Configuring UDS Enterprise in HA€¦ · Page 3 of 17 UDS Enterprise Configuring UDS Enterprise in...

of 17

UDS Enterprise Configuring UDS Enterprise in HA

www.udsenterprise.com

Introduction The components of UDS Enterprise (UDS Server and UDS Tunneler) can be configured in high availability (HA) so that in case of drop any of these items, either due to a failure of the hypervisor that hosts or failure of the Virtual Appliance itself, a user or administrator does not lose access to the system. UDS Enterprise HA can be configured using any load balancer that supports TCP and HTTP modes. This document is an example configuration using the HAProxy software.

Necessary elements For a successful deployment of high-availability in UDS Enterprise, the following items are needed:

Server HAProxy

Server in charge of providing users with access to several UDS Enterprise servers. Access will be in mode active - active. In this example a single HAProxy server is configured in standalone mode, but for production deployments it is recommended to have multiple HAProxy servers.

MySQL Server

Database server where UDS server keeps all your records. In this example a single MySQL server is configured, but for production deployments it is recommended to have multiple MySQL servers in the cluster.

UDS Server (broker)

The main element of UDS Enterprise software. It supports HA configuration of version 1.9.1. You will need to deploy at least two UDS servers.

Tunel UDS Server

The element that provides access to users from a WAN to virtual desktops and applications, and HTML5 access to virtual desktops. You will need to deploy at least two Tunel UDS servers.

Universal Desktop Services White Paper Versiones Software UDS

http://www.udsenterprise.com/

https://twitter.com/UDSenterprise

https://www.linkedin.com/company/5210189?trk=tyah&trkInfo=clickedVertical:showcase,clickedEntityId:5210189,idx:1-1-1,tarId:1444127275437,tas:uds enter

https://plus.google.com/b/112894197288620190473/112894197288620190473/posts

https://www.youtube.com/user/UDSEnterprise/featured

https://www.facebook.com/udsenterprise

of 17



Requirements In this HA UDS Enterprise configuration example there have been used the following resources:

HAProxy:

o S.O. and resources: Linux Server Debian 8.4.0 x64 with 1 GB of RAM, 15 GB of disk, 1 NIC

o IP Data: 1 IP address, network mask, Gateway and DNS o Internet access o Certificate: It is necessary to have or generate a valid certificate in PEM

format for SSL connections

MySQL:

o Virtual Appliance UDS_MySQL (provided by VirtualCable): 1 GB of vRAM, 8 GB of disk, 1 vNIC

o IP Data: 1 IP Address, network mask, Gateway and DNS o DB Data: DB Instance, username and password (by default, instance:

uds, username: uds, password: uds)

UDS Server (broker):

o Virtual Appliance UDS_Server (provided by VirtualCable): 1 GB of vRAM, 5 GB of disk, 1 vNIC

o IP Data: 1 IP Address, network mask, Gateway and DNS o Valid serial number for UDS Enterprie version o MySQL DB Connection Data: IP Address, DB Instance, username and

password

UDS Tunnel Server:

o Virtual Appliance UDS_Tunel (provided by VirtualCable): 1 GB of vRAM, 5 GB of disk, 1 vNIC

o IP Data: 1 IP address, network mask, Gateway and DNS o HAProxy Service IP Address







of 17



Configuration

1. HAProxy We would install a Linux Debian 8.4.0 x64 server with the following configuration:

Machine name: HAProxy IP: 192.168.11.100 Resources: 1 vCPU, 1 GB of RAM, 15 GB of disk y 1 vNIC (with internet

access) Step 1 Before installing HAProxy it is necessary to have a certificate (in .PEM format) for SSL connections. If you don’t have a ready one you can autogenerate it in the following way:

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /root/ssl.key -out /root/ssl.crt

You will be prompted to provide a set of data to complete the certificate:







of 17



Once created, you will have to create the file .pem

cat /root/ssl.crt /root/ssl.key > /etc/ssl/private/haproxy.pem

Step 2 You would install HAProxy software:

apt-get install haproxy







of 17



Step 3 Edit HAProxy configuration file: /etc/haproxy/haproxy.cfg Add redirection rules to the end of the file:







of 17



Example of haproxy.cfg content: global log /dev/log local0 log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin stats timeout 30s maxconn 2000 user haproxy group haproxy daemon # Default SSL material locations ca-base /etc/ssl/certs crt-base /etc/ssl/private # Default ciphers to use on SSL-enabled listening sockets. # For more information, see ciphers(1SSL). This list is from: # https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+A$ ssl-default-bind-options no-sslv3 defaults log global mode http option httplog option dontlognull option forwardfor retries 3 option redispatch stats enable stats uri /haproxyStats stats realm Strictly\ Private stats auth admin:temporal stats auth user:temporal timeout connect 5000 timeout client 50000 timeout server 50000 errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http

frontend http-in bind *:80 mode http reqadd X-Forwarded-Proto:\ http default_backend uds-backend frontend https-in bind *:443 ssl crt /etc/ssl/private/haproxy.pem mode http reqadd X-Forwarded-Proto:\ https default_backend uds-backend frontend tunnel-in bind *:1443 mode tcp option tcplog default_backend tunnel-backend-ssl frontend tunnel-in-guacamole # HTML5 bind *:10443 mode tcp







of 17



option tcplog default_backend tunnel-backend-guacamole backend uds-backend # redirect scheme https if !{ ssl_fc } #redirect http to https balance source option httpclose server uds1 192.168.11.102:80 check server uds2 192.168.11.103:80 check backend tunnel-backend-ssl mode tcp option tcplog balance source server udsts1 192.168.11.104:443 check server udsts2 192.168.11.105:443 check backend tunnel-backend-guacamole mode tcp option tcplog balance source server udstg1 192.168.11.104:10443 check server udstg2 192.168.11.105:10443 check

Step 4 Start service haproxy and test it’s in execution:

service haproxy restart service haproxy status

Make sure the service autostarts with the server.







of 17



2. MySQL Installation of Virtual Appliance MySQL provided by VirtualCable with the following configuration:

Machine name: mysql IP: 192.168.11.101 Resources: 1 vCPU, 1 GB of RAM, 8 GB of disk and 1 vNIC

Step 1 Configure a static IP:

Step 2 Test connectivity with HAProxy Server:







of 17



3. UDS Server (Broker) Install two Virtual Appliances UDS Server (broker) provided by VirtualCable following this configuration:

Machines name: UDSServer01 and UDSServer02 IP: 192.168.11.102 (UDSServer01) and 192.168.11.103 (UDSServer02) Resources: 2 vCPU, 1 GB of RAM, 5 GB of disk and 1 vNIC (for each

Virtual Apliance UDS Server)

Step 1 Provide a valid Serial Number of UDS Enterprise:

Step 2 Introduce configuration data of the Virtual Appliance:







of 17



Step 3 Configure MySQL DB access data:

Step 4 Complete access data of the administrator user of UDS platform by providing username and password of superuser of the virtual appliance UDS Server:







of 17



Step 5 Test and finalize the configuration of the Virtual Appliance:

This is to be repeated for the second UDS Server (UDSServer02) except for IP field where you should provide IP of the second server.







of 17



4. UDS Tunnel Install two Virtual Appliances UDS Tunnel, provided by VirtualCable, with the following configuration:

Machine names: UDSTunel01 and UDSTunel02 IP: 192.168.11.104 (UDSTunel01) and 192.168.11.105 (UDSTunel02) Resources: 2 vCPU, 1 GB of RAM, 5 GB of disk and 1 vNIC (for each

Virtual Appliance UDS Tunnel) Step 1 Introduce configuration data of the Virtual Appliance:

Step 2 Provide the IP of UDS Server, which in a High Availabality configuration, is the IP of HAProxy Server:







of 17



Step 3 Define the root user password of the Virtual Appliance UDS Tunnel:

Step 4 Test all data and finalize the configuration of the Virtual Appliance:

This is to be repeated for the second UDS Tunnel (UDSTunel02) except for IP field where you should provide IP of the second server.







of 17



UDS Enterprise Web Access Once all the elements are configured, you can have access to UDS Enterprise login window using the IP of HAProxy Server:

Access users will be automatically balanced across the two UDS servers, and if one of them drops all requests will be redirected to the active server. When a user accesses a desktop or virtual application through the component UDS Tunnel, connections will be divided between the two servers, and if the active server to which the user is connected drops, the connection is cut. But to perform new access to the service he will be connected through another tunnel active server.







of 17



UDS Enterprise Advanced Parameters When configuring UDS Enterprise for the access to be made through a load balancer, the system will detect the IP address of the client as Balancer IP:

This can cause problems when using an IP authenticator or detecting network configurations of transport through network filter. To solve this problem, we must tell the system that the UDS servers are behind a proxy by enabling the option "Behind a proxy" located in the section: Tools - Configuration - Security







of 17



Once this option is enabled, test if the detection of client IP is performed correctly:







of 17



Support and Professional Services VirtualCable markets UDS Enterprise through a subscription model, including support and updates, as the number of users. In addition, VirtualCable provides professional services to install and configure UDS Enterprise and other virtualization technologies.

For more information, visit www.udsenterprise.com or email us at [email protected]







Configuring UDS Enterprise in HA€¦ · Page 3 of 17 UDS Enterprise Configuring UDS Enterprise in...

Documents

Transcript of Configuring UDS Enterprise in HA€¦ · Page 3 of 17 UDS Enterprise Configuring UDS Enterprise in...