Fortinet black logo

VMware Horizon Deployment Guide

Home FortiADC Private Cloud VMware Horizon Deployment Guide

Method 1: Source IP Affinity

Method 1: Source IP Affinity

This is the simplest configuration as it uses standard port numbers and a single load balanced VIP. It relies on the FortiADC to route secondary protocols to the same CS appliance as was selected for the primary Horizon protocol. It can do this on the basis of repeat connections coming from the same Horizon client IP address.

In this example, the IP address of virtual server is 10.107.1.86 (cs.fortihorizon.com). And you should change the configurations of all the CS's as shown in the below table.

CS Appliance

Configuration Item

Value

CS01

tunnelExternalURL

https://cs.fortihorizon.com:443

blastExternalURL

https://cs.fortihorizon.com:8443

pcoipExternalURL

10.107.1.86:4172

CS02

tunnelExternalURL

https://cs.fortihorizon.com:443

blastExternalURL

https://cs.fortihorizon.com:8443

pcoipExternalURL

10.107.1.86:4172

You need to create two virtual-server with same VIP, different ports and different profiles. And you should change the Port to 0 for the members of Real Server Pool.

For the external clients, you can use the DNAT Packet Forwarding Method not same as the internal clients. It will replace the destination IP address with the IP address of the backend CS selected by the FortiADC, so you need add the FortiADC interface IP as the gateway in all the used CSes, this will guarantee the response packets will route to FortiADC. According the Horizon protocols and ports, you need to create one TCP and one UDP virtual servers.

TCP Virtual Server
  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
  2. In the Basic settings, fill the Name, use the default Packet Forwarding Method DNAT.
  3. In General settings, set the virtual server Address and Port (443 4172 8443), and select the Interface in which the virtual server will work. Use the default profile LB_PROF_TCP. For keeping the primary and secondary protocol packets from one client to the same CS, you should select Persistence with LB_PERSIS_HASH_SRC_ADDR. Select the Real Server Pool created before.
  4. Keep other fields to the default values or you can change them as you need.
TCP virtual server CLI configuration

config load-balance virtual-server

edit "HORIZON_TCP_VS"

set interface port3

set ip 10.107.1.86

set port 443 4172 8443

set load-balance-profile LB_PROF_TCP

set load-balance-persistence LB_PERSIS_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool HORIZON_CS_POOL

set traffic-group default

next

end

UDP Virtual Server
  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
  2. In the Basic settings, fill the Name, use the default Packet Forwarding Method DNAT.
  3. In General settings, set the virtual server Address (same as the TCP VIP) and Port (4172 8443), and select the Interface (same as TCP VS) in which the virtual server will work. Select the profile LB_PROF_UDP. For keeping the primary and secondary protocol packets from one client to the same CS, you should select Persistence with LB_PERSIS_HASH_SRC_ADDR. Select the Real Server Pool created before.
  4. Keep other fields to the default values or you can change them as you need.

Unfortunately, this method doesn't work in all situations. For example, with certain Network Service Providers or NAT devices, the source IP address is not available for this affinity configuration. If source IP affinity can't be used in your environment, then one of the other two methods should be used as they don't rely on source IP affinity.

UDP virtual server CLI configuration

config load-balance virtual-server

edit "HORIZON_UDP_VS"

set interface port5

set ip 10.107.1.86

set port 4172

set load-balance-profile LB_PROF_UDP

set load-balance-persistence LB_PERSIS_HASH_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool CS1_4172

set traffic-group default

next

end

Previous
Next

Method 1: Source IP Affinity

This is the simplest configuration as it uses standard port numbers and a single load balanced VIP. It relies on the FortiADC to route secondary protocols to the same CS appliance as was selected for the primary Horizon protocol. It can do this on the basis of repeat connections coming from the same Horizon client IP address.

In this example, the IP address of virtual server is 10.107.1.86 (cs.fortihorizon.com). And you should change the configurations of all the CS's as shown in the below table.

CS Appliance

Configuration Item

Value

CS01

tunnelExternalURL

https://cs.fortihorizon.com:443

blastExternalURL

https://cs.fortihorizon.com:8443

pcoipExternalURL

10.107.1.86:4172

CS02

tunnelExternalURL

https://cs.fortihorizon.com:443

blastExternalURL

https://cs.fortihorizon.com:8443

pcoipExternalURL

10.107.1.86:4172

You need to create two virtual-server with same VIP, different ports and different profiles. And you should change the Port to 0 for the members of Real Server Pool.

For the external clients, you can use the DNAT Packet Forwarding Method not same as the internal clients. It will replace the destination IP address with the IP address of the backend CS selected by the FortiADC, so you need add the FortiADC interface IP as the gateway in all the used CSes, this will guarantee the response packets will route to FortiADC. According the Horizon protocols and ports, you need to create one TCP and one UDP virtual servers.

TCP Virtual Server
  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
  2. In the Basic settings, fill the Name, use the default Packet Forwarding Method DNAT.
  3. In General settings, set the virtual server Address and Port (443 4172 8443), and select the Interface in which the virtual server will work. Use the default profile LB_PROF_TCP. For keeping the primary and secondary protocol packets from one client to the same CS, you should select Persistence with LB_PERSIS_HASH_SRC_ADDR. Select the Real Server Pool created before.
  4. Keep other fields to the default values or you can change them as you need.
TCP virtual server CLI configuration

config load-balance virtual-server

edit "HORIZON_TCP_VS"

set interface port3

set ip 10.107.1.86

set port 443 4172 8443

set load-balance-profile LB_PROF_TCP

set load-balance-persistence LB_PERSIS_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool HORIZON_CS_POOL

set traffic-group default

next

end

UDP Virtual Server
  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
  2. In the Basic settings, fill the Name, use the default Packet Forwarding Method DNAT.
  3. In General settings, set the virtual server Address (same as the TCP VIP) and Port (4172 8443), and select the Interface (same as TCP VS) in which the virtual server will work. Select the profile LB_PROF_UDP. For keeping the primary and secondary protocol packets from one client to the same CS, you should select Persistence with LB_PERSIS_HASH_SRC_ADDR. Select the Real Server Pool created before.
  4. Keep other fields to the default values or you can change them as you need.

Unfortunately, this method doesn't work in all situations. For example, with certain Network Service Providers or NAT devices, the source IP address is not available for this affinity configuration. If source IP affinity can't be used in your environment, then one of the other two methods should be used as they don't rely on source IP affinity.

UDP virtual server CLI configuration

config load-balance virtual-server

edit "HORIZON_UDP_VS"

set interface port5

set ip 10.107.1.86

set port 4172

set load-balance-profile LB_PROF_UDP

set load-balance-persistence LB_PERSIS_HASH_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool CS1_4172

set traffic-group default

next

end

Previous
Next