cannot load balance security servers in our vdi environment
hi, all
we are faced with a problem, after deploying the vmvare view iapp to implement a vdi environment. Due to issues with 2 factor authentication, we decided to only loadbalance, so the bigip publication is loadbalancing directly towards 2 security servers, which then offloads to the connection servers.
The strange bit is, that each server works perfectly when in a single server mode, but when we add the second security server to the pools, we see that connections will be dropped, and only one server really processes the traffic correctly.
We have opened up for all required tcp/udp ports through our firewalls, otherwise the connections wouldnt work when we are running only one server.
Anyone else out there that has faced this similar scenario, or at least have some good advice for me?
If the servers use stateful information (seems likely) and do not sync this between each other, you probably need to ensure that sessions are "sticky" or "persistent" (i.e. all requests for a specific session go to the same pool member). Using source ip persistence on the pool would be a good way to test if this works for you and then you can work to make the persistence more specific to your application (via cookie hash or universal persistence etc) after that.