Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance Dell Cloud Client-Computing Revision 20150828 August 2015 A Dell Best Practices
Revisions Date August 2015 August, 20 th 2015 Description Initial release Added User Profile Management Storage server 2 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY CONTAIN TYPOGRAPHICAL ERRORS AND TECHNICAL INACCURACIES. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. 2013 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell. PRODUCT WARRANTIES APPLICABLE TO THE DELL PRODUCTS DESCRIBED IN THIS DOCUMENT MAY BE FOUND AT: http://www.dell.com/learn/us/en/19/terms-of-sale-commercial-and-public-sector Performance of network reference architectures discussed in this document may vary with differing deployment conditions, network loads, and the like. Third party products may be included in reference architectures for the convenience of the reader. Inclusion of such third party products does not necessarily constitute Dell s recommendation of those products. Please consult your Dell representative for additional information. Trademarks used in this text: Dell, the Dell logo, Dell Boomi, Dell Precision,OptiPlex, Latitude, PowerEdge, PowerVault, PowerConnect, OpenManage, EqualLogic, Compellent, KACE, FlexAddress, Force10 and Vostro are trademarks of Dell Inc. Other Dell trademarks may be used in this document. Cisco Nexus, Cisco MDS, Cisco NX- 0S, and other Cisco Catalyst are registered trademarks of Cisco System Inc. EMC VNX, and EMC Unisphere are registered trademarks of EMC Corporation. Intel, Pentium, Xeon, Core and Celeron are registered trademarks of Intel Corporation in the U.S. and other countries. AMD is a registered trademark and AMD Opteron, AMD Phenom and AMD Sempron are trademarks of Advanced Micro Devices, Inc. Microsoft, Windows, Windows Server, Internet Explorer, MS-DOS, Windows Vista and Active Directory are either trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and/or other countries. Novell and SUSE are registered trademarks of Novell Inc. in the United States and other countries. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Citrix, Xen, XenServer and XenMotion are either registered trademarks or trademarks of Citrix Systems, Inc. in the United States and/or other countries. VMware, Virtual SMP, vmotion, vcenter and vsphere are registered trademarks or trademarks of VMware, Inc. in the United States or other countries. IBM is a registered trademark of International Business Machines Corporation. Broadcom and NetXtreme are registered trademarks of Broadcom Corporation. Qlogic is a registered trademark of QLogic Corporation. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and/or names or their products and are the property of their respective owners. Dell disclaims proprietary interest in the marks and names of others. 3 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
Table of contents 1 Requirements... 7 1.1 Infrastructure Services... 7 1.2 vworkspace farm... 7 1.3 Zen Load Balancer Appliance... 7 2 Installing a new vworkspace server... 8 3 Configuring the new Connection Broker... 9 4 Configuring Web Access... 10 4.1 Creating new web sites... 10 4.2 Configuring vworkspace Web Access... 11 5 Configuring Secure Access... 13 5.1 Importing the existing Certificate... 13 5.2 Configuring the Secure Access service... 13 6 Configuring User Profile Management... 15 6.1 Configuring the User Profile Management role... 15 6.2 Create a DNS Entry for the UPM Storage server... 16 7 Configuring the Load Balancer... 17 7.1 Creating a virtual NIC... 17 7.2 Adding new farms... 19 7.2.1 Farm settings for Port 80... 19 7.2.2 Farm settings for Port 443... 20 7.2.3 Farm settings for Port 5206... 21 8 Configuring DNS Records for the Load Balancer... 22 9 Configuring the vworkspace connection configuration... 23 10 Testing the new configuration... 24 10.1 Health Check of Web Access... 24 10.2 Health Check of Web Access via NLB... 24 10.3 Failover of Web Access... 25 10.4 Failover of Secure Access... 26 10.5 Failover of the Broker... 26 10.6 Failover of the User Profile Management Service... 27 A Configuration Example with multiple VLANs... 28 4 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
B Additional resources... 29 5 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
Executive summary This document describes how to set up load balancing and failover (HA) for Wyse vworkspace 8.6 using a ZEN Load Balancer virtual Appliance. The purpose of this document is to summarize the steps to enable HA for an existing vworkspace farm, but does not provide detailed instructions on how to to set up and configure vworkspace in general. In this example, two virtual machines are used to host the roles of the Connection Broker, Web Access portal, the Secure Access Service and User Profile Management. In a test environment or during a Proof of Concept (PoC) it it is common practice to host all roles on a single machine, and hence this document explains how to set up a high available deployment with the least effort in regards to ressources and overall complexity. However, in a production environment the Secure Access role is usually hosted on a diedicated machine in the DMZ, and Web Access may or may not be installed on the Broker depending on the customer needs. 6 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
1 Requirements 1.1 Infrastructure Services It is assumed that Active Directory, DNS and DHCP already exists on the network and are fully operational. 1.2 vworkspace farm An existing vworkspace farm with Connection Broker, Web Access Server and Secure Access Service and User Profile Management roles installed is the foundation for this excercise. In this example, these roles are installed on a machine called vwork1 with IP Address 192.168.0.20. 1.3 Zen Load Balancer Appliance For non-production use and testing purposes, Zen Load Balancer Community Edition is installed in a virtual machine hosted on Hyper-V. The details how to install and configure ZEN is explained in the ZLB Administration Guide. The document Wyse vworkspace and Zen Load Balancer Configuration Guide.pdf explains the configuration of the ZLB Appliance, but this is also covered in the later sections of this document. 7 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
2 Installing a new vworkspace server On the new server called vwork3 (with IP Address 192.168.0.22), vworkspace 8.6 is installed with the option Connect to an existing database: Perform an Advanced setup and select the roles for Connection Broker, Management Console, Web Access, User Profile Management Storage and Secure Access 8 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
3 Configuring the new Connection Broker With the installation of the Connection Broker role on the new server it is automatically being added to the existing farm: If the communication between the broker servers should be encrypted, import* and then select the existing certificate on the new server using the vworkspace Management Console: That s it - vworkspace will automatically balance connection attempts between the brokers so there is nothing else to do to add scalability and resilience for the Connection Broker role. *see step 5.1 for instructions how to import the existing SSL certificate 9 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
4 Configuring Web Access 4.1 Creating new web sites On vwork3, open the Web Access Site Manager and create new website(s) as required. In this example, a site called Native and another site called HTML5 already exist on vwork1. Because it is desired to enable load balancing for these two sites, it is best practice to create the new sites with the exact same settings for Friendly Name and Virtual Directory: These names are only used within IIS and can later be renamed in the vworkspace console so each site on every server does have a unique site name. 10 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
4.2 Configuring vworkspace Web Access Using the vworkspace Management Console, add the new sites to the farm and apply the same settings as used for the existing websites. When creating a new site it is also possible to import the configuration from an existing site rather than configuring every new site manually: 11 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
You can also copy the WebSettings.xml file from the existing site(s) to any other Web Acess server. This option becomes handy when there are multiple web servers and an altered configuration should be deployed without manually updating each site separately: 12 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
5 Configuring Secure Access 5.1 Importing the existing Certificate Import the SSL certificate from the existing Secure Access server to the Trusted Root Certificate store on the new server: 5.2 Configuring the Secure Access service On the new server, configure SAS with the same settings as on the existing server but adjust the IP Address settings accordingly: 13 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
In above example, the Destination Host for Web Interface and Connection Broker Proxy point to the same machine (192.168.0.22), but also to the existing server (192.168.0.20), separated by a comma. This enables Secure Access service to failover automatically after a (not configurable) timeout if the service on the host specified is unavailable. Having a second destination host is optional. Restart the vworkspace Secure Access Service after any configuration change! 14 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
6 Configuring User Profile Management 6.1 Configuring the User Profile Management role Right click on the User Profile Management Node and select Properties: Create two entries for the servers running the UPM role and a third one for load balancing using the desired DNS Name (i.e. UserProfiles). 15 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
Next, create Silos as applicable and point the to the hostname of the load balanced IP used for UPM: 6.2 Create a DNS Entry for the UPM Storage server In the DNS Console, create a new Host record for the load balanced UPM Storage Sever and point it to the virtual IP set up at the load balancer: 16 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
7 Configuring the Load Balancer Open a Web Browser and navigate to the management website of the ZLB appliance, in example https://192.168.0.3:444 7.1 Creating a virtual NIC Navigate to Settings > Interfaces and add a new virtual interfaces. In this example, one virtual NIC with IP 192.168.0.4 is used to load balance traffic for port 80 (HTTP traffic to internal Web Access sites) and 443 (HTTPs traffic to Web Access and SSL encrypted communication with Secure Access service): 17 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
Another virtual NIC is created for User Profile Management: 18 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
7.2 Adding new farms Navigate to Manage > Farms and add new farms: one for port 80, one for port 443, an another one for port 5206. Within each farm, specify the IP Addresses of the two vworkspace servers as Real Servers. 7.2.1 Farm settings for Port 80 19 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
7.2.2 Farm settings for Port 443 20 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
7.2.3 Farm settings for Port 5206 21 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
8 Configuring DNS Records for the Load Balancer In DNS, create a new Host record to point to the virtual IP of the Load Balancer used for ports 80 and 443 and give it the same name as the Certificate used for the SSL Gateway: Create another DNS record for User Profile Management: 22 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
9 Configuring the vworkspace connection configuration In the vworkspace Management Console, navigate to Connector Management > Configuration and adjust the configuration(s) as applicable: 23 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
10 Testing the new configuration 10.1 Health Check of Web Access Ensure all services are running on both servers and the ZEN NLB Farm status is UP. Open a Web Browser and navigate to the following sites: http://vwork1.wyse.demo/native> http://vwork1.wyse.demo/html5> https://vwork1.wyse.demo/native> https://vwork1.wyse.demo/html5> This will show if the web sites on vwork1 are accessible via port 80 and 443 without the ZEN NLB. Repeat for the web sites on the new server: http://vwork3.wyse.demo/native> http://vwork3.wyse.demo/html5> https://vwork3.wyse.demo/native> https://vwork3.wyse.demo/html5> This will show if the web sites on vwork3 are accessible via port 80 and 443 without the ZEN NLB. 10.2 Health Check of Web Access via NLB Open a Web Browser and navigate to the following sites: http://connect.wyse.demo/native http://connect.wyse.demo/html5 https://connect.wyse.demo/native https://connect.wyse.demo/html5 This will show if the Load Balancer is able to forward requests on port 80 and 443 to the Real Servers specified for this interface. 24 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
10.3 Failover of Web Access Stop the World Wide Web Publishing Service on one of the servers and perform the same tests as in 9.2. Next, start the service and repeat the test with the service down on the other server. Each site must be accessible via HTTP and HTTPs anytime. In this example, the Welcome Message on each site has been modified to include the host name (vwork1 / vwork3) so it easy noticeably to which host you have been redirected. 25 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
10.4 Failover of Secure Access Stop the vworkspace Secure Access service on one of the servers and connect to the farm using the vworkspace connector. As a quick test, launch any of the Managed Applications available in your environment. Next, start the service and repeat with the service down on the other server. Establishing a connection to the vworkspace farm using the vworkspace native connector must be possible anytime, from the internal and external network. 10.5 Failover of the Broker Stop the Quest Connection Broker service on one of the servers and connect to the farm using the vworkspace connector. Next, start the service and repeat with the service down on the other server. Establishing a connection to the vworkspace farm using the vworkspace native connector must be possible anytime, from the internal and external network. 26 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
10.6 Failover of the User Profile Management Service Log on to a Desktop and make some changes (i.e. to IE Favorites) which are part of the User Profile Management settings. Log off. Stop the Quest MetaProfile Server service on one of the servers and connect to the farm using the vworkspace connector. Verify your settings are in place. Next, start the service and repeat with the service down on the other server. The User Profile Management must work regardless which server is used to access the profile folder on the file share. 27 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
A Configuration Example with multiple VLANs Below is an example of a ZEN NLB Appliance routing traffic trough Secure Access Service from the external interface (eth1:1) to two servers on the internal network with SAS role installed. 10.204.15.88 On the internal network, multiple virtual IPs are set up to load balance the Secure Access Service, Web Access and User Profile Management. Each of this virtual Network interfaces has a Farm configured for every port it should load balance on, and like for the external SAS, two or more Real Servers are specified as target incoming packets are forwarded to. 28 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance
B Additional resources Support.dell.com is focused on meeting your needs with proven services and support. DellTechCenter.com is an IT Community where you can connect with Dell Customers and Dell employees for the purpose of sharing knowledge, best practices, and information about Dell products and installations. Wyse vworkspace 8.6 Administration Guide: https://support.software.dell.com/vworkspace/8.6/release-notes-guides# Wyse vworkspace Community forum and blog: http://en.community.dell.com/techcenter/virtualization/vworkspace Wyse vworkspace Product Support: https://support.software.dell.com/de-de/vworkspace/8.6 Wyse vworkspace Video Tutorials: https://support.software.dell.com/de-de/vworkspace/videos Wyse vworkspace Knowledgebase: https://support.software.dell.com/de-de/vworkspace/kb 29 Wyse vworkspace 8.6 - Setting up load balancing using ZEN NLB Appliance