., in Argentina, Chile, England and Wales, and Spain) be- sides energy revenues obtained from selling electricity, generators are paid a sup- plemental

Article from: Reinsurance News. January 2011 Issue 69

Claim activity in excess of $1 million dollars shows that catastrophic claims continue to increase in frequen- cy and severity due to our health care system’s high $25,000 to

Evaluation of the practicality of system efficient ESD design

The excess current, shown in Figure 6, can return to board ground safely through the chip pins, on-chip rail clamp, and decoupling capacitance placed around the chip.. Figure