Jump to content


Photo

VMWare View 6

vmware view 6 load balancer service ssl HTTPS TLS

  • Please log in to reply
4 replies to this topic

#1 Kevin Cherry

Kevin Cherry
  • Members
  • 3 posts
  • LocationMissouri

Posted 23 March 2016 - 01:46 PM

I'm attempting to configure services on our model 340s which are required for VMWare View 6.  One of the three services is for SSL over port 443.  I do not have a cert which is signed by a CA, but I don't believe that should matter to get the connectivity functioning.  I do not get any viewable response when attempting to connect to the FQDN of the virtual IP which is assigned to the Barracuda 443 service I created.  If I change the IP tied to the A record to one of the servers, then it works, so I'm confident the issue is something with the Barracuda service.  I just don't know what to try next, or better yet how to debug the issue on the barracuda.  I have tried the packet capture, but wasn't able to discern any of the Barracuda handling of the traffic.  Here's the settings for the 443 service.

 

Service Name: VIEW - 443

Virtual IP: x.x.x.x

Port: 443

Protocol: Secure TCP Proxy (I have tried changing this to Layer 7 HTTPS)

Enable VDI: No (I have tied yes)

Auto-Recover: Yes

 

Last Resort

Action: Default failure response

 

Policy

Default Scheduling Policy: Weighted Round Robin

Adaptive Scheduling: None

 

Service Monitor

Test Method: TCP Port Check (the servers show green under the service)

Test Delay: 30

Failure Retried: 1

 

Persistence

Persistence Time (Seconds): 0

Persistence Type: Client IP

Persistence Netmask: 255.255.255.255

 

Certificate: host.domainname.com (this is self signed at the moment)

SSL Protocols: 

SSL v3: Enable

TLS v1.0: Enable

TLS v1.1: Enable

TLS v1.2: Enable

Ciphers: Default

 

Notifications

Enable Notification: No

Minimum Real Servers: 0

 

Security

Inbound Firewall Rules

Description Action  IP/Network Address NetMask Action

Exception Rule: Block blank blank

Default Rule Allow 0.0.0.0 0.0.0.0

 

Advanced Options

Enable Client Impersonation: No

Session Timeout: 0

Enable Keepalive Probes: Yes

Ignore Expect Headers: No

 

#########################################################################################

 

Real Server Detail

Realer Server: x.x.x.x

Port: 443

Weight: 100

Status: Enabled

 

SSL

Enable HTTPS/SSL: Yes

SSL Protocols: 

SSL v3: Enable

TLS v1.0: Enable

TLS v1.1: Enable

TLS v1.2: Enable

Validate Certificate: No

 

Server Monitor: Use Service Test Method

Failure Retries: 1

 

Advanced Options

Keepalive Timeout: 900

Max Connections: 10000

Max Request: 1000

Max Keepalive Request: 0

Max Spare Connections: 0

Timeout: 300

 

#########################################################################################



#2 Brian Lawrence

Brian Lawrence
  • Members
  • 2 posts

Posted 23 March 2016 - 02:33 PM

Kevin,

I have my v440 successfully load balancing my VM View Connection servers with the following configuration.

Service Name: View
VIP x.x.x.x
Port 443
Protocol TCP
Service Type Layer7 – HTTPS
Enable VDI Yes
Auto-Recover Yes

Last Resort Action Default

Policy
Default Scheduling Weighted Round Robin
Adaptive Scheduling None

Persistence
Persistence Time 30
Persistence Type HTTP Cookie
Cookie Name JSESSIONID ***Critical ***
Cookie Domain <Blank>
Cookie Path /
Cookie Httponly Default
Cookie secure No

Advanced Options
Enable Client Impersonation No
Session Timeout 0
Enable Keepalive Proble Yes
Header for Client IP Addr <Blank>
Ignore Case Yes
Ignore Expect Headers No


Brian

#3 Kevin Cherry

Kevin Cherry
  • Members
  • 3 posts
  • LocationMissouri

Posted 23 March 2016 - 02:47 PM

Kevin,

I have my v440 successfully load balancing my VM View Connection servers with the following configuration.

Service Name: View
VIP x.x.x.x
Port 443
Protocol TCP
Service Type Layer7 – HTTPS
Enable VDI Yes
Auto-Recover Yes

Last Resort Action Default

Policy
Default Scheduling Weighted Round Robin
Adaptive Scheduling None

Persistence
Persistence Time 30
Persistence Type HTTP Cookie
Cookie Name JSESSIONID ***Critical ***
Cookie Domain <Blank>
Cookie Path /
Cookie Httponly Default
Cookie secure No

Advanced Options
Enable Client Impersonation No
Session Timeout 0
Enable Keepalive Proble Yes
Header for Client IP Addr <Blank>
Ignore Case Yes
Ignore Expect Headers No


Brian

Thanks for the reply.  I have tried the cookie setting with no luck, but I did think of something.  My Virtual IP is on a different subnet from my real servers.  Are your on a the same subnet, or different?

 

Thanks



#4 Brian Lawrence

Brian Lawrence
  • Members
  • 2 posts

Posted 23 March 2016 - 02:53 PM

My real servers are on the same subnet as the VIP.

Brian

#5 Kevin Cherry

Kevin Cherry
  • Members
  • 3 posts
  • LocationMissouri

Posted 23 March 2016 - 03:02 PM

My real servers are on the same subnet as the VIP.

Brian

I wondering if I'm dealing an issue related to differing subnets.

 

I'm using one interface on the LB for everything.

VIP is on subnet: 10.1.1.0/24

Real Servers: 10.1.99.0/24

LB is on: 10.1.0.0/24

 

I'm doing some more testing on this theory.

 

Thanks Brian