With its new architecture, vRealize Operations unified UI is expected to get lots of HTTPS requests traffic, so it makes a lot of sense to load balance it, no?!
Virtualization, storage and network admins, NOC teams, application owners and more are your potential vRealize Operations users. With VMware consistent UI improvement initiative and HTML5 roadmaps, the need to use network load balancers is something one should always consider.
With that been said, the good old vCloud Networking and Security (vCNS) Edge (aka vShield Edge) is considered a solid load balancer device for our vRealize Operations cluster.
In this post, I will not go over the details on how to deploy the vCNS appliance, Instead I will focus more on the Edge deployment and load balancing configuration. If you want to learn the basics, jump over to “THEITHOLLOW” by Eric Shanks where he did a very nice and simple “getting started” guide.
Lab Physical Edge Deployment Diagram
In the below figure, you can see my Edge deployment diagram. Remember, this is just a lab environment and probably not even close to a datacenter deployment topology – it is here only for some visualization.
Edge Deployment
Log in to your vCNS, select you datacenter object and under the Network Virtualization tab and click on Edges. You are now ready to start the deployment wizard.
Remember, this is my lab environment and for that reason I’ve decided not to go wild – Compact mode without enabling HA is good enough for me.
Configure your external uplink vNIC by choosing the proper vSwitch/vDS portgroup and configuring its IP, Subnet and default gateway.
In real life, it is unlikely you will configure your firewall with “any-any” rule and so as I. Later, we will configure the proper HTTP/HTTPS Allow rule but for now, I am leaving it to deny the default traffic policy.
At this point, the Edge appliance will be deployed in your vCenter.
After the deployment has finished, we need to manage the edge appliance and configure the internal network vNIC, load balancer group and FW rules.
Internal vNIC Configurations
Within the “Configure” tab, select “Interfaces” and edit “vNIC1”, which will be our Internal Edge interface.
Once again, select the vSwtich/vDS portgroup and assign the right IP and subnet.
Load Balancer Configurations
Now that you have both your external and internal interfaces in place, it’s time to do some Load Balancer magic.
Go over to “Load Balancer” tab and under “Pools”, click the Plus button to add a new pool. For the purpose of this post, I went with the default Services and Health Check parameters.
Add your vRealize Operations cluster nodes as new members in the pool.
After creating the pool, we need to enable the Load Balancer service and publish the changes we have made.
The next step after creating the pool is to assign a Virtual Server to the pool. For those of you who are new to load balancers terminology, Virtual Server represent the virtual IP or VIP.
Go over to the “Load Balancer” tab and under “Virtual Servers”, click the Plus button to add a new VS.
In the “Existing Pool” dropdown, select the pool we have just created and remember we are load balancing both HTTP and HTTPS requests, so make sure those are selected as well.
The LB part is now done – we have both our pool and VIP in place. At this point, you will notice that the Edge has created the proper NAT rules in order to support the configurations.
Firewall Configurations
The last step is to allow HTTP and HTTPS traffic to go through the Edge Firewall.
Under the “Firewall” tab, click the Plus button to add a new FW rule and configure it to accept HTTP and HTTPS request. I’ve created a very basic rule “any to any” rule but outside my lab environment, I would have probably change it to be more specific when it comes to source and destination.
Does it really work?!
That’s it, all that is left now is to open your browser and enter the vRealize Operations cluster Virtual Server IP.
If you want a proof that this entire procedure works and the load balancer kicks-in, go to the “Statistic” tab and notice how Load Balancer traffic is starting to work as soon as you hit the VIP URL.
Congratulations, you now have a 2-node vRealize Operations High Availability cluster behind a vCNS Edge Load Balancer. Please share your feedback in the comment form below.
