EUCVLS: horizon universal licensing for on-premises deployment Default chapterHorizon Subscription based Licensing for on-premises deployment

Horizon Subscription based Licensing for on-premises deployment

In this labs we will follow the steps necessary to integrate your on premise deployment of Horizon with the Horizon Cloud platform to use subscription based licensing. You will familiarize yourself with the components that need to be deployed on premises for the integration with the Horizon Cloud Service, license your environment with universal license, provision and assign resources from a single pane of glass unifying Horizon administration for cloud based and on-prem deployments.

Part 1: Verifying the Horizon cloud connector virtual appliance

1. From your Controlcenter virtual machine's desktop:

  • Click on the Google Chrome icon.
  • From the bookmarks bar click on the vCenter bookmark.
  1. If you get a "Your connection is not private" error follow this steps:
  • Click on Advanced.
  • Click on Proceed to vcsa-01a.euc-livefire.com (unsafe).
  1. In the vcenter login window:
  • Input the following credentials:

Username: Administrator

Password: VMware1!

  • Click on login.

 

  1. On the Hosts and clusters pane:  
  • Expand all branches of the navigation tree.
  • Make sure the horizon-cloud-connector VM is powered on.
  • If the virtual machine is powered off, click on the Power On button.

Part 2: Installing Horizon Cloud Connector certificate

In this part we'll enable SSH, upload and install wildcard certificates for the Horizon Cloud Connector appliance.

1. In your vSphere Web Client window:

  • Click on the Launch Web Console button for the horizon-cloud connector VM.
  • In the Launch Console prompt, make sure the Web Console radio button is selected and click OK.

2. In the virtual machine console window:

  • Click inside the console window.
  • Use your keyboard arrows to select Login and press Enter.

3. In the Command line console:

  • Login with the following credentials:

Username: root

Password: VMware1!

  1. Type or copy and paste the following command to enable SSH:
/opt/vmware/bin/configure-adapter.py --sshEnable

Wait for the steps to complete successfully, the wait time to be over and the command prompt to appear again. You can close the window after this step.

5.    From the desktop of your Controlcenter VM, open the WinSCP shortcut

  1. On your Winscp control window:
  • Click on the Horizon Cloud Connector site that has already been created for you.
  • Click on Login.
  1. On the Warning prompt click Yes.
  1. On the Authentication banner window click Continue.
  1. in the Winscp window:
  • On the left navigation pane, navigate to Desktop\software\certificate
  • Make sure the right navigation pane currently points to /root/ , otherwise go up one level and select the folder.
  1. To upload the files:
  • Select both the .crt and the .key files
  • Right click them and click Upload.

 

  1. On the Upload prompt:
  • Click OK
  • Close all windows when the transfer is finished.
  1. From your desktop:
  • Open the PuTTY shortcut.
  • In the Saved Sessions pane, select the horizon cloud connector session that has already been created for you.
  • Click Open.

 

  1. Click Yes on the Putty Security Alert.
  1. login with the following credentials:
  • username: root
  • Password: VMware1!
  1. Back up the existing certificate.
cp /opt/container-data/certs/hze-nginx/server.crt /opt/container-data/certs/hze-nginx/server.crt.orig
  1. Backup existing key.
cp /opt/container-data/certs/hze-nginx/server.key /opt/container-data/certs/hze-nginx/server.key.orig
  1. Copy the existing nginx conf file.
cp /opt/container-data/conf/hze-nginx/nginx.conf /opt/container-data/conf/hze-nginx/nginx.conf.orig
  1. Copy the CA certificate in the appropriate directory.
cp /root/wildcard.crt /opt/container-data/certs/hze-nginx/server.crt
  1. Copy the CA certificate key file in the appropriate directory.
cp /root/wildcard.key /opt/container-data/certs/hze-nginx/server.key
  1. Verify the owner and permissions for the nginx configuration.
chown -R hze-nginx:hze-nginx /opt/container-data/certs/hze-nginx 
  1. Verify the owner and permissions for the nginx certificate.
chmod 644 /opt/container-data/certs/hze-nginx/server.crt
  1. Verify the owner and permissions for the key file.
chmod 600 /opt/container-data/certs/hze-nginx/server.key
  1. Verify and restart nginx.
docker exec -i hze-nginx nginx -t
systemctl restart hze-nginx
  1. Update the SSL thumbprints in the welcome screen.
docker exec -i hze-core sudo /opt/vmware/bin/configure-welcome-screen.py 
  1. Restart the welcome screen console
/usr/bin/killall --quiet vami_login
  1. From your vcenter console restart the virtual appliance. It may take about 10 minutes for services to go up.

27. From your chrome browser:

  • click on your Horizon cloud connector bookmark.
  • Verify your connection is secure secure by click on the padlock icon next to your url.
  • Leave this window open for later use.
  1. If your certificate shows up as Not secure stop and ask for help.

Part 3: Verify current Horizon licensing settings

  1. In your chrome browser:
  • Open a new tab and click on the Horizon bookmark
  • Click LAUNCH under the Horizon Administrator (Flex) option
  1. In case you get a "get ADOBE Flash Player" message, click on the padlock icon in your address bar, and select Allow in the dropdown menu next to Flash
  1. Click on Reload to open the console with flash.
  1. Authenticate with the following credentials:

    Username: administrator

    Password: VMware1!

  1. Verify the license being used
  • On the left inventory pane, navigate to View Configuration \ Product Licensing and Usage
  • Verify that the connection server is using a perpetual license key. A perpetual license will have a license key and license expiration will say Never.

Part 4: configure the horizon cloud connector

In this part we configure the horizon cloud connector to communicate with your horizon cloud platform and your horizon connection server.

1. In your chrome browser:

  • Access the horizon cloud connector bookmark
  • Authenticate with your assigned my vmware credentials from the instructor document.
  1. Click Accept on the terms of service window.

3. In the connect to Horizon 7 Connection Server setting type cs1-pd1.euc-livefire.com and click Connect

  1. In the credentials pane:
  • In the Domain field type euc-livefire.com
  • In the Username field type administrator
  • In the Password field enter VMware1!
  • Click Connect
  1. In case your are redoing this lab or fixing a previous install you might get a message saying "We detected an existing Cloud connector record", this means a connection server with the same name existed previously on your Horizon Cloud Service Console, so if you are replacing that connection server click New Install, otherwise check your naming convention, even if they are on different datacenters your connection servers should not be called the same.
  1. in the Configure Horizon 7 Pod:
  • In the Name field enter your pod name. i.e livefire-pod.
  • To the right of the Data Center location click on New.
  1. in the New Data Center Location window:
  • In the City Name field enter your city, i.e. Sandy springs, GA, United States.
  • Click Save.
  1. Verify your city is selected and click Save.

As part of the setup process of your first pod you might get asked to set up your vcenter server information. this gets used for Horizon cloud connector upgrades. During this process the virtual appliance gets replaced, so you also need to input the temporary network details used for the new Horizon cloud connector.

9.    in the horizon cloud connector vcenter server section:

  • In the vcenter Server FQDN field type vcsa-01a.euc-livefire.com then click on Get Certificate

10.   Continue configuring vcenter information:

  • In the Horizon Cloud Connector vCenter Server Certificate section, check the box next to I have verified the above certificate and would like to continue.
  • in the Horizon Cloud Connector vCenter Server Credentials section input the following values:
    • Username: administrator
    • Password: VMware1!

 

11.    In the Additional Static IP Details for Cloud Connector upgrade section fill in the following values:

  • Static IP: 192.168.110.87
  • Default Gateway: 192.168.110.1
  • Subnet Mask: 255.255.255.0
  • DNS Server: 192.168.110.10

Click Save

  1. Wait for setup to finish, you should get a screen like this. Click on the cloud.horizon.vmware.com link.
  1. Log in with the Myvmware credentials from the instructor document.
  1. If you have previously configured an AD domain you'll get prompted again, this time for active directory credentials. If you are getting prompted for EUC-livefire credentials use the following

Username: Administrator

Password: VMware1!

  • Ask for help from your instructor if you have any issues.
  1. You should have landed in the Getting Started window, now verify setup is complete for your on-premises pod. if you are not on the Getting Started window get there by Settings/Getting started on the left side menu.

 Leave this window open for the next step.

Part 5: Domain configuration

To add more pods, manage permissions and roles for domain users  and configure your assignments, register your active directory. Some features of the cloud console will be blocked until you complete these

  1. in the Getting Started window, expand the General Setup pane
  1. In the General Setup pane, next to Active Directory click on CONFIGURE
  1. In the Register Active Directory window:
  • In the bind username field type Administrator
  • In the bind password field type VMware1!
  • Under Auxiliary account #1, in the bind username field type admin1
  • In the bind password field type VMware1!
  • Click on DOMAIN BIND
  1. In the Domain Join window:
  • In the primary DNS Server IP field type 192.168.110.10
  • In the Join Username field type administrator
  • In the Join password field type VMware1!
  • Click Save
  1. in the Add administrator window:
  • In the user group field type Administrators and click on the built in group.
  • Click SAVE.
  • you will be logged out of the console.
  1. in the Welcome to VMware Horizon Cloud window, Login with your myvmware credentials from the instructor document.
  1. Now login with the domain administrator credentials

Username: administrator

Password: VMware1!

  1. Click Close to dismiss the Whats new in Horizon Cloud prompt
  1. If prompted set the slider to NOT join the Customer Experience Improvement Program and click SAVE
  1. Verify domain configuration is complete by navigating to General Setup/Active Directory

Part 6: Verify subscription based Universal licensing functionality

  1. In your horizon console:
  • Navigate to view configuration\product licensing and usage
  • Verify that horizon is no longer using a license key and is using a subscription license

Part 7: UAG configuration

In this part  we are going to configure the UAG to work with JSON Web Tokens for authentication.

  1. On your chrome browser:
  • click on the UAG bookmark.
  • On the authentication page Login with the following credentials:
    • Username: Admin
    • Password: VMware1!
  1. Click Select under Configure Manually
  1. Under Advanced Settings click on the cog next to JWT Settings
  1. in the JWT Settings window click on Add to add a new JSON Web token configuration
  1. On a separate tab click on the Horizon bookmark and click on Launch for the Horizon console (HTML5) option
  1. Sign in with the following credentials:
  • Username: administrator
  • Password:  VMware1!
  1. in the Dashboard window, copy and paste on a text document the pod Name for your connection server. optionally you can see  the pod name in the flex interface.
  1. While still connected to your Horizon Connection Server, right click the padlock on the URL bar and click on certificate
  1. on the Certificate window:
  • Select the Details tab
  • Select the Thumbprint field and copy the contents to the text document.
  • Close the certificate window by clicking OK
  1. On the JWT Settings window:
  • In the name field you can name the jwt configuration anything you want, in this case we are using hzc-jwt
  • In the Issuer field paste the pod name from your text document, it should look like Cluster-CS1-PD1
  • In the Dynamic Public Key URL type: https://cs1-pd1.euc-livefire.com/broker/publicKey/protocolredirection .This URL is standard and the FQDN part should be configured according to the following rules:
    • If the pod has multiple Unified Access Gateway instances, specify the address of the local load balancer as the FQDN.
    • If the pod has only one Unified Access Gateway instance, specify the address of that instance's paired Connection Server as the FQDN
  • In the Public key URL thumbprint we are pasting the thumbprint for the connection server you wrote down on previous steps, it should look like this: 5a 78 89 3c 8a 2a e5 73 bd a3 d2 20 9a 51 79 fc f1 4f fd 36 . Alternatively if you want to use another certificate specifically for this authentication step add it to the trusted certificate list in the next field.
  • In the public key refresh interval field input the default value of 900.
  • Click Save.
  1. in the JWT settings window click Close

Part 8: Installing the Horizon Universal Broker Plugin

This section is for reference only, and has been recently removed for compatibility issues.

In this part we are going to install the Horizon Universal Broker plugin. The plugin needs to be installed on the connection server and allows us to configure provisioning and assignment of resources from the Horizon Cloud Console.

  1. From your desktop:
  • Click on the Remote Desktops shortcut.
  • Double click on the CS1-PD1.RDP shortcut to open a remote desktop session to your connection server.
  1. In your connection server:
  • Open the Software shortcut on your desktop
  • Open the Horizon 7 folder
  • Double click on horizon-universal-broker-plugin-20.3.0-16409087-x64.exe
  1. On the Welcome screen click Next
  1. In the End-User License Agreement window select the Checkbox to accept the terms and click Next
  1. In the Configuration window click Next
  1. On the Ready to Install window, click Install
  1. On the Completed window, click Finish

The remaining steps for the setup of the broker are described here: https://docs.vmware.com/en/VMware-Horizon-Cloud-Service/services/hzncloudmsazure.admin15/GUID-019C390E-6E22-4FE9-82D1-689585351B95.html but due to networking limitations of this lab environment they cannot be carried out here.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.