1. Horizon Linux Multi-Session Farms
Linux can and has been a fundamental platform for developers to work from. From a licensing perspective, in many cases organization like to keep costs down in favour and would then consider Linux as an alternative. The Linux integration with VMware Horizon is not well documented. Like the Windows Operating system where we have both Virtual Desktop infrastructure and RDS Published applications, Linux too has a Virtual Desktop and Application based offering. In this session we will look at the RDS equivalent of Linux, that being Linux Multi-Session. One of the objectives in this guide is take you through step by step to deploy a Linux based Multi-Session Farm and then have Published Applications.
Full credit to Rahul Jha in the EUC-Livefire team to bring together the underlying requirements to make this work
Part 1. Preparing an Ubuntu base for Horizon Linux Multi - Session for Site 1
We will complete the following tasks
- We domain join the Linux Master
- We configure TrueSSO for Linux Master
- We install the Horizon Agent
- On your Control Center server
- Open your Site 1 Chrome Browser
- On the Favourite Bar
- select the vcenter-01a shortcut
- Under Getting Started
- select the LAUNCH VSPHERE CLIENT area
- In the VMware vSphere client area
- In the username area
- enter [email protected]
- In the password area
- enter VMware1!
-
At the bottom of the screen
- Select LOGIN
- In the username area
- In the VMware vSphere client
- In the Hosts & Clusters Inventory
- select the LinuxMaster-1a virtual machine
- Note: Power on the LinuxMaster-1a if it's off
- In the Virtual Machine Details area
- Next to IP Addresses (2)
- make a note of YOUR specified assigned DHCP IP address
- Note: In the example its 172.16.10.151
- make a note of YOUR specified assigned DHCP IP address
- Next to IP Addresses (2)
- Minimize your Site 1 Chrome Browser
- In the Hosts & Clusters Inventory
- On the ControlCenter server desktop
- Select and launch the Putty shortcut
- In the Putty Configuration window
- under Host Name (or IP address)
- enter Your DHCP IP address for LinuxMaster-1a
- under Saved Sessions
- enter LinuxMaster-1a
- in the Saved Sessions area under Load
- select Save
- select Open
- under Host Name (or IP address)
- In the Putty Window
- next to login as:
- enter vmware
- next to password:
- enter VMware1!
- with your keyboard
- select ENTER
- next to login as:
- In the Putty window
- enter sudo nano /etc/hosts
-
next to password for vmware:
- enter VMware1!
- In the Putty window
- Verify in line 2 that we have already appended
- linuxmaster-1a.euc-livefire.com
- linuxmaster-1a
- With your keyboard
- press CTRL + X
- In the Putty window
- Install the winbind and samba packages
- enter the following command
-
sudo apt install samba krb5-config krb5-user winbind libpam-winbind libnss-winbind
- If prompted for Password, enter VMware1!
- If not, press Y to install.
- validate that winbind is already installed and its the newest version
-
sudo apt install tdb-tools
- If prompted for Password, enter VMware1!
- Install the winbind and samba packages
- In the Putty window
enter the following command
sudo nano /etc/samba/smb.conf
-
next to password for vmware:
- enter VMware1!
- In the Putty window
- with your Keyboard, move your Cursor down until its two spaces below [global]
- In the Putty window
- Copy the following from below
security = ads
realm = EUC-LIVEFIRE.COM
workgroup = EUC-LIVEFIRE.COM
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/%D/%U
template shell = /bin/bash
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
winbind use default domain = yes
restrict anonymous = 2
kerberos method = secrets and keytab
winbind refresh tickets = true
- Paste in your Putty console
- In the Putty window
- Using your keyboard,
- move your Cursor down, until you find workgroup = WORKGROUP
- Replace WORKGROUP with EUC-LIVEFIRE
- As shown in the screenshot above
- Using your keyboard,
- To Save the smb.conf
- Using your keyboard,
- Enter CTRL + X
- Press Y
- Press Enter to exit
- Using your keyboard,
- Retsart smbd.service
- sudo systemctl restart smbd.service
- In the Putty window
- enter the following command
sudo nano /etc/krb5.conf
- In the Putty window
- In the [libdefaults] section
- using your keyboard, move the cursor below default_realm = EUC-LIVEFIRE.COM
- paste the following one by one
- dns_lookup_realm = true
- dns_lookup_kdc = true
- In the [libdefaults] section
- In the Putty window
- using your Keyboard, move your Cursor down until you find {realms}
- leave your Cursor over the ATHENA.MIT.EDU
-
with your Keyboard
- press ENTER
- press the TAB key
- move your Cursor one row up
- In the Putty window
- Above ATHENA.MIT.EDU
- type in the following
- Above ATHENA.MIT.EDU
EUC-LIVEFIRE.COM = {
kdc = controlcenter.euc-livefire.com
admin_server = controlcenter.euc-livefire.com
}
- In the Putty window
- move your Cursor down to {domain_realm}
- Open a new row, between {domain_realm} and .mit.edu = ATHENA.MIT.EDU
- In the Putty window
- Below {domain_realm}
- type the following
- Below {domain_realm}
euc-livefire.com = EUC-LIVEFIRE.COM
.euc-livefire.com = EUC-LIVEFIRE.COM
- In the Putty window
- using your Keyboard
- enter CTRL + S to save
- enter CTRL + X to exit
- In the Putty window
- enter the following command
sudo nano /etc/nsswitch.conf
- In the Putty window
- change the following to
- Next to:
- passwd: files winbind
- group: files winbind
- shadow: files winbind
- Next to:
-
To Save
- Type CTRL + S
-
To Exit
- Type CTRL + X
- change the following to
- In the Putty window
- enter the following command
- sudo kinit administrator
- with your keyboard
- Press Enter
- Next to Password for [email protected]:
- type VMware1!
- enter the following command
- In the Putty window
- enter the following command
-
sudo klist
-
with your keyboard
- Press ENTER
-
with your keyboard
-
sudo klist
- enter the following command
- In the Putty window
- enter the following command
sudo net ads keytab create -U administrator
-
Next to Password for [EUC-LIVEFIRE.COM\administrator]:
- type VMware1!
- In the Putty window
- enter the following command
sudo net ads join -U administrator
- Next to Password for [EUC-LIVEFIRE.COM\administrator]:
- type VMware1!
- In the Putty window
- enter the following command
sudo systemctl restart winbind.service
- In the Putty window
- enter the following command
wbinfo -u
-
with your keyboard
- Press Enter
- In the Putty window
- enter the following command
- wbinfo -g
- with your keyboard
- Press Enter
- enter the following command
- In the Putty window
- enter the following command
sudo reboot
- next to [sudo] password for vmware:
- type VMware1!
- Press Enter
- In the Putty window (inactive)
- select the top left corner icon
- From the drop down menu
- select Restart Session
- In the Putty window
- next to login as :
- enter vmware
- with your keyboard
- press ENTER
- with your keyboard
- enter vmware
- next to password :
- enter VMware1!
- with your keyboard
- press ENTER
- with your keyboard
- enter VMware1!
- next to login as :
- On your Ubuntu desktop,
- To install the pkcs11 support package
- In the Putty session enter
-
sudo apt install libpam-pkcs11
-
when prompted for password
- enter VMware1!
-
when prompted for password
-
sudo apt install libpam-pkcs11
- On your Ubuntu desktop,
- to Install the libnss3-tools package
- In the Putty session enter
-
sudo apt install libnss3-tools
- with your keyboard
- Press ENTER (no password required)
- with your keyboard
-
sudo apt install libnss3-tools
- On your ControlCenter server
- select the START button
- In the Menu
- select Window Administrative tools
- In the Administrative Tools area
- select Certificate Authority
- In the Certificate Authority console
- select & right-click CONTROLCENTER-CA
- in the drop menu
- select Properties
- in the drop menu
- select & right-click CONTROLCENTER-CA
- In the CONTROLCENTER-CA Properties
- select View Certificate
-
In the Certificate window
- select the Details tab
- In the Certificate > Details tab
- select Copy to File....
- In the Certificate Export Wizard
- Welcome page
- select Next
- In the Certificate Export Wizard
-
Export File Format page
- next to DER encoded X.509 (.CER)
- select the radio button
- select Next
- next to DER encoded X.509 (.CER)
-
Export File Format page
- In the Certificate Export Wizard
-
File to Export page
- select Browse
- browse to C:\certificates\
- next to File name:
- enter certificate
- select Save
- next to File name:
- browse to C:\certificates\
- select Next
- select Browse
-
File to Export page
- In the Certificate Export Wizard
-
Completing the Certificate Export Wizard page
- select Finish
-
to close the The export was successful message and Export wizard
- select Ok
-
to close the Certificate window
- select OK
- to close the CONTROLCENTER-CA Properties window
- select OK
- Close the Certsrv admin console
-
Completing the Certificate Export Wizard page
- On your ControlCenter server
- Launch your WinSCP client
- below Host name:
- enter your IP address
- below Username
- enter vmware
- below Password
- enter VMware1!
- below Host name:
- select Login
- Launch your WinSCP client
- In the WinSCP client
- select the UP arrow twice
- In the WinSCP client
- select and open the tmp folder
- On the Controlcenter server
- From the desktop, Taskbar
- Open the folder Icon
- browse to C:\ > Certificates
- Open the folder Icon
- From the desktop, Taskbar
- On the Controlcenter server
- From the C:\Certificates folder
- select and drag certificate.cer to WinSCP /tmp/ folder
- From the C:\Certificates folder
- On your Ubuntu desktop,
- to Locate the root CA certificate that you downloaded,
- In the Putty session enter the following commands
- cd /tmp
-
ls
- you should see the certificate.cer certificate
- In the Putty session enter the following commands
- to Locate the root CA certificate that you downloaded,
- On your Ubuntu desktop,
- Convert the CER file to . PEM format
- This will also serve to validate the file format
- In the Putty session enter the following commands
- sudo openssl x509 -inform der -in /tmp/certificate.cer -out /tmp/certificate.pem
- Once the file is converted, run the following command to validate
- ls
- Convert the CER file to . PEM format
- On your Ubuntu desktop,
- Make an/etc/pki/nssdb directory to contain the system database
- In the Putty session enter
- sudo mkdir -p /etc/pki/nssdb
-
If prompted for password for vmware:
- enter VMware1!
- In the Putty session enter
- Make an/etc/pki/nssdb directory to contain the system database
- On your Ubuntu desktop,
- to Use the certutil command to install the root CA certificate to the system database/etc/pki/nssdb
- In the Putty session enter
- sudo certutil -A -d /etc/pki/nssdb -n "root CA cert" -t "CT,C,C" -i /tmp/certificate.pem
- In the Putty session enter
- to Use the certutil command to install the root CA certificate to the system database/etc/pki/nssdb
- On your Ubuntu desktop,
- Copy the root CA certificate to the/etc/pam_pkcs11/ca certs directory.
- In the Putty session enter
- Copy the root CA certificate to the/etc/pam_pkcs11/ca certs directory.
mkdir -p /etc/pam_pkcs11/cacerts
sudo cp /tmp/certificate.pem /etc/pam_pkcs11/cacerts
- On your Ubuntu desktop,
- To Create a hash link for the root CA certificate. .
- In the Putty session enter
- To Create a hash link for the root CA certificate. .
cd /etc/pam_pkcs11/cacerts
sudo pkcs11_make_hash_link
- On your ControlCenter server
- from the Desktop
- launch the WinSCP shortcut
- from the Desktop
- In the WinSCP window
- In the left pane
- select New Site
- In the right pane, under
-
Host name:
- enter your LinuxMaster IP
-
User name:
- enter vmware
-
Password:
- enter VMware1!
- Select Login
-
Host name:
-
In the Warning window
- select Yes
- In the left pane
- In the WinSCP window
- In the right pane Navigate to
- from the dropdown denoted as 1
- Select /<root>
-
Home > vmware > Downloads
- Open Downloads
-
Home > vmware > Downloads
- Select /<root>
- from the dropdown denoted as 1
- In the right pane Navigate to
- On the ControlCenter server desktop
- Open the software shortcut
- Open the Horizon > Linux folder
- Select > right-click > VMware-horizonagent-linux-x86_64-2306-8.10.0-21968037.tar.gz file
- select Copy
- Open the Horizon > Linux folder
- Switch back to WinSCP
- Open the software shortcut
- In the WinSCP window
- In the right pane
-
select and right-click to launch the menu
- select Paste
-
In the Upload window
- select OK
-
select and right-click to launch the menu
- Switch back to your Putty session
- In the right pane
- In the Putty window
- If required
- Next to login as:
- type vmware
- next to password:
- type VMware1!
- In the Putty Console
- enter the following command:
sudo apt install open-vm-tools-desktop open-vm-tools
- with your keyboard
- press ENTER
- next to password for vmware:
- enter VMware1!
- from the output
- validate that open-vm-tools is installed and you have the latest version
- In the Putty Console
- with your keyboard
- type
- cd /home/vmware/Downloads/
- In the /Downloads$ path
- with your keyboard
- Type ls -l
- Press ENTER
- Type tar -zxvf VMware-horizonagent-linux-x86_64-2306-8.10.0-21968037.tar.gz
- Note: The above command will extract the files from the compressed agent bundle
- Type ls -l
- type
- with your keyboard
- In the Putty Console
-
/Downloads$
- with your keyboard
-
type ls to list the files
- type cd VMware-horizonagent-linux-x86_64-2306-8.10.0-21968037/
- Press ENTER
- type cd VMware-horizonagent-linux-x86_64-2306-8.10.0-21968037/
-
/Downloads$
- In the Putty Console
- Install Linux Agent with TrueSSO Mode and Multi-session mode enabled
- In the VMware-horizonagent-linux-x86_64-2303-8.9.0-21434177 folder
-
enter sudo ./install_viewagent.sh --multiple-session -T yes
-
with your keyboard
-
Press ENTER
-
if prompted [sudo] password for vmware:
-
type VMware1!
- Press ENTER
- when prompted, Are you sure to install Linux agent (y/n)?
- type Y
- Press ENTER
- type Y
- when prompted, Are you sure to install Linux agent (y/n)?
- Press ENTER
-
type VMware1!
-
if prompted [sudo] password for vmware:
-
Press ENTER
-
with your keyboard
-
enter sudo ./install_viewagent.sh --multiple-session -T yes
- In the VMware-horizonagent-linux-x86_64-2303-8.9.0-21434177 folder
- Install Linux Agent with TrueSSO Mode and Multi-session mode enabled
- Once the agent installation is complete,
- Message will show up
- Installation Done
- Message will show up
- In the Putty Console
- type
sudo nano /etc/vmware/viewagent-custom.conf
- Press ENTER
- In the Putty Console
- NANO console
- using your keyboard, scroll down to the bottom of this window
- below #AppEnable=FALSE
- enter
OfflineJoinDomain=samba
NetbiosDomain=EUC-LIVEFIRE
- enter
-
using your keyboard
-
To SAVE
- Press CTRL + S
-
To EXIT
- Press CTRL + X
-
To SAVE
- NANO console
- On ControlCenter server
- On the taskbar
- Launch the folder icon
- Browse to \\horizon-01a.euc-livefire.com\software\Horizon\Linux
- In your File Explorer window
- select and copy pam_pks11.conf
- On ControlCenter server
- switch to WinSCP
- In WinSCP
- browse to /tmp folder
-
In the TMP folder
- paste pam_pkcs11.conf
- In your Putty session
cd /tmp
sudo cp pam_pkcs11.conf /etc/pam_pkcs11/
- In your Putty session, modify the permission of pam_pkcs11.conf that we just copied in step 16
- sudo chmod 777 /etc/pam_pkcs11/pam_pkcs11.conf
- ls -l /etc/pam_pkcs11/pam_pkcs11.conf
- Set the access permissions for the /etc/krb5.conf configuration file to 644
- sudo chmod 644 /etc/krb5.conf
- ls -l /etc/krb5.conf
Many applications on first launch require a range of configurations. We will mitigate these challenges with the following command line functions
- In the Putty Console
- enter sudo -i
- with your keyboard
- press ENTER
- with your keyboard
-
when prompted for password for vmware:
- enter VMware1!
- enter sudo -i
- In the Putty Console
- enter cd /etc/
- with your keyboard
- press ENTER
- with your keyboard
-
enter mv skel skel.bak
- with your keyboard
- press ENTER
- with your keyboard
- enter cd /etc/
- In the Putty Console
- enter cp -R /home/vmware skel
- with your keyboard
- press ENTER
- with your keyboard
- enter ls skel
- with your keyboard
- press ENTER
- with your keyboard
- enter cp -R /home/vmware skel
- In the Putty Console
- enter chown root:root -R skel
- with your keyboard
- press ENTER
- with your keyboard
- enter reboot
- with your keyboard
- press ENTER
- with your keyboard
- enter chown root:root -R skel
- In the Putty window (inactive)
- select the top left corner icon
- From the drop down menu
- select Restart Session
- In the Putty window
- next to login as :
- enter vmware
- with your keyboard
- press ENTER
- with your keyboard
- enter vmware
- next to password :
- enter VMware1!
- with your keyboard
- press ENTER
- with your keyboard
- enter VMware1!
- next to login as :
Part 2. Configuring Horizon to Deploy a Linux Multi-Session Farm for Site 1
Introduction. We will configure the following
- Configure the Linux Farm for Site 1
- The Site 2 Farm Configuration has already been done
- On your ControlCenter server
- Open your Site 1 Chrome Browser
- In the Favourites Bar
- select the vcenter-01a shortcut
- Under Getting Started
- select LAUNCH VSPHERE CLIENT
- In the VMware vSphere client
- In the Username area
- type [email protected]
- In the Password area
- type VMware1!
- Select LOGIN
- In the Username area
- In the VMware vSphere client
-
Hosts & Clusters Inventory
- Right Click and ShutDown the LinuxMaster
-
Once the VM is Powered off
-
Right- click LinuxMaster-1a
- In the Menu, select Snapshots > Take Snapshot...
-
Right- click LinuxMaster-1a
-
Hosts & Clusters Inventory
- In the Take snapshot window
- Next to Name
- Type Horizon Linux Agent
- At the bottom of the window
- select CREATE
- Next to Name
- On your Site 1, Chrome Browser
- In the Favourites Bar
- select the Horizon Site 1 shortcut
- In the Favourites Bar
- In the Horizon Login Console
- In the Username area
- enter administrator
- In the Password area
- enter VMware1!
- select Sign In
- In the Username area
- In the VMware Horizon Admin Console
- Expand Inventory
- Select Farms
- In the Farms area
- Select Add
- Expand Inventory
- In the Add Farm wizard
-
Type area
- Accept the default
- In the bottom right corner
- Select Next
-
Type area
- In the Add Farm wizard
-
vCenter Server area
- Accept the default
- In the bottom right corner
- Select Next
-
vCenter Server area
- In the Add Farm wizard
-
Storage Optimization area
- Accept the default
- In the bottom right corner
- Select Next
-
Storage Optimization area
- In the Add Farm wizard
-
Identification and Settings area
- Configure the following:-
- Under *ID
- enter LinuxBLRFarm
- Under *ID
- Configure the following:-
-
Identification and Settings area
- In the Add Farm wizard
-
Identification and Settings area
- Configure the following:-
- Under Farm Settings
-
Default Display Protocol
- Blast
-
Allow Users to Choose Protocol
- No
-
Default Display Protocol
- Under Pre-launch Session Timeout (Applications Only)
- select Never
- Under Empty Session Timeout (Applications Only)
- select Immediate
- Under When Timeout Occurs
- select Log Off
- Under Logoff Disconnected Sessions
- select Immediate
- Under Max Sessions Per RDS Host
- select No More Than enter 3
- Under Farm Settings
- Select Next
- Configure the following:-
-
Identification and Settings area
- In the Add Farm wizard
-
Load Balancing Settings area
- Accept the default
- In the bottom right corner
- Select Next
-
Load Balancing Settings area
- In the Add Farm wizard
-
Provisioning Settings area
- Configure the following:-
- Under *Naming Pattern
- enter LinuxBLR-
- Under *Maximum Machines
- enter 2
- Select Next
- Under *Naming Pattern
- Configure the following:-
-
Provisioning Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Configure the following:-
- Under *Golden Image in vCenter
- Select Browse
- In the Select Golden Image window
- next to LinuxMaster-1a
- select the radio button
- next to LinuxMaster-1a
- Select Submit
- Under *Golden Image in vCenter
- Configure the following:-
-
vCenter Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Configure the following:-
- Under *Snapshot
- Select Browse
- In the Select Default Image window
- next to Horizon Linux Agent
- select the radio button
- next to Horizon Linux Agent
- Select Submit
- Under *Snapshot
- Configure the following:-
-
vCenter Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Configure the following:-
- Under *VM Folder Location
- Select Browse
- In the VM Folder Location window
- select the Region01A
- Select Submit
- Under *VM Folder Location
- Configure the following:-
-
vCenter Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Configure the following:-
- Under *Cluster
- Select Browse
- In the Select Cluster window
- select the Bangalore
- Select Submit
- Under *Cluster
- Configure the following:-
-
vCenter Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Configure the following:-
- Under *Resource Pool
- Select Browse
- In the Resource Pool window
- select the Bangalore
- Select Submit
- Under *Resource Pool
- Configure the following:-
-
vCenter Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Configure the following:-
- Under *Datastores
- Select Browse
- In the Resource Pool window
- next to CorpLun01a
- select the radio button
- next to CorpLun01a
- Select Submit
- In the Warning window
- Select OK
- Under *Datastores
- Configure the following:-
-
vCenter Settings area
- In the Add Farm wizard
-
vCenter Settings area
- Leave the VM Compute Profile Settings as default
- Review your configurations
- In the bottom right corner
- Select Next
-
vCenter Settings area
- In the Add Farm wizard
-
Guest Customization area
- Configure the following:-
- Under *AD Container
- Select Browse
- In the AD Container window
- expand OU=Corp
- select OU=Computers, OU=Corp
- expand OU=Corp
- Select Submit
- Under *AD Container
- Configure the following:-
-
Guest Customization area
- In the Add Farm wizard
-
Guest Customization area
- Configure the following:-
- Under *AD Container
- Next to Allow Reuse of Existing Computer Accounts
- Select the CHECKBOX
- Next to Allow Reuse of Existing Computer Accounts
- Under *AD Container
-
In the bottom right corner
- Select Next
- Configure the following:-
-
Guest Customization area
- In the Add Farm wizard
-
Ready to Complete window
- Review your configuration
- Select Submit
-
Ready to Complete window
Wait for at least 20 minutes for the provisioning to complete
- In VMware Horizon Admin Console
- under Inventory
- select Machines
- In the Machines area
- select the RDS Hosts tab
- In the Machines area
- select Machines
- under Inventory
- In the Machines / RDS area
- scroll to the right
- wait & keep refreshing the page until the Status says Available for both servers
There is a known bug which we are trying to resolve where both the newly created VMs may have the duplicate IP. However as a workaround, we would need to remove the network adaptor and re-add them for bot the newly created VMs
Part 3. Configuring Horizon Linux Multi-session published applications in VMware Horizon
We first publish applications in Site 1 and repeat the process in Section 2 for Site 2
- In the Horizon Administration Console
- Select Inventory > Applications
- In the Application Pools area
- Select Add
- Select Add from installed Applications
- In the Add Application Pool wizard
-
Select Applications area
- To display alphabetically
- select Name
- Under Name
- Select the checkbox next to:-
- Calculator
- Select the checkbox next to:-
- To display alphabetically
-
Select Applications area
- In the Add Application Pool wizard
-
Select Applications area
- To move to page 2 of the menu
- In the bottom right,
- select the arrow
- In the bottom right,
- Under Name
-
select
- Sudoku
- Terminal
-
select
- To move to page 2 of the menu
-
Select Applications area
- In the Add Application Pool wizard
-
Select Applications area
- scroll down
- select the checkbox next to:-
- Pre-Launch
- select Next
-
Select Applications area
- In the Add Application Pool wizard
-
Edit Applications area
- Select Submit
-
Edit Applications area
- In the Add Entitlements window
- select Cancel
In a later exercise, Instead of creating a local Entitlement, we will create a single multi-site Global Entitlement
- In the Application Pools area
- Note the Site 1 published Linux Multi-session applications
- On your ControlCenter server
- from the Taskbar
- select the Site 2 Browser Profile (red browser)
- from the Taskbar
- In the Site 2 browser profile
- from the Favourites bar
- select the Horizon Site 2 shortcut
- from the Favourites bar
- In VMware Horizon login page
- in the Username area
- enter administrator
- in the Password area
- enter VMware1!
- select Sign in
- in the Username area
If login fails, note the message to REFRESH your browser and try again
- In the Horizon Administration Console
- Select Inventory > Applications
- In the Application Pools area
- Select Add
- Select Add from installed Applications
- In the Add Application Pool wizard
-
Select Applications area
- To display alphabetically
- select Name
- Under Name
- Select the checkbox next to:-
- Calculator
- Select the checkbox next to:-
- To display alphabetically
-
Select Applications area
- In the Add Application Pool wizard
-
Select Applications area
- To move to page 2 of the menu
- In the bottom right,
- select the arrow
- In the bottom right,
- Under Name
-
select
- Sudoku
- Terminal
-
select
- To move to page 2 of the menu
-
Select Applications area
- In the Add Application Pool wizard
-
Select Applications area
- scroll down
- select the checkbox next to:-
- Pre-Launch
- select Next
-
Select Applications area
- In the Add Application Pool wizard
-
Edit Applications area
- Select Submit
-
Edit Applications area
- In the Add Entitlements window
- select Cancel
In a later exercise, Instead of creating a local Entitlement, we will create a single multi-site Global Entitlement
- In the Application Pools area
- Note the Site 2 published Linux Multi-session applications
In preparation for Part 4, switch to your Horizon Admin Console on Site 1
Part 4. Configuring Global Entitlements for the Multi-session Assignments
In a multi-site setup, USABILITY of Enterprise applications can be critical. Users require a seamless user experience. As part of Cloud Pod Architecture we are able to setup Global Entitlements that give administrators the ability, to entitle users to Applications and Desktops in a multi-site scenario. This makes the application more USABLE in an Enterprise.
In Part 4, we fulfill the first steps in setting up a multi-site solution
- On your Site 1 Browser
-
Horizon Admin Console login
- In the Username area
- enter administrator
- In the Password area
- enter VMware1!
- select Sign in
- In the Username area
-
Horizon Admin Console login
- In the Horizon Admin console
-
Menu pane
- below Inventory
- select Global Entitlements
- below Inventory
-
Menu pane
- In the Global Entitlements area
- select Add
- In the Add Global Entitlement window
- next to :
-
Type
- Next to Application entitlement a
- select the radio button
- Next to Application entitlement a
-
Type
- In the bottom right-corner
- select Next
- next to :
- In the Add Global Entitlement window
-
next to :
-
Name and Policies
- under Name
- enter Enterprise Corp Calculator
- under Display Name
- enter Calculator
- under Name
-
Name and Policies
-
next to :
- In the Add Global Entitlement window
- next to :
-
Name and Policies
- under Policies > Scope
- select the radio button
- All Sites
- select the radio button
- under Default Display Protocol
- from the dropdown
- select VMware Blast
-
below Allow Users to Choose Protocol
-
from the dropdown
- select NO
-
from the dropdown
-
next to Pre - Launch
- select the Checkbox
- from the dropdown
- In the bottom right-corner
- select Next
- under Policies > Scope
-
Name and Policies
- next to :
- In the Add Global Entitlement window
- next to :
-
Users and Groups
- under Add users or groups to the global entitlement
- select Add
- under Add users or groups to the global entitlement
-
Users and Groups
- next to :
- In the Find User or Group window
- in line with Name/User Name
- next to Starts with
- enter Sales
- next to Starts with
- under Description
- select Find
- under Name
- next to sales
- select the checkbox
- next to sales
- in the bottom right-corner
- select OK
- in line with Name/User Name
- In the Add Global Entitlement window
- next to :
-
Users and Groups
- under Add users or groups to the global entitlement
-
Users and Groups
- select Add
- next to :
- In the Find User or Group window
- in line with Name/User Name
- next to Starts with
- enter Developers
- next to Starts with
- under Description
- select Find
- under Name
- next to sales
- select the checkbox
- next to sales
- in the bottom right-corner
- select OK
- in line with Name/User Name
- In the Add Global Entitlement window
- select Next
- In the Add Global Entitlement window
-
Ready to Complete section
- in the bottom right-corner
- select Finish
- in the bottom right-corner
-
Ready to Complete section
- In the Global Entitlements area
- select Enterprise Corp Calculator
- In the Enterprise Corp Calculator window
- select the Local Pools tab
- In the Enterprise Corp Calculator window
- In the Local Pools tab area
- select Add
- In the Local Pools tab area
- In the Assign Pools - Enterprise Corp Calculator window
- under ID
- next to Calculator
- select the checkbox
- next to Calculator
- select Add
- under ID
- In the VMware Horizon Admin console
- Note your Global Entitlement now has a local assignment
- called Calculator
- In menu pane
- under Inventory
- select Global Entitlements
- under Inventory
- Note your Global Entitlement now has a local assignment
- In the Global Entitlements area
- select Add
- In the Add Global Entitlement window
- next to :
-
Type
- Next to Application entitlement
- select the radio button
- Next to Application entitlement
-
Type
- In the bottom right-corner
- select Next
- next to :
- In the Add Global Entitlement window
- next to :
-
Name and Policies
- under Name
- enter Enterprise Corp Sudoku
- under Display Name
- enter Sudoku
- under Name
-
Name and Policies
- next to :
- In the Add Global Entitlement window
- next to :
-
Name and Policies
- under Policies > Scope
- select the radio button
- All Sites
- select the radio button
- under Default Display Protocol
- from the dropdown
- select VMware Blast
-
below Allow Users to Choose Protocol
-
from the dropdown
- select NO
-
from the dropdown
-
next to Pre - Launch
- select the Checkbox
- from the dropdown
- In the bottom right-corner
- select Next
- under Policies > Scope
-
Name and Policies
- next to :
- In the Add Global Entitlement window
- next to :
-
Users and Groups
- under Add users or groups to the global entitlement
- select Add
- under Add users or groups to the global entitlement
-
Users and Groups
- next to :
- In the Find User or Group window
- in line with Name/User Name
- next to Starts with
- enter Sales
- next to Starts with
- under Description
- select Find
- under Name
- next to sales
- select the checkbox
- next to sales
- in the bottom right-corner
- select OK
- in line with Name/User Name
- In the Add Global Entitlement window
- next to :
-
Users and Groups
- under Add users or groups to the global entitlement
-
Users and Groups
- select Add
- next to :
- In the Find User or Group window
- in line with Name/User Name
- next to Starts with
- enter Developers
- next to Starts with
- under Description
- select Find
- under Name
- next to sales
- select the checkbox
- next to sales
- in the bottom right-corner
- select OK
- in line with Name/User Name
- In the Add Global Entitlement window
- select Next
- In the Add Global Entitlement window
-
Ready to Complete section
- in the bottom right-corner
- select Finish
- in the bottom right-corner
-
Ready to Complete section
- In the Global Entitlements window
- select Enterprise Corp Sudoku
- In the Enterprise Corp Sudoku window
- select the Local Pools tab
- In the Enterprise Corp Sudoku window
- In the Local Pools tab area
- select Add
- In the Local Pools tab area
- In the Assign Pools - Enterprise Corp Sudoku window
- under ID
- next to Sudoku
- select the checkbox
- next to Sudoku
- select Add
- under ID
- In the VMware Horizon Admin console
- Note your Global Entitlement now has a local assignment
- called Sudoku
- In menu pane
- under Inventory
- select Global Entitlements
- under Inventory
- In the Global Entitlements area
- select Add
- In the Add Global Entitlement window
- next to :
-
Type
- Next to Application entitlement
- select the radio button
- Next to Application entitlement
-
Type
- In the bottom right-corner
- select Next
- next to :
- In the Add Global Entitlement window
- next to :
-
Name and Policies
- under Name
- enter Enterprise Corp Terminal
- under Display Name
- enter Terminal
- under Name
-
Name and Policies
- next to :
- In the Add Global Entitlement window
- next to :
-
Name and Policies
- under Policies > Scope
- select the radio button
- All Sites
- select the radio button
- under Default Display Protocol
- from the dropdown
- select VMware Blast
-
below Allow Users to Choose Protocol
-
from the dropdown
- select NO
-
from the dropdown
-
next to Pre - Launch
- select the Checkbox
- from the dropdown
- In the bottom right-corner
- select Next
- under Policies > Scope
-
Name and Policies
- next to :
- In the Add Global Entitlement window
- next to :
-
Users and Groups
- under Add users or groups to the global entitlement
- select Add
- under Add users or groups to the global entitlement
-
Users and Groups
- next to :
- In the Find User or Group window
- in line with Name/User Name
- next to Starts with
- enter Sales
- next to Starts with
- under Description
- select Find
- under Name
- next to sales
- select the checkbox
- next to sales
- in the bottom right-corner
- select OK
- in line with Name/User Name
- In the Add Global Entitlement window
- next to :
-
Users and Groups
- under Add users or groups to the global entitlement
-
Users and Groups
- select Add
- next to :
- In the Find User or Group window
- in line with Name/User Name
- next to Starts with
- enter Developers
- next to Starts with
- under Description
- select Find
- under Name
- next to sales
- select the checkbox
- next to sales
- in the bottom right-corner
- select OK
- in line with Name/User Name
- In the Add Global Entitlement window
- select Next
- In the Add Global Entitlement window
-
Ready to Complete section
- in the bottom right-corner
- select Finish
- in the bottom right-corner
-
Ready to Complete section
- In the Global Entitlements window
- select Enterprise Corp Terminal
- In the Enterprise Corp Terminal window
- select the Local Pools tab
- In the Enterprise Corp Terminal window
- In the Local Pools tab area
- select Add
- In the Local Pools tab area
- In the Assign Pools - Enterprise Corp Terminal window
- under ID
- next to Terminal
- select the checkbox
- next to Terminal
- select Add
- under ID
- In the VMware Horizon Admin console
- Note your Global Entitlement now has a local assignment
- called Terminal
In preparation for Section 2, switch over to your Site 2 Browser
Use your Site 2 Browser in this section
- On your Site 2 Browser
-
Horizon Admin Console login
- In the Username area
- enter administrator
- In the Password area
- enter VMware1!
- select Sign in
- In the Username area
-
Horizon Admin Console login
- In the Horizon Admin console
-
Menu pane
- below Inventory
- select Global Entitlements
- below Inventory
-
Menu pane
- In the Global Entitlements window
- select Enterprise Corp Calculator
- In the Enterprise Corp Calculator window
- select the Local Pools tab
- In the Enterprise Corp Calculator window
- In the Local Pools tab area
- select Add
- In the Local Pools tab area
- In the Assign Pools - Enterprise Corp Calculator window
- under ID
- next to Calculator
- select the checkbox
- next to Calculator
- select Add
- under ID
- In the VMware Horizon Admin console
- Note your Global Entitlement now has a local assignment
- called Calculator
- In menu pane
- under Inventory
- select Global Entitlements
- under Inventory
- Note your Global Entitlement now has a local assignment
- In the Global Entitlements window
- select Enterprise Corp Sudoku
- In the Enterprise Corp Sudoku window
- select the Local Pools tab
- In the Enterprise Corp Sudoku window
- In the Local Pools tab area
- select Add
- In the Local Pools tab area
- In the Assign Pools - Enterprise Corp Sudoku window
- under ID
- next to Sudoku
- select the checkbox
- next to Sudoku
- select Add
- under ID
- In the VMware Horizon Admin console
- Note your Global Entitlement now has a local assignment
- called Sudoku
- In menu pane
- under Inventory
- select Global Entitlements
- under Inventory
- In the Global Entitlements window
- select Enterprise Corp Terminal
- In the Enterprise Corp Terminal window
- select the Local Pools tab
- In the Enterprise Corp Terminal window
- In the Local Pools tab area
- select Add
- In the Local Pools tab area
- In the Assign Pools - Enterprise Corp Terminal window
- under ID
- next to Terminal
- select the checkbox
- next to Terminal
- select Add
- under ID
- In the VMware Horizon Admin console
- Note your Global Entitlement now has a local assignment
- called Terminal
Part 5. Integrating Multi-session apps with Workspace ONE Access
In Part 5
- We will create Deep Links that will point to the Published Multi session Applications
- Each Web App link will then be assigned to the relevant security groups
- On your ControlCenter server
- Open your Workspace ONE Access, Admin console URL
- Under Username
- enter Administrator
- Under Password
- enter VMware1!
- Select Sign In
- Under Username
- Open your Workspace ONE Access, Admin console URL
- In the Workspace ONE Access Console
- select Resources
- Under the Resources > WEB Apps area
- select NEW
- In the New SaaS Application window
-
In the Definition area
- under Name
- enter Enterprise Corp Calculator
-
under Icon
- select SELECT FILE ...
- under Name
-
In the Definition area
- In the File Explorer > Open window
- In the Quick Access pane
- select Desktop
- in the Desktop area
- select software > software > Icons
-
in the Icons folder
- select calculator.png
- select Open
-
in the Icons folder
- select software > software > Icons
- In the Quick Access pane
- In the New SaaS Application window
- In the Definition area
- Select NEXT
- In the Definition area
- In the New SaaS Application window
- In the Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
- In the Configuration area
- In the New SaaS Application window
- In the Configuration area
- below Target URL *
- enter the following URL
- below Target URL *
- In the Configuration area
https://corp.euc-livefire.com/portal/nativeclient/Calculator?action=start-session&desktopProtocol=BLAST&launchMinimized=false
- In the bottom right corner
- select NEXT
- In the New Saas Application window,
- In the Summary section
- Select SAVE & ASSIGN
- In the Summary section
- In the Assign window
- Under Users / Groups
- Enter Devel
- Select [email protected]
- Enter Devel
- Under Users / Groups
- In the Assign window
- Under Users / Groups
- Enter sales
- select [email protected]
- Enter sales
- Under Deployment type
- From the dropdowns
- Ensure both Sales and Developers are set to
- Automatic
- Ensure both Sales and Developers are set to
- From the dropdowns
- In the bottom right corner
- select SAVE
- Under Users / Groups
- In your Workspace ONE Access Console
-
Web Apps interface
- Note your Enterprise Corp Calculator Web Application Link
-
Web Apps interface
- In the Workspace ONE Access Console
- under the Resources > WEB Apps area
- select NEW
- under the Resources > WEB Apps area
- In the New SaaS Application window
-
In the Definition area
- under Name
- enter Enterprise Sudoku
-
under Icon
- select SELECT FILE ...
- under Name
-
In the Definition area
- In the File Explorer > Open window
- In the Quick Access pane
- select Desktop
- in the Desktop area
- select software > software > Icons
-
in the Icons folder
- select sudoku.jpg
- select Open
-
in the Icons folder
- select software > software > Icons
- In the Quick Access pane
- In the New SaaS Application window
- In the Definition area
- Select NEXT
- In the Definition area
- In the New SaaS Application window
- In the Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
- In the Configuration area
- In the New SaaS Application window
- In the Configuration area
- below Target URL *
- enter the following URL
- below Target URL *
- In the Configuration area
https://corp.euc-livefire.com/portal/nativeclient/Sudoku?action=start-session&desktopProtocol=BLAST&launchMinimized=false
- In the bottom right corner
- select NEXT
- In the New Saas Application window,
- In the Summary section
- Select SAVE & ASSIGN
- In the Summary section
- In the Assign window
- Under Users / Groups
- Enter Devel
- Select [email protected]
- Enter Devel
- Under Users / Groups
- In the Assign window
- Under Deployment type
- From the dropdown
-
Developers are set to
- Automatic
-
Developers are set to
- From the dropdown
- Under Deployment type
- In the Assign window
- under Users / Groups
- enter Sales
- select [email protected]
- enter Sales
- under Users / Groups
- In the Assign window
- Under Deployment type
- From the dropdown
-
Developers are set to
- Automatic
-
Developers are set to
- In the bottom right corner
- select SAVE
- From the dropdown
- Under Deployment type
- In your Workspace ONE Access Console
-
Web Apps interface
- Note your Enterprise Sudoku Web Application Link
-
Web Apps interface
- In the Workspace ONE Access Console
- under the Resources > WEB Apps area
- select NEW
- under the Resources > WEB Apps area
- In the New SaaS Application window
-
In the Definition area
- under Name
- enter Enterprise Terminal
-
under Icon
- select SELECT FILE ...
- under Name
-
In the Definition area
- In the File Explorer > Open window
- In the Quick Access pane
- select Desktop
- in the Desktop area
- select software > software > Icons
-
in the Icons folder
- select terminal.png
- select Open
-
in the Icons folder
- select software > software > Icons
- In the Quick Access pane
- In the New SaaS Application window
- In the Definition area
- Select NEXT
- In the Definition area
- In the New SaaS Application window
- In the Configuration area
- below Authentication Type *
- from the dropdown
- select Web Application Link
- from the dropdown
- below Authentication Type *
- In the Configuration area
- In the New SaaS Application window
- In the Configuration area
- below Target URL *
- enter the following URL
- below Target URL *
- In the Configuration area
https://corp.euc-livefire.com/portal/nativeclient/Terminal?action=start-session&desktopProtocol=BLAST&launchMinimized=false
- In the bottom right corner
- select NEXT
- In the New Saas Application window,
- In the Summary section
- Select SAVE & ASSIGN
- In the Summary section
- In the Assign window
- Under Users / Groups
- Enter Devel
- Select [email protected]
- Enter Devel
- Under Users / Groups
- In the Assign window
- Under Deployment type
- From the dropdown
-
Developers are set to
- Automatic
-
Developers are set to
- From the dropdown
- Under Deployment type
- In the Assign window
- under Users / Groups
- enter Sales
- select [email protected]
- enter Sales
- under Users / Groups
- In the Assign window
- Under Deployment type
- From the dropdown
-
Developers are set to
- Automatic
-
Developers are set to
- In the bottom right corner
- select SAVE
- From the dropdown
- Under Deployment type
- In your Workspace ONE Access Console
-
Web Apps interface
- Note your Enterprise Terminal Web Application Link
-
Web Apps interface
Part 6 Testing Multi-Session Horizon integration with Workspace ONE Access using CPA Global Entitlements
We will conclude this entire lab with a test to validate the configuration we have implemented
- On your Control Center server
- On your Chrome browser
- Open up an Incognito session
- In the address bar enter your Workspace ONE Access tenant url
- On your Chrome browser
- In the Microsoft Sign in window
- enter
-
craig@corpXXX.euc-livefire.com
- where XXX is your assigned Domain ID
-
craig@corpXXX.euc-livefire.com
- enter
- select Next
- In the Microsoft Sign in window
- Under Enter password
- enter VMware1!
- select Sign in
-
In the Stay signed in? window
- select NO
- Under Enter password
- In the web Intelligent Hub
- Select Apps
- In the web Intelligent Hub
- Under New Apps
- select Enterprise Corp Calculator
- Under New Apps
- On your ControlCenter session
- Note your Calculator has launched
- Feel free to try launch Sudoku & Terminal
0 Comments
Add your comment