Fortinet black logo

VMware Horizon Deployment Guide

Home FortiADC Private Cloud VMware Horizon Deployment Guide

Internal Clients

Internal Clients

For this type clients, you don’t need to load balancing all the protocol packets for the CSs. You can only load balancing the primary protocol packets, then the following secondary protocol packets can be sent to the CS directly, and not pass through FortiADC.

Figure 2: Load Balancing Internal CS

The FortiADC supports multiple Packet Forwarding Method. In this case, you can use the Full NAT select which will rewrite both the source and destination IP addresses. You would first need to create the NAT Source Pool

NAT Source Pool

  1. Go to Server Load Balance > Virtual Server > NAT Source Pool, click the Create New button.
  2. Fill in the Name, select the Interface to receive responses from the backend server and set the Address Range. Then click the Save button.
CLI Example:

config load-balance ippool

edit "HORIZION_NAT_POOL"

set interface port2

set ip-min 10.107.10.89

set ip-max 10.107.10.89

config node-member

end

next

end

Virtual Server using TCP profile

  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New -> Advanced Mode button.
  2. In the Basic settings, fill the Name, select the Full NAT of Packet Forwarding Method and select the NAT Source Pool created above.
  3. In General settings, set the virtual server Address and Port, and select the Interface in which the virtual server will work. Use the default profile LB_PROF_TCP, you can select one Method which means differentload balancing methods. For keeping the primary protocol packets from one client to the same CS, you should select one Persistence. Select the Real Server Pool created above.
  4. Keep other fields to the default values or you can change them as you need.

Now the virtual server has been created, and in your Horizon Client, you can add the CS with virtual server IP address. The FortiADC will load balance the primary Horizon protocol packets to the available CSs what the Health Check will do periodically. After authenticating user successfully, the Horizon Client will send the secondary Horizon protocol packets to the CS (selected by FortiADC) directly and not pass through FortiADC.

CLI Example:

config load-balance virtual-server

edit "HORIZON_TCP_VS"

set packet-forwarding-method FullNAT

set interface port3

set ip 10.107.10.86

set port 443

set load-balance-profile LB_PROF_TCP

set load-balance-persistence LB_PERSIS_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool HORIZON_CS_POOL

set ippool-list HORIZION_NAT_POOL

set traffic-group default

next

end

Virtual Server using HTTPS profile

Users can also use L7 HTTPS Virtual server to load-balance Connection Servers.

  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
  2. In the Basic settings, fill the Name, select the Type Layer 7. If need to use SNAT please set ippool.
  3. In General settings, set the virtual server Address and Port, and select the Interface in which the virtual server will work. Use profile LB_PROF_HTTPS and set Client SSL Profile. You can select one Method for different load balancing methods. For keeping the primary protocol packets from one client to the same CS, you should select one Persistence. Select the Real Server Pool created for Connection server HTTPS service.
  4. Keep other fields to the default values or you can change as you need.

Now the virtual server has been created, and in your Horizon Client, you can add the CS with virtual server IP address. The FortiADC will load balance the primary Horizon protocol packets to the available CSes what the Health Check will do periodically. After authenticating user successfully, the Horizon Client will send the secondary Horizon protocol packets to the CS (selected by FortiADC) directly and not pass through FortiADC.

CLI Example:
ippool (optional)

config load-balance ippool

edit "HORIZION_NAT_POOL88"

set interface port2

set ip-min 10.107.10.88

set ip-max 10.107.10.88

config node-member

end

next

end

pool

config load-balance pool

edit "HORIZON_CS_POOL443"

set real-server-ssl-profile LB_RS_SSL_PROF_DEFAULT

config pool_member

edit 1

set pool_member_service_port 443

set pool_member_cookie rs1

set real-server CS01

next

edit 2

set pool_member_service_port 443

set pool_member_cookie rs1

set real-server CS02

next

end

next

end

virtual server

config load-balance virtual-server

edit "86"

set type l7-load-balance

set interface port3

set ip 10.107.10.86

set port 443

set load-balance-profile LB_PROF_HTTPS

set client-ssl-profile LB_CLIENT_SSL_PROF_DEFAULT

set load-balance-persistence LB_PERSIS_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool HORIZON_CS_POOL443

set ippool-list HORIZION_NAT_POOL88

set traffic-group default

next

end

Previous
Next

Internal Clients

For this type clients, you don’t need to load balancing all the protocol packets for the CSs. You can only load balancing the primary protocol packets, then the following secondary protocol packets can be sent to the CS directly, and not pass through FortiADC.

Figure 2: Load Balancing Internal CS

The FortiADC supports multiple Packet Forwarding Method. In this case, you can use the Full NAT select which will rewrite both the source and destination IP addresses. You would first need to create the NAT Source Pool

NAT Source Pool

  1. Go to Server Load Balance > Virtual Server > NAT Source Pool, click the Create New button.
  2. Fill in the Name, select the Interface to receive responses from the backend server and set the Address Range. Then click the Save button.
CLI Example:

config load-balance ippool

edit "HORIZION_NAT_POOL"

set interface port2

set ip-min 10.107.10.89

set ip-max 10.107.10.89

config node-member

end

next

end

Virtual Server using TCP profile

  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New -> Advanced Mode button.
  2. In the Basic settings, fill the Name, select the Full NAT of Packet Forwarding Method and select the NAT Source Pool created above.
  3. In General settings, set the virtual server Address and Port, and select the Interface in which the virtual server will work. Use the default profile LB_PROF_TCP, you can select one Method which means differentload balancing methods. For keeping the primary protocol packets from one client to the same CS, you should select one Persistence. Select the Real Server Pool created above.
  4. Keep other fields to the default values or you can change them as you need.

Now the virtual server has been created, and in your Horizon Client, you can add the CS with virtual server IP address. The FortiADC will load balance the primary Horizon protocol packets to the available CSs what the Health Check will do periodically. After authenticating user successfully, the Horizon Client will send the secondary Horizon protocol packets to the CS (selected by FortiADC) directly and not pass through FortiADC.

CLI Example:

config load-balance virtual-server

edit "HORIZON_TCP_VS"

set packet-forwarding-method FullNAT

set interface port3

set ip 10.107.10.86

set port 443

set load-balance-profile LB_PROF_TCP

set load-balance-persistence LB_PERSIS_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool HORIZON_CS_POOL

set ippool-list HORIZION_NAT_POOL

set traffic-group default

next

end

Virtual Server using HTTPS profile

Users can also use L7 HTTPS Virtual server to load-balance Connection Servers.

  1. Go to Server Load Balance > Virtual Server > Virtual Server, click the Create New > Advanced Mode button.
  2. In the Basic settings, fill the Name, select the Type Layer 7. If need to use SNAT please set ippool.
  3. In General settings, set the virtual server Address and Port, and select the Interface in which the virtual server will work. Use profile LB_PROF_HTTPS and set Client SSL Profile. You can select one Method for different load balancing methods. For keeping the primary protocol packets from one client to the same CS, you should select one Persistence. Select the Real Server Pool created for Connection server HTTPS service.
  4. Keep other fields to the default values or you can change as you need.

Now the virtual server has been created, and in your Horizon Client, you can add the CS with virtual server IP address. The FortiADC will load balance the primary Horizon protocol packets to the available CSes what the Health Check will do periodically. After authenticating user successfully, the Horizon Client will send the secondary Horizon protocol packets to the CS (selected by FortiADC) directly and not pass through FortiADC.

CLI Example:
ippool (optional)

config load-balance ippool

edit "HORIZION_NAT_POOL88"

set interface port2

set ip-min 10.107.10.88

set ip-max 10.107.10.88

config node-member

end

next

end

pool

config load-balance pool

edit "HORIZON_CS_POOL443"

set real-server-ssl-profile LB_RS_SSL_PROF_DEFAULT

config pool_member

edit 1

set pool_member_service_port 443

set pool_member_cookie rs1

set real-server CS01

next

edit 2

set pool_member_service_port 443

set pool_member_cookie rs1

set real-server CS02

next

end

next

end

virtual server

config load-balance virtual-server

edit "86"

set type l7-load-balance

set interface port3

set ip 10.107.10.86

set port 443

set load-balance-profile LB_PROF_HTTPS

set client-ssl-profile LB_CLIENT_SSL_PROF_DEFAULT

set load-balance-persistence LB_PERSIS_SRC_ADDR

set load-balance-method LB_METHOD_ROUND_ROBIN

set load-balance-pool HORIZON_CS_POOL443

set ippool-list HORIZION_NAT_POOL88

set traffic-group default

next

end

Previous
Next