Has anyone tried to load-balance two ICG’s behind F5 or NetScaler? The KB out there is just doing a basic reverse proxy for a single one. Wasn’t sure if it was supported, and I assume we’d need some sort of basic persistence etc.
You can use a Citrix ADC with SSLBridge. But i think this is currently not supported
Yeah – I saw that being done with just a single one in the KB. Is it fully supported to have multiple behind a single VIP, though?
I think that covers UMS, Udo. I’m interested specifically in multiple ICG instances behind a VIP. That’s a great post, though!
@member are you referring to kb.igel.com/endpointmgmt-5.08/en/load-distribution-with-a-number-of-load-balancers-22460739.html ?
No – strictly talking ICG. If I wanted to have multiple ICG instances, is putting them behind a single VIP possible / supported?
@member sorry, was too fast 🙂
I’m not actually sure. On the UMS side I think it’s possible to add several ICG servers. From the perspective of the thin clients I don’t know whether the the client only needs the IP / FQDN plus the correct certificate, or whether it also looks at the Process ID. In the latter case, would the thin client freak out if it connected to the VIP and was presented with a different Process ID? I don’t know.
Only one way to find out!
Yep that was my thought too, David. I was planning on testing but didn’t want to setup anything that was not supported.
Is there a particular reason why you need load balancing on the ICG? Large number of devices connecting?
Yeah particularly now – also HA purposes.
After talking to Jason Hwa, it appears that the IGELs in modern firmware versions are aware of other ICGs added in UMS, so the devices can perform their own load-balancing. I was not aware of that and will attempt to build another one on a different port and report back!
(using same public name / public IP but different port so we don’t use another public IP and can use the same cert)
Which firmware versions are aware of other ICGs?
Looks like this actually was not the case but could be utilized in a future release… stay tuned!
@member Our UMS shows that some igel devices are connecting to an ICG server that has not been used to register devices yet. For example we have igels registering via ICG on ICG1, ICG2, ICG3. We have ICG4 and ICGv5 connected to our UMS but have not asked anyone to register using 4/5.
Ah, so it does appear that they do get config for all ICGs configured in UMS?
Seems like it. Do you know from which version this is the case? @member
@member would you know which version?
Will ask and come back to you!
@member Did we ever get that version? Thank you
I didn’t received Feedback but should be >11.03.*
we found out it starts at 10.05.500
Continue reading and comment on the thread ‘How to load-balance two IGEL ICG servers behind F5 or NetScaler? ‘. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.
Submit a question, or Join Today!
Popular Message Threads
- How to Install IGEL OS via a Bootable USB Drive
- Error “AM_ERROR_AUTH_NETWORK_ERROR ” adding store in Citrix Workspace App version 20.x on IGEL OS 11.04
- Receiving error: “Citrix Receiver cannot create a secure connection in this browser” when launching a secure connection from Firefox on IGEL OS
- Error connecting to Citrix StoreFront “Error adding store: Http error”
- How to change the default IGEL UMS admin password?
- IGEL UD3 (LX50) randomly get this error with Citrix: The X Request 130.1 caused error :”10: BadAccess ( attempt to access private resource denied) any ideas?
- Where to delete the certificates that cause ‘invalid certificate’ when trying to import an IGEL into UMS?