Load balancing VMware Horizon

How to load balance VMware Horizon

Connection Servers broker client connections, authenticate users, and direct incoming requests to the correct endpoint. Although the Connection Server helps form the connection, it typically does not act as part of the data path after the connection is established.

Security Servers are installed in the DMZ and add an additional layer of security between the Internet and the internal network for external users. Each Security Server must be paired with a Connection Server and forwards all traffic to that instance. This pairing requires the Connection Server to be in tunnel mode, which means it is not suitable for internal client connections, so two sets of Connection Servers are needed – one to handle connections from the paired Security Servers, the other to handle internal clients.

Access Point is a hardened SUSE Linux based appliance introduced in v6.2 as an alternatively to Security Server. Access Point was renamed Unified Access Gateway (UAG) in Horizon v7.0. UAG is now the preferred option over Security Server. Access Point / UAG is not paired, so only one set of Connection Servers is needed for both external and internal clients.

For high availability and scalability, VMware recommends that multiple Connection Servers and multiple Unified Access Gateways are deployed in a load-balanced cluster.

The load balancers can be configured in various ways to support internal and external clients as detailed in the deployment guides referenced below.

VMware Horizon Protocol Table