HA High Availability to Remote Workers with VMware UAG HA

0

There is no doubt that as of late, many organizations including your own have been looking into remote access for remote workers and the solutions to make this happen. Often it starts out as a bronze solution and you hope to evolve it to the gold solution that contains a design that takes into account high-availability. After all, if you have most of your workforce now working remotely, what happens if you have a critical component in the chain go down?

You want to make sure you have HA high availability to remote workers. Using VMware Horizon, you most likely have a Unified Access Gateway sitting in front of your Horizon Connection Server(s). UAG HA is a built-in and simple to configure solution that provides high-availability to your UAG environment. Let’s take a look at HA High Availability to Remote Workers with VMware UAG HA and how this is configured.

What is VMware Unifed Access Gateway UAG HA?

Let’s first talk about what Horizon Unifed Access Gateway UAG HA functionality that is built into the solution right out of the box. While VMware is still supporting third-party load balancers in front of the UAG solution to provide both load balancing and high-availability, UAG has a means to do the HA high-availability component right inside the solution and in a very simple and easy to configure way, without the need for a load balancer in front of the solution.

With VMware UAG HA, a virtual IP address is configured for use with your UAG appliances. This virtual IP will serve as the IP address that will be used for the entire group of UAG appliances. In addition to a virtual IP address, a Group ID is configured that works to allow coordinating the virtual IP address.

A quick list of prerequisites includes:

  • A unique virtual IP address
  • A Group ID
  • The same SSL certificate on all the UAG appliances

There are limitations to be aware of with this configuration as well:

  • Only IPv4 is supported
  • Only TCP HA is supported and not UDP
  • Only XML API traffic to the connection server uses high-availability
  • HA does not distribute load for the dispaly traffic such as Blast, PCoIP, and RDP.

Configuring VMware UAG HA

How is the VMware UAG HA configuration implemented? It only requires a few steps to stand up, which is the beauty of the solution. Navigate to the UAG Advanced Settings > High Availability Settings and click the settings cog to turn on the HA solution.

Under-advanced-settings-configure-UAG-HA-settings HA High Availability to Remote Workers with VMware UAG HA
Under advanced settings configure UAG HA settings

Flip the toggle button to Enabled for High Availability. You will notice when you toggle the setting to Enabled, you will be prompted to enter a Virtual IP Address and a Group ID.

Turn-on-the-VMware-high-availability-setting HA High Availability to Remote Workers with VMware UAG HA
Turn on the VMware high-availability setting

After entering the VIP and Group ID, save your settings.

Enter-a-unique-VIP-address-and-assign-a-group-ID HA High Availability to Remote Workers with VMware UAG HA
Enter a unique VIP address and assign a group ID

The settings will process for a few moments while enabling the HA solution. In my case, I am setting up two UAG boxes in an HA configuration. As you will see, one box will be elected the Master.

Master-node-assigned-for-VMware-UAG-HA HA High Availability to Remote Workers with VMware UAG HA
Master node assigned for VMware UAG HA

The other UAG appliance will be configured as the Backup appliance as you see below.

Backup-node-assigned-for-VMware-UAG-HA HA High Availability to Remote Workers with VMware UAG HA

Two-Factor Authentication

With the UAG, you can configure two-factor authentication by means of RADIUS. I am pleased to confirm in the UAG HA configuration, the Duo two-factor configuration works as long as you configure both IP addresses to work in two different RADIUS configuration sections like below:

[radius_server_auto1]
ikey=<ikey>
skey=<skey>
api_host=<your Duo host API URL>
radius_ip_1=192.168.30.32
radius_secret_1=<your secret>
failmode=secure
client=ad_client
port=1812

[radius_server_auto2]
ikey=<ikey>
skey=<skey>
api_host=<your Duo host API URL>
radius_ip_1=192.168.30.33
radius_secret_1=<your secret>
failmode=secure
client=ad_client
port=1812

Wrapping Up

Providing HA High Availability to Remote Workers with VMware UAG HA is an extremely simple process to configure and it is built-in to the solution which makes it seamless to deploy.

Unlike a third-party load balancer, you don’t have to worry about additional complexity to the solution to get up and running with HA. Especially in lieu of recent weeks when most didn’t really have time to prepare or perhaps design out a remote work solution, having solutions that are seamless, easy to deploy, and administer makes providing powerful solutions quickly, achievable.

StarWind VSAN