Solved

XenApp6 WI Load balancing

Posted on 2012-03-21
7
725 Views
Last Modified: 2012-03-26
I am trying to set up a HA Citrix Farm in the Amazon cloud. I am thinking of deploying two WI servers. I am not a big Citrix Expert but as far as I know the remote client will connect to the WI via HTTPS and then open a connection using ICA protocol port.

I can balance the HTTPS without any problems using an Elastic Load Balancer and keeping sticky session, but however I cannot do the same with the TCP/ICA connection and the balancer may change from one WI to the other which I guess will break the session of the user.

Does anyone have any idea/suggestion on how to avoid this? In worst case I would set them up to work as primary and failover but I would like to be able to use both to leverage the load.

Many thanks.
0
Comment
Question by:jimbobrocks
  • 4
  • 3
7 Comments
 
LVL 23

Expert Comment

by:Ayman Bakr
Comment Utility
When using load balancing appliance you can load balance the gateway (https), the Web interface servers, and even the XML servers if you want.

However, I didn't quite get what do you mean by load balancing TCP/ICA and what/why do you want to achieve that.
0
 

Author Comment

by:jimbobrocks
Comment Utility
Hi there,

As far as I know once you access the WI you download a ICA file when you click an application, that ICA file launchs the Citrix Client which opens a binary TCP connection to the balancer again. Unfortunately I cannot balance based on source IP (ELB only will allow me to balance based on cookies sessions) so the binary Citrix connection can go to a different server or in the middle of the session to be changed to another server WI. I expect this to cause all kind of troubles. Am I correct?

So I wanted to know if someone achieved some solution to this or I will just need to make them work in failover mode.

Regards.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
Comment Utility
When you use load balancing you would want to achieve a balance to the load incoming on the Web interface servers (as well as if you wish on the XML broker servers).

The XML broker server returns at the end of the whole communication the ica file to the web interface which in turn returns it to the client. That file will contain the XenApp server with the least load (which is the role of the data collector - the data collector returns the least loaded server using an intelligent algorithm).

At this point, the client will no longer need the web interface. It will directly contact the XenApp servers to access its applications.

Therefore you use load balancing appliances to load balance the Web Interface servers (and XML brokers if you wish) and you leave the Data Collector to load balance your XenApp (which is by design).
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:jimbobrocks
Comment Utility
Hi there,

Mh that it is interesting. Does it mean that the ICA file will have the IP of the XenApp server the application it is running in? So WI and XML Services are not used again until next application it is launched?

Regards.
0
 
LVL 23

Expert Comment

by:Ayman Bakr
Comment Utility
The web interface and XML is used to validate the user credentials and enumerate all the user's applications and this is the point where the user sees all his applications.

Once the user launches the first application the data collector will return the least loaded server hosting that application. If session sharing is enabled, each subsequent application (also hosted on that server) would launch on the same server. When the user launches an application not hosted on that server, the data collector will return another least loaded server but this time hosting that application. At which point the client will have more than one server to contact.
0
 

Author Comment

by:jimbobrocks
Comment Utility
Forgot to mention the WI is NATed (it will be exposed to the Internet). So it is ok for me to assume only HTTP(s) needs to be load balanced to have a functional HA farm?
0
 
LVL 23

Accepted Solution

by:
Ayman Bakr earned 500 total points
Comment Utility
So you're having SSL certificates on your two Web Interface servers to provide HTTPS connection.

Yes, you will only need to load balance your web interface servers. Your XenApp servers are load balanced by the Data Collector.

Two things to note:

1. It is not recommended security-wise to present the Web Interface servers directly to your external users. A security appliance that sits between your external users and the internal servers such as Citrix Access Gateway is a much more preferable and secure way.

2. Load balancing and HA are not the same!!! Load balancing as can be deduced from the name is when you want to distribute the load among the available servers to achieve superior performance. High availability is the term used when you want to minimize the downtime to a percentage as close to zero as possible. So if some servers go down, fail-over servers are available to take over making it transparent to the users/clients. In your case with 2 web interface servers; if you design each server to be capable of taking all the load alone; then you would achieve both - turning on load balancing to improve performance and being highly available if one goes down the other is capable of handling all the load.

Hope this helps.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Citrix XenDesktop 7.6 Citrix Policies Graphics
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now