Monthly Archives: February 2015

Load balancing Horizon View security servers

This question comes quite often in the forums, and since VMware’s documentation lacks in my opinion, i decided to give a brief explanation on how to do it.

What i will describe here is the use of load balancer and a group (2 or more) of security servers behind it (it can be implemented the same way for connection servers). I assume all servers are installed and paired with connection servers.

So here goes, first we need to understand how Horizon network flows work. When a user connects he first creates a session to one of the security servers, where he authenticates (ad/ RSA, smart card) if he authenticates another session is established between the user to the security server. This understanding of this is crucial because the all process is based on that.

So lets break the network flow a bit, first the load balancer should load balance just https, because it load balances just the authentication process (there is no load balancing of PCoIP / RDP/ Blast). So a user connects to the FQDN of the load balancer (done over https). The load balancer will direct it to one of the security servers for the authentication process. if he is authenticated, the security server will send to the client the fqdn for the second session (for the example lets say PCoIP) , the fqdn should be configured in the security server’s configuration in the administrator’s page. then the user connects directly to the security server based on the fqdn.

That means couple of things:

1. The sessions themselves are never load balanced. They are not going through the load balancer.

2. Each security server will have different fqdn’s configured in the administrator’s page.

3. the security servers must have FW rules allowing access from the internet and real public ip.

Lets say the load balancer address is, and we have 2 security servers,

The server configuration in the administrator’s page will be:



blast: configuration will be similar but with its fqdn and public ip.

Hope i made it a little bit clear.

Tagged , ,

Checking certificates expiration using Powershell

As the usage of signed certificates grows, the need for an automated way to check them grows as well.

Its not nice to discover your vCenter is disconnected from everything just because you forgot to renew its certificate.

Luckily, its quite easy to script it using powershell:

$urls = @(‘’,’’,etc…)

foreach ($url in $urls )


$req = [Net.HttpWebRequest]::Create($url)

$req.GetResponse() | out-null

$expiration = $req.ServicePoint.Certificate.GetExpirationDateString()

$url, $expiration


This will print each website with its expiration date, you can also use ports , if the server have more then one certificate installed on it.

Tagged , ,