Michael Payne Posted May 10 Share Posted May 10 We have 4 gateways setup on NetScalers in 2 datacenters(2 per datacenter an internal and external gateway so we can control auth differently. We are using an Active-Active glsb setup for the Gateways with a single url. With a Storefront setup in each datacenter, the session policies for the gateway point to the unique name of the storefront lb server in the DC that gateway that resides. For external users this works how we want as the workspace app cannot resolve the dns name for the storefront server. The issue we're internal connections (mostly users on a VDI running published apps on that VDI). Once the Workspace app connects to a storefront, no matter which gateway it connects to, it keeps that storefront. So if the storefront it is connected goes down it errors out and requires a reset of the workspace app to pick up the other one from the other gateway. Ideally I'd like the workspace app to work like the browser does and connect to which ever gateway they get through GSLB. We setup an internal store so we can control the settings of the internal store differently from the external one. We've set it up with a beacon that's not valid internally so it always thinks it is outside. We've changed the authentication setup to only allow pass through from the gateway, keeps it from SSO. The goal is to make it completely redundant so if a gateway and/or a storefront it'll require no intervention on anyone to keep working. Are we trying to do something that's not possible? Link to comment Share on other sites More sharing options...
Michael Payne Posted May 10 Author Share Posted May 10 moved to the gateway forum Link to comment Share on other sites More sharing options...
Jeff Riechers Posted May 12 Share Posted May 12 Are the users connecting to the Storefront directly, and then having Optimal Gateway Routing have them going to Gateways? Or does the workspace App talk directly to the gateway and never see the storefront url. I have seen this if the Storefront URL is the same as the Gateway URL. So what I do to mitigate it is set the Storefront URL to a different address, and set the beacons to be non-accessible so that it will never try and connect to the storefront bypassing the gateway. Now Workspace will still cache some information, so if the Storefronts are not replicated together the IDs in the cached published resources won't match to the new storefront, so it will require either a refresh, or a full reset. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now