• No results found

TESTING & INTEGRATION GROUP SOLUTION GUIDE

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "TESTING & INTEGRATION GROUP SOLUTION GUIDE"

Copied!
17
0
0

Loading.... (view fulltext now)

Download now ( 17 Page )

Full text

(1)

T ESTING & I NTEGRATION G ROUP

S OLUTION G UIDE

AppDirecor optimizing the delivery of VMware View 4.5

Contents

INTRODUCTION... 2

R

ADWARE

A

PP

D

IRECTOR

... 2

VM

WARE

V

IEW

... 2

RADWARE APPDIRECTOR AND VMWARE VIEW SERVER ARCHITECTURE ... 3

IMPORTANT IMPLEMENTATION NOTES ... 4

C

ONFIGURATION

... 5

A

PP

D

IRECTOR

A

CTIVE

C

ONFIGURATION

... 5

A

PP

D

IRECOR

S

TANDBY

C

ONFIGURATION

... 13

VM

WARE

V

IEW

C

ONNECTION

S

ERVERS

... 15

C

ONFIGURE

VM

WARE

V

IEW GLOBAL SETTINGS

... 15

TECHNICAL SOLUTION GUIDE

DATE: Thursday, January 06, 2011 Version: 1.0

Author – Elad Kurzweil

(2)

Introduction

Implementing VMware View in an organization introduces a new set of challenges for IT, pushing its infrastructure to its limits and challenging its current

administration policies. VMware View requires that an organization meet SLA commitments and provide QoE assurances. The inability to comply with these requirements will result in user frustration and loss of user productivity.

This guide presents a basic integration solution in which Radware‟s load balancing and acceleration product, AppDirector, is set up in front of a VMware View

environment to ensure its availability and performance in order to meet SLA and QoE requirements.

Radware AppDirector

Radware offers an array of solutions that address the challenges presented by VMware View. AppDirector delivers performance improvement, availability assurance and acceleration of content delivery to clients using VMware View by utilizing load-balancing, health checks and Web acceleration capabilities, while ensuring session persistency between clients and servers.

The advantages of using AppDirector in such a deployment are:

Load balancing the VMware View cluster of VMware View servers using high availability (HA) and traffic management.

Health monitoring of the VMware View servers, indicating which servers are up or down

Hardware HA with two AppDirectors

One IP (VIP) that the VMware View client connects to

VMware View

Deliver rich, personalized virtual desktops to any device with all the benefits of centralized enterprise desktop management. The VMware View portfolio of products lets IT run virtual desktops in the datacenter while giving end users a single view of all their applications and data in a familiar, personalized environment on any device at any location. Get greater flexibility, reliability, efficiency and security managing desktops and applications from the datacenter.

Lower costs by centralizing management, administration and resources Increase security by moving data from desktop devices into the datacenter

Improve business agility with faster provisioning and user flexibility with universal access

(3)

Radware AppDirector and VMware View Server

Architecture

FIGURE 1TESTED CONFIGURATION

(4)

Important Implementation Notes

1. The AppDirector offloads SSL and TCP processing from the Connection server. For that, it proxies all incoming connections and terminates the SSL and TCP connections from the clients. On the server side it manages a small number of TCP connections and maintains them open on behalf of multiple clients using clear HTTP as the transport protocol. Clients IPs are NATed behind the AppDirector.

2. Note: In case that the Connection server has to get the client IP as the source IP, the Client NAT configuration, the extended farm and server NAT settings and L4 HTTP policy settings should change.

3. Throughout this guide, reference is made to the “Radware” pre- configured certificate, but you can import a certificate or create a new certificate in AppDirector. For more information on exporting, importing, or creating a certificate, see the Radware AppDirector User Guide.

4. Make sure to deactivate the check box on the VMware View Administration management called “Require SSL for client connections”. See description below.

Figure 1 illustrates the configuration that was tested, which includes the following work flow:

1. The remote clients connect to the VIP (AppDirecor IP) using the SSL protocol.

2. The AppDirector is the termination point of the SSL traffic, offloading SSL processing and forwarding only HTTP traffic to the VMware View Connection server. The AppDirector selects one of the VMware View Connection servers (according to the load balancing algorithm that is configured on the AppDirector) and redirects the specific session to the selected VMware View Connection server over HTTP. The AppDirector keeps a small number of TCP connections constantly open with the server to save the establishment and tear down of TCP connections on the servers. It uses its own IP as the source IP of these connections.

3. The VMware View Connection servers verify that the user is allowed to access a Virtual Desktop machine with the LDAP server (Active Directory).

4. If the user is allowed to connect to a Virtual Desktop, the VMware View Connection server chooses one of the ESX servers that the VM is running on.

5. All return traffic goes through the ESX server back to the VMware View Connection server, and back to the AppDirector over HTTP (port 80), and from the AppDirector to the Client over HTTPS (port 443).

(5)

Software and Hardware

The following is a list of hardware and software tested to verify the interoperability of the presented solution:

Microsoft Windows 2008 R2 x64bits

Radware‟s AppDirector ODS1 v.2.30 (2 units)

VMware View Connection Server, Agent and client v4.5 VMware vCenter 4.1

VMware ESX 4.1

Configuration

APPDIRECTOR ACTIVE CONFIGURATION

Network Configuration

- Create IP 11.1.4.11/24 on port 1 - Create 192.168.5.1/24 on port 2 - Create default route to 11.1.4.254 Farm Configuration

- Create a farm named “vmware.view” in AppDirector -> Farms -> Farm Table with these parameters,

- Farm Name – vmware.view - Aging Time - 36000

- Session mode – RemoveOnSessionEnd-SPS - Dispatch Method - Cyclic

- Connectivity checks – No Checks - Leave all other fields as default

- Create a farm named “vmware.view.http.tunnel” in AppDirector -> Farms -> Farm Table with these parameters:

- Farm Name – vmware.view.tunnel - Aging Time - 36000

- Session mode – RemoveOnSessionEnd-SPS - Dispatch Method - Cyclic

- Connectivity checks – No Checks - Leave all other fields as default

(6)

Client NAT Configuration

- Enable Client NAT in AppDirector -> NAT -> Client NAT -> Global Parameters with these parameters,

- Client NAT – Enable

- Create Client NAT address table in AppDirector -> NAT -> Client NAT ->

NAT Addresses with these parameters, - From IP – 192.168.5.222

- To IP – 192.168.5.222

- Create Client NAT Intercept addresses in AppDirector -> NAT -> Client NAT -> Intercept Addresses with these parameters,

- From IP Client – 0.0.0.0

- To Client IP – 255.255.255.255 Extended Farm Configuration

- Enable Client NAT address range in AppDirector -> FARM -> Extended Parameters with these parameters,

- IPv4 Client NAT Address Range – 192.168.5.222 - Leave all other fields as default

Servers Configuration

- Create a server named “view.Server.1” and attach it to the farm

“vmware.view” in AppDirector -> Servers -> Application Servers ->

Table with these parameters:

- Server Name – view.Server.1 - Farm Name – vmware.view - Server Address – 192.168.5.11 - Client NAT – Enable

- Client NAT Address Range – 192.168.5.222 - Leave all other fields as default

- Create a server named “view.Server.2” and attach it to the farm

“vmware.view” in AppDirector -> Servers -> Application Servers ->

Table with these parameters:

- Server Name – view.Server.2 - Farm Name – vmware.view - Server Address – 192.168.5.12 - Client NAT – Enable

- Client NAT Address Range – 192.168.5.222 - Leave all other fields as default

- Create a server named “view.Server.1” and attach it to the farm

“vmware.view.tunnel” in AppDirector -> Servers -> Application Servers -> Table with these parameters:

- Server Name – view.Server.1 - Farm Name – vmware.view.tunnel - Server Address – 192.168.5.11

(7)

- Client NAT – Enable

- Client NAT Address Range – 192.168.5.222 - Leave all other fields as default

- Create a server named “view.Server.2” and attach it to the farm

“vmware.view.tunnel” in AppDirector -> Servers -> Application Servers -> Table with these parameters:

- Server Name – view.Server.2 - Farm Name – vmware.view.tunnel - Server Address – 192.168.5.12 - Client NAT – Enable

- Client NAT Address Range – 192.168.5.222 - Leave all other fields as default

HTTP Policy Configuration

- Create HTTP Policy named “tcp.multiplexing” in “vmware.view” in AppDirector -> Layer 4 Traffic Redirection -> HTTP Policies with these parameters:

- Multiplex Back-End connections – Enabled

- Back-End Connection close idle timeout – 36000 - Leave all other fields as default

Layer 7 Configuration

1. Create a Layer 7 server persistency policy in AppDirector -> Layer 7 Server Persistency -> Text Match with these parameters:

- Farm Name – vmware.view - Application Port – 0

- L4 Protocol – TCP

- Persistency Identifier – JSESSIONID - Lookup Mode – Text

- Stop Chars - ;, (make sure not missing the 2 delimiters

“;,”)

- Learning Direction – Server Reply - Ignore Server Reply – Never - Inactivity Timeout - 36000 - Leave all other fields as default

2. Create a Layer 7 server persistency policy in AppDirector -> Layer 7 Server Persistency -> Text Match with these parameters:

- Farm Name – vmware.view.tunnel - Application Port – 0

- L4 Protocol – TCP

- Persistency Identifier – tunnel?

- Lookup Mode – Text

- Learning Direction – No Learning - Ignore Server Reply – Never - Inactivity Timeout - 36000

(8)

- Leave all other fields as default

3. Create a Layer 7 Method in AppDirector -> Layer 7 Farm Selection ->

Method with these parameters:

- Method Name – default

- Method Type – Regular Expression - Arguments – EXP=.|

4. Create a Layer 7 Method in AppDirector -> Layer 7 Farm Selection ->

Method with these parameters:

- Method Name – tunnel - Method Type – Text

- Arguments – TXT=tunnel?|

5. Create a Layer 7 policy in AppDirector -> Layer 7 Farm Selection ->

Policy with these parameters:

- Policy Name – Policy.HTTP - Policy Index – 1

- First Method – tunnel

- Farm Name – vmware.view.tunnel - Leave all other fields as default

6. Create a Layer 7 policy in AppDirector -> Layer 7 Farm Selection ->

Policy with these parameters:

- Policy Name – Policy.HTTP - Policy Index – 10

- First Method – default - Farm Name – vmware.view - Leave all other fields as default

SSL Policy Configuration

7. Create an SSL policy in AppDirector -> L4 Traffic Redirection -> SSL Policy with these parameters:

- Policy name – HTTPS.policy - Certificate – radware

- Listening Server Port – 80

- HTTP Redirection Conversion State - Enabled - Leave all other fields as default

Note: Throughout this guide, reference is made to the “radware” pre-configured certificate, but you can import a certificate or create a new certificate in AppDirector.

For more information on exporting, importing, or creating a certificate, see the AppDirector User Guide.

(9)

Layer 4 Configuration

1. Create a Layer 4 policy for HTTPS Traffic named “VIEW.HTTPS” in AppDirector -> Servers -> Server Table with these parameters:

- Virtual IP – 11.1.4.200 - L4 Protocol – TCP - L4 Port – 443

- Farm Name – vmware.view - Application – HTTPS

- L7 Policy – Policy.HTTPS - HTTP Policy - tcp.multiplexing - SSL Policy – HTTPS.policy - Leave all other fields as default

2. Create a Layer 4 policy for HTTP Traffic named “VIEW.HTTP” in AppDirector -> Servers -> Server Table with these parameters:

- Virtual IP – 11.1.4.200 - L4 Protocol – TCP - L4 Port – 80

- Farm Name – vmware.view - HTTP Policy - tcp.multiplexing - Application – HTTP

- L7 Policy – Policy.HTTP

- Leave all other fields as default

(10)

AppDirector Health Monitoring

1. Enable Health Monitoring in Health Monitoring -> Global Parameters.

2. Create a check for HTTP on server 192.168.5.11 in Health Monitoring -> Check Table with these parameters:

- Check name – VIEW.Server.1 - Method – HTTP

- Destination Host – 192.168.5.11 - Arguments

1. Path – “/”

2. HTTP Method – “GET”

3. Match search string – “VMware”

4. Match Mode – String exists - Dest Port – 80

3. Create a check for HTTP on server 192.168.5.12 in Health Monitoring -> Check Table with these parameters:

- Check name – VIEW.Server.2 - Method – HTTP

- Destination Host – 192.168.5.12 - Arguments

1. Path – “/”

2. HTTP Method – “GET”

3. Match search string – “VMware”

4. Match Mode – String exists - Dest Port – 80

4. Bind the check VIEW.Server.1 to Server „vmware.view‟ – 192.168.5.11 in Health Monitoring -> Binding Table.

5. Bind the check VIEW.Server.2 to Server „vmware.view‟- 192.168.5.12 in Health Monitoring -> Binding Table.

(11)

VRRP Configuration

1. Enable VRRP in AppDirector -> Redundancy -> Global Configuration with these parameters:

- IP Redundancy Admin Status – VRRP - Interface Grouping – Enable

- ARP with interface grouping – Send - Backup Fake ARP – Enable

- Backup Interface Grouping – Enable - Leave all other fields as default

2. Create Virtual Router interfaces in AppDirector -> Redundancy ->

VRRP -> Virtual Router Table with these parameters:

- IF Index – 1 - VR ID – 1

- Priority – 255 (Highest number is Active device) - Primary IP – 11.1.4.11

- Leave all other options as default

3. Create Virtual Router interfaces in AppDirector -> Redundancy ->

VRRP -> Virtual Router Table with these parameters:

- IF Index – 2 - VR ID – 2

- Priority – 255 (Highest number is Active device) - Primary IP – 192.168.5.1

- Leave all other options as default

4. Create Associated IP Addresses in AppDirector -> Redundancy ->

VRRP -> Associated IP Addresses with these parameters:

- IF Index – 1, VR ID – 1, Associated IP 11.1.4.11 - IF Index – 1, VR ID – 1, Associated IP 11.1.4.200 - IF Index – 2, VR ID – 2, Associated IP 192.168.5.1

(12)

Mirroring Configuration

1. Enable Mirroring in AppDirector -> Redundancy -> Mirroring ->

Active Device Parameters with these parameters:

- Client Table Mirroring – Enable - Session Id Table Mirroring – Enable - Leave all other fields as default

2. Add Mirror device in AppDirector -> Redundancy -> Mirroring ->

Mirror Device Parameters with these parameters:

- Mirror Device IP – 192.168.5.2

(13)

APPDIRECOR STANDBY CONFIGURATION

Network Configuration

- Create IP 11.1.4.12/24 on port 1 - Create 192.168.5.2/24 on port 2 - Create default route to 11.1.4.254

Auto Generating the Backup Configuration from the Primary AppDirector

1.

From the web interface menu of the Primary AppDirector, select File ->

Configuration -> Receive from Device and choose Backup (Active-Backup) save the file on your computer and call it AppDirector.backup.txt.

2.

Open the browser on the AppDirector backup device and upload the saved configuration (AppDirector.backup.txt) in File -> Configuration -> Send to Device

3.

Reboot the AppDirector Backup device

VRRP Configuration

5. Enable VRRP in AppDirector -> Redundancy -> Global Configuration with these parameters:

- IP Redundancy Admin Status – VRRP - Interface Grouping – Enable

- ARP with interface grouping – Send - Backup Fake ARP – Enable

- Backup Interface Grouping – Enable - Leave all other fields as default

6. Create Virtual Router interfaces in AppDirector -> Redundancy ->

VRRP -> Virtual Router Table with these parameters:

- IF Index – 1 - VR ID – 1

- Priority – 255 (Highest number is Active device) - Primary IP – 11.1.4.12

- Leave all other options as default

7. Create Virtual Router interfaces in AppDirector -> Redundancy ->

VRRP -> Virtual Router Table with these parameters:

- IF Index – 2 - VR ID – 2

- Priority – 255 (Highest number is Active device) - Primary IP – 192.168.5.2

- Leave all other options as default

8. Create Associated IP Addresses in AppDirector -> Redundancy ->

VRRP -> Associated IP Addresses with these parameters:

- IF Index – 1, VR ID – 1, Associated IP 11.1.4.11 - IF Index – 1, VR ID – 1, Associated IP 11.1.4.200 - IF Index – 2, VR ID – 2, Associated IP 192.168.5.1

(14)

Mirroring Configuration

3. Enable Mirroring in AppDirector -> Redundancy -> Mirroring ->

Active Device Parameters with these parameters:

- Mirroring Status - Enable

- Leave all other fields as default

4. Add Mirror device in AppDirector -> Redundancy -> Mirroring ->

Mirror Device Parameters with these parameters:

- Mirror Device IP – 192.168.5.1

(15)

VMware View Connection Servers

CONFIGURE VMWARE VIEW GLOBAL SETTINGS

In this scenario AppDirecor terminates the SSL traffic and works with HTTP on the VMware View Connection servers. By default, the VMware View Connection servers are configured to work in SSL mode. To disable the SSL mode:

1. Log into VMware View administration 2. Select the Configuration tab

3. In Global Configuration, click Edit.

4. Deselect „Require SSL for client connections and View Administrator‟.

5. Create the same configuration for all servers.

6. Go to View Configuration > Servers and edit each connection server, add the External URL name „https://view.mycomapny.com:443‟ (this will be the name that the clients are pointing to)

(16)
(17)

Technical Support

Radware offers technical support for all of its products through the Radware

Certainty Support Program. Please refer to your Certainty Support contract, or the Radware Certainty Support Guide available at:

http://www.radware.com/content/support/supportprogram/default.asp.

For more information, please contact your Radware Sales representative or:

U.S. and Americas: (866) 234-5763 International: +972(3) 766-8666

References

Download now ( PDF - 17 Page - 596.85 KB )

Related documents

Master Validation Plan

[r]

Sustainability 06 00836

The expansion of aquaculture and the recent development of more intensive land-based marine farms require commercially-valuable halophytic plants for the treatment

Wells and welfare in the Ganga Basin: Public policy and private initiative in Eastern Uttar Pradesh, India

For the poorest farmers in eastern India, then, the benefits of groundwater irrigation have come through three routes: in large part, through purchased pump irrigation and, in a

On the evolution of Afro-Bolivian Spanish subject-verb agreement: Variation and Change

As inter-speaker variability among these the two groups was minimal, ranging from 0% to 2% of lack of concord in the 21-40 group and from 41% to 46% in the 71+ generation, we

Medicine Shelf Stuff

○ If BP elevated, think primary aldosteronism, Cushing’s, renal artery stenosis, ○ If BP normal, think hypomagnesemia, severe hypoK, Bartter’s, NaHCO3,

Chasing the rainbow: pleasure, sex-based sociality and consumerism in navigating and exiting the Irish Chemsex scene

Four basic themes emerged from the analysis; social and cyber arrangements within the Dublin Chemsex scene; poly drug use and experiences of drug dependence; drug and sexual

Radware s AppDirector. And. Microsoft Exchange Integration Guide

To load balance the RPC Client Access Service, you will need to create a new farm, add servers to the farm, create a new L4 policy for port 135 and configure health monitoring.. -

Effect of Processing Conditions on Properties of Fly ash-Epoxy Composite

(2010) Effect of Fly Ash Content on Friction and Dry Sliding Wear Behaviour of Glass Fibre Reinforced Polymer Composites - A Taguchi Approach. P HKTRSR and