[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 734
  • Last Modified:

XenApp6 WI Load balancing

I am trying to set up a HA Citrix Farm in the Amazon cloud. I am thinking of deploying two WI servers. I am not a big Citrix Expert but as far as I know the remote client will connect to the WI via HTTPS and then open a connection using ICA protocol port.

I can balance the HTTPS without any problems using an Elastic Load Balancer and keeping sticky session, but however I cannot do the same with the TCP/ICA connection and the balancer may change from one WI to the other which I guess will break the session of the user.

Does anyone have any idea/suggestion on how to avoid this? In worst case I would set them up to work as primary and failover but I would like to be able to use both to leverage the load.

Many thanks.
0
jimbobrocks
Asked:
jimbobrocks
  • 4
  • 3
1 Solution
 
Ayman BakrSenior ConsultantCommented:
When using load balancing appliance you can load balance the gateway (https), the Web interface servers, and even the XML servers if you want.

However, I didn't quite get what do you mean by load balancing TCP/ICA and what/why do you want to achieve that.
0
 
jimbobrocksAuthor Commented:
Hi there,

As far as I know once you access the WI you download a ICA file when you click an application, that ICA file launchs the Citrix Client which opens a binary TCP connection to the balancer again. Unfortunately I cannot balance based on source IP (ELB only will allow me to balance based on cookies sessions) so the binary Citrix connection can go to a different server or in the middle of the session to be changed to another server WI. I expect this to cause all kind of troubles. Am I correct?

So I wanted to know if someone achieved some solution to this or I will just need to make them work in failover mode.

Regards.
0
 
Ayman BakrSenior ConsultantCommented:
When you use load balancing you would want to achieve a balance to the load incoming on the Web interface servers (as well as if you wish on the XML broker servers).

The XML broker server returns at the end of the whole communication the ica file to the web interface which in turn returns it to the client. That file will contain the XenApp server with the least load (which is the role of the data collector - the data collector returns the least loaded server using an intelligent algorithm).

At this point, the client will no longer need the web interface. It will directly contact the XenApp servers to access its applications.

Therefore you use load balancing appliances to load balance the Web Interface servers (and XML brokers if you wish) and you leave the Data Collector to load balance your XenApp (which is by design).
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
jimbobrocksAuthor Commented:
Hi there,

Mh that it is interesting. Does it mean that the ICA file will have the IP of the XenApp server the application it is running in? So WI and XML Services are not used again until next application it is launched?

Regards.
0
 
Ayman BakrSenior ConsultantCommented:
The web interface and XML is used to validate the user credentials and enumerate all the user's applications and this is the point where the user sees all his applications.

Once the user launches the first application the data collector will return the least loaded server hosting that application. If session sharing is enabled, each subsequent application (also hosted on that server) would launch on the same server. When the user launches an application not hosted on that server, the data collector will return another least loaded server but this time hosting that application. At which point the client will have more than one server to contact.
0
 
jimbobrocksAuthor Commented:
Forgot to mention the WI is NATed (it will be exposed to the Internet). So it is ok for me to assume only HTTP(s) needs to be load balanced to have a functional HA farm?
0
 
Ayman BakrSenior ConsultantCommented:
So you're having SSL certificates on your two Web Interface servers to provide HTTPS connection.

Yes, you will only need to load balance your web interface servers. Your XenApp servers are load balanced by the Data Collector.

Two things to note:

1. It is not recommended security-wise to present the Web Interface servers directly to your external users. A security appliance that sits between your external users and the internal servers such as Citrix Access Gateway is a much more preferable and secure way.

2. Load balancing and HA are not the same!!! Load balancing as can be deduced from the name is when you want to distribute the load among the available servers to achieve superior performance. High availability is the term used when you want to minimize the downtime to a percentage as close to zero as possible. So if some servers go down, fail-over servers are available to take over making it transparent to the users/clients. In your case with 2 web interface servers; if you design each server to be capable of taking all the load alone; then you would achieve both - turning on load balancing to improve performance and being highly available if one goes down the other is capable of handling all the load.

Hope this helps.
0

Featured Post

Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now