Task 1 – Access Horizon Desktop environment without F5

Access the Horizon Desktop using the Horizon Client on the internal network. Horizon Client points directly to a Connection Server. This step is to verify Horizon is working and BIG-IP is not in the path. (Internal use case without F5 integration)

../_images/image_lab1task1.png

Accessing Internal Horizon Desktop

  1. From the “corporate-pc”

  2. On the desktop, launch the Horizon Client

    image4

  3. Click New Server

  4. Type in the Connection Server address vmw-connsvr1a.demoisfun.net

  5. When prompted for credentials

    • Username: demo01
    • Password: password

  6. After authenticated, double-click the Agility icon to launch Horizon Desktop

  7. In the Agility desktop, open Notepad and type in something

  8. Disconnect from Agility desktop by closing Horizon client. (RDP Toolbar on top. May need to slide the blue RDP bar to the left in order to click the X in Agility Toolbar)

  9. Open Horizon client again, reconnect to vmw-connsvr1a.demoisfun.net and open Agility desktop

  10. Notepad should still be on the desktop with the text you input

  11. Close the Horizon client. (press the X in Agility Toolbar)

  12. Keep the RDP session open for Task 2

Task 2 – Load Balance Connection Servers

Use the F5 iApp for VMware View to configure a load balancing environment for the Connection Servers. This will increase the number of Connection Servers available to internal users and load balance access to these resources (Internal use case with F5 load balancing)

../_images/image_lab1task2.png

Load balance Connection Servers

Deploy the iApp

  1. From “corporate-pc”

  2. Open IE to access the F5 Admin GUI at https://f5-bigip1a.demoisfun.net

    • Username: admin
    • Password: password

  3. Create a new Application Service. On the left side menu

    • Go to iApps -> Application Services -> Applications
    • On the right side of the GUI, click Create button
    • In Name field, type in lab2-lb-cs
    • In Template pulldown, select f5.vmware_view.v1.5.4

    Note

    The tables for iApp questions list just the values that need to change

    Welcome to the iAPP template for VMware Horizon Please review
    Big-IP Access Policy Manager
    Do you want to deploy BIG-IP Access Policy Manager? No, do not deploy BIG-IP Access…
    SSL Encryption
    How should the BIG-IP system handle encrypted traffic? Terminate SSL for clients, …(SSL-bridging)
    Which SSL certificate do you want to use? wild.demoisfun.net.crt (Cert preloaded)
    Which SSL private key do you want to use wild.demoisfun.net.key (Key preloaded)
    Virtual Servers and Pools
    What virtual server IP address…? 192.168.10.150
    What FQDN will clients use to access the View environment? vmw-LB-CS.demoisfun.net
    Which Servers should be included in this pool

    192.168.10.210

    192.168.10.211
    Application Health
    Create a new health monitor or use existing one? https

  4. Click the Finished button

View the objects which were created by the iApp

  1. Click Components tab at the top of the page

    image6

  2. Is the Virtual server available?

  3. Are the pool members available?

  4. What is the node status? Why?

  5. Note that a persistence profile was created

    • Click lab2-lb-cs to edit the object
    • Check Match Across Services
    • Click Update
    • Note the error at the top of the page

  6. Return to iApp -> Application Services -> lab2-lb-cs

  7. Review the remaining parameters (any questions)

View the properties of the iApp

  1. Select the Properties tab at the top of the page

    image7

  2. In the Application Service pulldown, select Advanced

  3. Note the Strict Updates checkbox is selected

    • Is this related to the error observed when editing the persistence profile?
    • What are the pro’s and con’s of unchecking this parameter?

Test the connection server load balancing using both VMware View client and browser access methods

  1. From “corporate-pc”
  2. Launch View client and connect to the Virtual Server just created with iApp
  3. Click New Server
  4. Type in the load balanced address vmw-LB-CS.demoisfun.net. (IP address will not work—Certificate contains demoisfun.net)
  5. When prompted for credentials
    • Username: demo01
    • Password: password
  6. Open the Agility desktop
  7. Verify that the Agility desktop functions
  8. Close the View client
  9. Open a new Tab IE and browse to https://vmw-LB-CS.demoisfun.net
  10. Click on VMware Horizon HTML Access
  11. Log in
    • Username: demo01
    • Password: password
  12. Open Agility desktop
  13. At the Cert Warning, click “Continue to this website…”
  14. Verify that the Agility desktop functions
  15. Close the IE VMWare Horizon tab

Task 3 – Access Horizon Desktop through the UAG Server

Access Horizon Desktop from external network through UAG. (External use case without F5 integration)

../_images/image_lab1task3.png

Access Horizon Desktop from external network

  1. From “home-pc”

    image9

  2. On the desktop, Launch Horizon client and connect to the UAG

  3. Click New Server

  4. Type in the UAG address vmw-uag1a.demoisfun.net

  5. When prompted for credentials

    • Username: demo01
    • Password: password

  6. Open the Agility desktop

  7. Close the Horizon client

  8. To access Horizon desktop in IE, type in URL https://vmw-uag1a.demoisfun.net

  9. Select VMware Horizon HTML Access

    • Username: demo01
    • Password: password

  10. Open Agility desktop

  11. Verify that the desktop functions

  12. Close the IE VMware Horizon tab

Task 4 – Load Balance UAG Servers

Use the F5 iApp for VMware Horizon to configure a load balancing UAG’s. This will increase the number of UAG servers available to external users and load balance access to these resources (External use case with F5 load balancing)

This environment load balances 2 external facing UAG Servers. UAG’s do not require a one-to-one mapping to Connection Servers. The Connection Server LB VIP created in Task 2 enables higher availability to the overall application.

../_images/image_lab1task4.png

Load balance UAG’s

Deploy the iApp

  1. From “corporate-pc”

  2. Open IE to access the F5 Admin GUI at https://f5-bigip1a.demoisfun.net

    • Username: admin
    • Password: password

  3. Create a new Application Service. On the left side menu

    • Go to iApps -> Application Services -> Applications
    • On the right side of the GUI, click the Create button
    • In the Name field, type in lab2-lb-uag
    • In the Template pulldown, select f5.vmware_view.v1.5.4
    Big-IP Access Policy Manager
    Do you want to deploy BIG-IP Access Policy Manager? No, do not deploy BIG-IP Access Policy Manager
    SSL Encryption
    How should the BIG-IP system handle encrypted traffic? Terminate SSL for clients,…(SSL-bridging)
    Which SSL certificate do you want to use? wild.demoisfun.net.crt
    Which SSL private key do you want to use wild.demoisfun.net.key
    Virtual Servers and Pools
    What virtual server IP address…for remote, untrusted clients? 192.168.3.150
    What FQDN will clients use to access the View environment vmw-LB-UAG.demoisfun.net
    Which Servers should be included in this pool

    192.168.3.214

    192.168.3.215
    Application Health
    Create a new health monitor or use existing one? https

  4. Click Finished button

View the objects which were created by the iApp

  1. Click Components tab at the top of the page
  2. Is the Virtual server available?
  3. Are the pool members available?
  4. Is the Node available?
  5. Review the remaining parameters (any questions)

Configure UAG to use load balance address

  1. From “corporate-pc”

  2. Open new tab in IE and go to vmw-uag1a administrative interface at https://192.168.10.214:9443/admin

  3. Log in as

    • Username: admin
    • Password: F5@gility

  4. On the right side, under Configure Manually, click Select

  5. In General Settings -> Edge Service Settings, click the Show button

    image_uaggear

  6. Next to Horizon Settings, click the Gear

  7. In the Blast External URL field, type in https://vmw-lb-uag.demoisfun.net:443

  8. In the Tunnel External URL field, type in https://vmw-lb-uag.demoisfun.net:443

    image_uagsetting

  9. Click Save

  10. Make same changes for the other UAG vmw-uag1b at https://192.168.10.215:9443/admin

Test the UAG load balancing using Horizon and HTML5 client access methods

  1. From “home-pc”
  2. Launch View client and connect to the Virtual Server just created with iApp.
  3. Click New Server
  4. Type in the load balance address vmw-LB-UAG.demoisfun.net
  5. When prompted for credentials
    • Username: demo01
    • Password: password
  6. Open the Agility desktop
  7. Verify that the Agility desktop functions
  8. Close the View client
  9. Open IE and browse to https://vmw-LB-UAG.demoisfun.net
  10. Select VMware Horizon HTML Access
  11. Log in
    • Username: demo01
    • Password: password
  12. Open Agility desktop
  13. Verify that Agility desktop functions
  14. Close IE VMware Horizon tab

Task 5 – BIG-IP proxy View traffic in place of UAG

In this configuration, we will consolidate authentication, load balance and proxy View traffic on a single BIG-IP. This can bypass the UAG’s to access View desktop from external network.

../_images/image_lab1task5.png

Consolidating authentication, load balance and proxy View on a single BIG-IP

Deploy the iApp

  1. From “corporate-pc”

  2. Open IE to access the F5 Admin GUI at https://f5-bigip1a.demoisfun.net

    • Username: admin
    • Password: password

  3. Create a new Application Service. On the left side menu

    • Go to iApps -> Application Services -> Applications
    • On the right side of the GUI, click the Create button
    • In the Name field, type in lab2-proxy
    • In the Template pulldown, select f5.vmware_view.v1.5.4
    BIG-IP Access Policy Manager
    Do you want to deploy BIG-IP Access Policy Manager? Yes, deploy BIG-IP Access Policy Manager
    Do you want to support browser based connections…HTML5 client? Yes, support HTML 5 view clientless browser
    What is the NetBIOS domain name for your environment? demoisfun
    Create a new AAA Server object or select an existing one AD1
    SSL Encryption* section
    How should the BIG-IP system handle encrypted traffic? Terminate SSL for clients,…(SSL-Bridging)
    Which SSL certificate do you want to use? wild.demoisfun.net.crt
    Which SSL private key do you want to use? wild.demoisfun.net.key
    Virtual Servers and Pools
    What virtual server IP address…for remote, untrusted clients? 192.168.3.152
    What FQDN will clients use to access the View environment? vmw-PROXY-VIEW.demoisfun.net
    Which Servers should be included in this pool?

    192.168.10.210

    192.168.10.211
    Application Health
    Create a new health monitor or use existing one? https

  4. Click Finished button

View the objects which were created by the iApp

  1. Click Components tab at the top of the page
  2. Note the increase in objects compared to Task 2 and Task 4
  3. Are the pool members available?
  4. Note the APM objects which were not present in the prior exercises
  5. Review the remaining parameters (any questions)

Test the APM webtop using Horizon and HTML5 client access methods

  1. From “home-pc”
  2. Launch View Client
    • Click New Server
    • Type in proxy address vmw-PROXY-VIEW.demoisfun.net
  3. When prompted for credentials
    • Username: demo01
    • Password: password
  4. Click Agility icon
  5. Close the session by clicking the X in the upper toolbar
  6. Open IE and browse to https://vmw-PROXY-VIEW.demoisfun.net
  7. Select VMware Horizon View HTML Access
  8. Enter credential
    • Username: demo01
    • Password: password
  9. Click Agility to launch desktop
  10. With APM Webtop, user has the option to choose client at launch time. Select HTML5 Client
  11. Verify that the desktop functions
  12. Close IE
Previous Next