Hi!
Is it possible to load balance NX (TCP) traffic between two servers ?
With free edition ?
With enterprise edition ?
NX is SSH-like protocole used by NoMachine, remote desktop solution.
Thanks!
HiCat
Basic TCP load balancing is possible.
Usually problems are application carrying IP addresses (like FTP) that require secondary data sessions, or application switching to UDP.
As long as you are forwarding a simple TCP session, it woll work just fine.
Hi!
I fear NoMachine NX protocol is not compatible with PROXY protocol of HAProxy so IP source address will be unknown for the NoMachine server (it will only see IP add. of HAProxy).
It’s a problem for traceability needs.
Is that true ?
HiCat.
Regarding the proxy protocol, as this is stacked, the NX protocol is not relevant here.
Not even HTTP is “compatible” with the PROXY protocol, because it is the wrong question to ask.
What matters is whether the implementation on the server supports the PROXY protocol.
OK
So, if the implementation on the NoMachine servers does not support the PROXY protocol, IP source address (client) will be unknown for the NoMachine servers (they will only see IP add. of HAProxy) ?
What could be the solution ?
A tunnel with logs capability between client and HAProxy ?
What else ?
Thenks.
Correct, you will see the source IP of haproxy connecting.
You can put the haproxy instance as a default-gateway and use transparent mode (with a few iptables trickes). However this is complicated and requires you to modify your network setup.
There is no other solution, other than having the PROXY protocol implemented on the server side.
Hi!
I did more testing…
Without “send-proxy” option in haproxy.cfg, TCP LB is working quite well with NX servers but of course I lost IP address of the client in NX servers logs.
But I have another annoying problem : 1 time out of 2, I get an indentity warning about a NX server of the cluster. The client is unable to save both public keys of the 2 members of the cluster in the local file hosts.crt on client side ! 
How could I solve that ?
NB: I don’t have the problem with SSH.
I found a solution to use “send-proxy” option in haproxy.cfg although NX servers don’t support PROXY protocol. 
The solution is to install go-mmproxy (open source) on both NX servers. It receives NX+PROXY flow and “translates” it to NX only. The IP address of the client is well forwarded and visible in logs on NX servers.*
BUT, I get a server identity warning at each login !
No prob wtih SSH, I fear it’s a pure NX problem and NoMachine support says it can’t reproduce it !!!
Any idea ?
Thanks !
HiCat