Introduction
AVI Networks is a controller based software defined load balancing and application services platform, also known as NEXT GENERATION loadbalancer, which provides single centralized point of control for all application services across any environment; multi cloud, public cloud, private cloud and even container based environments.
AVI Networks comes with various capabilities such as local and global load balancing and web application firewalling (WAF). AVI loadbalancer, one of the features, can be deployed in front of VMware unified access gateway (UAG), Horizon connection server (CS) and EUC components such as App Volumes Manager (AVM) etc. As per Horizon 7.11 release note, AVI loadbalancer is now officially supported for horizon deployment. The version requirement is AVI Vantage 18.2.7 or later.
In this post, I will provide a guidance on how AVI loadbalancer can be integrated with VMware Horizon deployments.
AVI for Unified Access Gateway (UAG) Load Balancing
Three different deployment architectures can be achieved for Horizon UAG load balancing.
1. Single VIP with two virtual services
In this deployment architecture, there will be a single VIP with two virtual services (L7 and L4) facing multiple UAGs which will be used for handling both primary and secondary protocols. Both of these protocols will be routed to same UAG using source IP affinity, whereas SSL protocols will be terminated at AVI load balancer.
2. Single L4 Virtual Service
In this architecture, there will be a VIP with only L4 virtual server in front of multiple UAGs. Load balancing happens at L4 protocol level. Both Horizon protocols route via same UAG with SSL protocol terminating in the UAG as well.
3. (n+1) VIPs
In this architecture, each of UAGs and AVI load balancer will have individual VIP. Primary Horizon protocol will be load balanced on AVI loadbalancer. AVI load balancer will then directs the primary protocol to a specific UAG. And, the secondary protocol originating from External User will directly go to UAG bypassing AVI loadbalancer. UAG then forwards the secondary protocol to appropriate horizon desktops or RDS hosts.
AVI for Horizon Connection Servers Load Balancing
1. External Access via UAG
Horizon traffic coming from External User via internet first lands on UAG via load balancer. The primary protocol traffic is then sent to the connection server. Once the authentication is validated, the secondary protocol traffic will be sent directly to the virtual desktops or RDS hosts.
2. Internal access without UAG
AVI load balancer can be deployed in front of Connection Servers for internal user access as shown in diagram below. For internal user access, the primary protocol will be load balanced between connection servers while the secondary protocols are routed directly to the virtual desktops or RDS hosts. The same load balancers that are facing connection servers can be leveraged for external as well as internal user accesses. Also, a dedicated load balancer can be deployed for internal user access depending on the requirement.
