Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Please reference the following KB article for legacy editions of Horizon: Horizon 7: Monitoring health of Horizon Connection Server using Load Balancer, timeout, Load Balancer persistence settings (94954)
This article provides information about Horizon 8 timeout settings, supported health monitoring string and suitable Load balancer persistence values.The intent of this article is to provide a reference point for both Horizon System Administrators and Network Administrators when deciding on appropriate configuration values for Horizon and equivalent persistence values for load balancers.
Note: VMware recommends Source IP persistence. Summary: Horizon has a default heartbeat interval of 30 minutes if you do not configure optional settings within Horizon such as "Forcibly Disconnect Users" or "User Idle Timeout"You can configure lower timeout values which are respected but the heartbeat interval cannot be extended beyond 30 minutes.If a Horizon Client heartbeat is missed 3 times in a row, the session is terminated.Loadbalancer persistence settings need to account for this with a persistence value of 90 minutes for a default configuration, or less if you have configured a lower timeout period.Please find a legend and Sample Scenarios below along with guidance and caveats in terms of Health Monitoring. Legend: ValueExplanationForcibly Disconnect UsersThis is a Global Setting in your Horizon Admin Console. In Horizon Console, you can configure global settings by navigating to Settings > Global Settings > General Settings (Global Settings for Client Sessions in Horizon Console ) | pae-MaxSessionTimeUser Idle TimeoutThis is a Global Setting in your Horizon Admin Console. Protects application sessions when there is no keyboard or mouse activity on the client device for a certain configured period | pae-UserIdleTimeoutHeartbeat Interval (set-last-user-activity)This is a session keepalive sent from the Horizon Client machine. The heartbeat interval (set-last-user-activity). If this interval expires, with no beat received & we miss three consecutive heartbeats, the session will endYou can see these being sent and received within the Horizon 2022-12-02T08:41:20.659-05:00 INFO (01) [libcdk] : CdkSetLastUserActivityTask_CreateRequest: Sending last user activity: 349. A maximum interval of 30 minutes between heartbeats is enforced - The period between heartbeat checks cannot be longer than 30 minutes. All larger idle timeout values, including never will be handled as a 30-minute interval If configured with values below 30 minutes, a combination of the values set for "Forcibly Disconnect Users" & "User Idle Timeout" apply. See Configuration Scenarios below. Example: This means for an idle timeout of one minute (the minimum value), heartbeats will be sent every 20 seconds, and this increases linearly to an idle timeout of 90 minutes (heartbeats every 30 minutes)Load Balancer PersistenceHeartbeats will never be further apart than 30 minutes. We allow the possibility of two consecutive heartbeats going astray but will tear down the connection if we miss three consecutive heartbeats. Examples of Potential Configuration Scenarios: Legend:T = "Forcibly Disconnect User's" value in minutesY = "User Idle Timeout" value in minutesZ = Heartbeat Interval value in minutes. Example Forcibly Disconnect Users User Idle Timeout Heartbeat Interval (set-last-user-activity) Load Balancer Persistence 1NeverNeverInterval is capped at 30mins90 minutes 2T MinutesNever If Z < 30 minutes, the Interval is Z30 minutes if Z> 30 90 minutes or Z Minutes if <303NeverY Minutes If Z < 30 minutes, the Interval is Z30 minutes if Z> 30 90 minutes or Z Minutes if <304T MinutesY Minutes If Z < 30 minutes, the Interval is T 30 minutes if Z > 30 90 minutes or Z Minutes if <30 Notes: Note: As of 8.4 HTML5 access has a "Forcibly Disconnect Users" setting. This is calculated in ms and should not be set higher than 24hrs, higher values will cause the result to be out of range. Deployment Options: Option 1Internal Users go through an Internal LB, by skipping the UAG.Client --> External LB --> UAG --> Internal LB --> CSOption 2One-to-one mapping of UAG with Connection Broker is recommended to have a fair distribution of loadClient --> LB --> UAG --> CSOption 3 Horizon Security Server Security Server Topologies Client --> LB --> Security Server --> CS Monitoring the Health of the Connection Server: To monitor load balancing health for a Horizon Connection Server, follow these best practices. The response received will allow the load balancer to determine where to route traffic. Polling Interval:30 secs (default recommended)Recommended Range:30 - 9000 seconds. Response Timeout:3 times the Polling Interval + 1 The Polling Interval recommendation of 30 seconds is to not flood the connection server with a high number of health check requests. Setting too low a value like 5 seconds or less is going to cause a higher load on the Connection Server and can lead to unexpected results. With a polling interval of the default 30 seconds, the Response Timeout would be 91 seconds. Example Calculation: 30 * 3 = 90 + 1 = 91 secs. Reference: Configuring Load Balancers for Horizon Connection Server Health Monitoring Load Balancer Limits: When multiple load balancers are configured to monitor the health of a server simultaneously, they can occupy a significant number of open threads on the connection server.This can lead to resource contention and potentially impact the server's ability to handle incoming requests. For example: In a scenario where 15 load balancers are set up to poll a single connection server every 30 seconds, it results in 15 requests being sent to the server within that time frame. If the server takes 2 to 3 seconds to respond, the remaining free thread count on the Tomcat server would be 85. This is a crucial consideration in a scaled environment. Essentially, try not to have more than two load balancers engaged in monitoring the health of a connection server. favicon.ico is the only supported configuration for monitoring connection server health from load balancers HTTP Response with monitoring strings: 200 OKThe Connection server is responsive to brokering requests.500 Internal Server ErrorThe Connection server is not responsive to brokering requests. Monitoring StringUsage Description GET /favicon.ico HTTP/1.0 or GET /favicon.ico HTTP/1.1 Supports the broker disable status. Sends back 500 status code when it cannot broker end-user sessions. Monitoring the Health of Unified Access Gateway (UAG)Configure Unified Access Gateway System Settings UAG has a Maximum number of TCP connections allowed per TLS session / Maximum Connections per SessionThe default value is 16 From Unified Access Gateway Load Balancing Topologies in the UAG Deployment Documentation :A load balancer monitors the health of each Unified Access Gateway appliance by periodically sending an HTTPS GET /favicon.ico request. For example, https://uag1.myco-dmz.com/favicon.ico. This monitoring is configured on the load balancer. It will perform this HTTPS GET and expect a "HTTP/1.1 200 OK" response from Unified Access Gateway to know that it is "healthy". If it gets a response other than "HTTP/1.1 200 OK" response or does not get any response, it will mark the particular Unified Access Gateway appliance as down and will not attempt to route client requests to it. It will continue to poll so that it can detect when it is available again.Samples: These example configurations are provided 'as-is'Please refer to UAG documentation and Load Balancer Vendor documentation for your particular release for the most current and relevant settingsIncorrectly crafted health checks and excess frequent health checks do lead to unexpected outcomes. Verification against the latest available documentation for the various devices involved is encouraged. Please engage VMware Support in parallel with your Load Balancer vendor when encountering issues to ensure optimum resolution times. Sample Health Monitor Configuration for an Avi Vantage Load Balancer:Reference: Configure Avi Vantage for VMware Horizon Health Monitor Port: 443 Client Request Data: GET /favicon.ico HTTP/1.1 Response Code: 2XX SSL Attributes: Enabled SSL Profile: System-Standard Maintenance Response Code: 503 Sample Health Monitor Configuration for Health Monitor for an F5 Load Balancer:Reference: F5 Deployment Guides Interval: 30 Timeout: 91 Send String: GET /favicon.ico HTTP/1.1\r\nHost: VIP.FQDN\r\nConnection: Close\r\n\r\n Receive String: 200 OK Page last reviewed: October 2023Next review due: December 2023
Legacy release details are available here: Horizon 7: Monitoring health of Horizon Connection Server using Load Balancer, timeout, Load Balancer persistence settings (94954)