For
a better understanding of the content in this section, we will present examples
in a laboratory environment. These are somewhat written in the form that you
can implement them in real-world scenarios in the same way. Just make sure that
the process of development and implementation is based on the order and system
of the previous content that we have explained to your loved ones to follow the
principles of engineering and minimize the risk in the operating environment.
What
is needed?
To
start the Infrastructure Management Block, the following are the requirements:
• Domain controller
• Connection Server
• Security server
• Replica Server
• Connection Server for second site
CPA
• View Composer
• Enrollment Server
• Certificate of authority server
• RDSH Server for hosting desktop
sessions
• RDSH Server for hosting
applications
• SQL Express 2012 instance with 2 x
databases (One for View Composer and one for the events database installed on the Composer
Server.
• 2 x vCenter Servers for the
management block, and one for the desktop block
All
machines except the Security Server must be joined to the domain. The situation
that is to be implemented is something like the following diagram:
Before
starting, we need some kind of pre-requisites in the test bed. These
prerequisites are completely irrespective of whether you are following the
examples or you are planning to launch your own scenario. We assume that at the
moment you have virtual infrastructure components such as ESXi servers, vCenter
server, Domain Controller and SQL Server, and your virtual servers are ready
and ready to install Horizon View related roles on them. . The availability of
infrastructure for desktop blocs and the availability of the ESXi server and
vCenter server will certainly accelerate the process. The diagram below shows
the settings for the desktop.
Active
Directory Preparation:
For
authentication of users and desktops, Horizon View uses Active Directory (AD).
Also, using Group Policy, we can apply a variety of control and tune-up methods
to our users' desktops.
Horizon
View with AD-functional. The following levels are compatible with:
• Windows 2008 and Windows 2008 R2
• Windows 2012 and Windows 2012 R2
When
you are setting up View Connection, note that the same domain must have
desktops.
Active
Directory Hosts:
Make
an appointment and create some of the accounts that come to your work during
installation. These accounts include a service account for server view
connection services and Composer services. You need an account in AD to log in
to View and manage the components that are in the vCenter. There is also a user
for View Composer to manage the construction of a computer account in AD.
User
account vCenter:
You
need an account so that View can connect to your vCenter server. This account
must be added to the server vCenter as a local admin. View Composer uses this
account to create linked-clone desktops. When you create this user, you need to
have permission to access the vCenter server.
The photo below specifies the user's required accesses:
Now
we're going to add a user to the vCenter server, in the following steps we
create the first special role for vCenter:
· Log into vCenter by web client. Click the Roles icon from the Home tab:
·
By clicking the + sign, we
will create a new roll and select the View vCenter User name for this roll.
(The name is wholly arbitrary)
·
In the Privilege section, specify the Host and Configuration section of
the access privileges we previously mentioned.
·
We now add the necessary permissions.
·
Return to Home screen and select Inventories from the top of the page.
Click the vCenter Inventory Lists icon.
·
Click vCenter Servers, as shown in the image below:
As you see in the vCenter Inventory List,
vCenter Server is used for the management block in this example.
·
Click vCenter server to select it, then right click and select Add
Permission.
·
The Add Permission box will open for you.
·
In the Assigned Role section, select the previous roll called View
vCenter User, and in the Users and Groups
section, select View VCUser and click the Add button.
The steps in the following photograph are clearly
marked:
·
From the Domain section, select the domain you created in the previous
steps.
·
In the Search section, hit the first part of the application and hit the
magnifying glass to search. The result will be displayed to you. Select View
VCUser and click the Add button.
·
Click OK to complete the process.
User Account View Composer
You create an account for View Composer in an
ecodirectory. This account is responsible for removing and adding the linked
computers that are created in the linked clone domain. Access to this user
should be as follows:
• List
contents
• Read
all properties
• Write
all properties
• Read
permissions
• Reset
password
• Create
computer objects
• Delete
computer objects
View Desktop Organization Units (OUs)
You may have already worked with the OU and you've used the benefits of it. But now it's time to consider how and how to use OUs in the virtual desktop environment. Think about this that having a dedicated OU easily allows you to configure specific Group based on the needs of each Pool. Beware of assigning a policy to physical and virtual desktops. It is suggested that OUs and pulses related to physical and virtual desktops are separate from each other.
IP Address and DNS Requirements:
To install Horizon View, there is a
prerequisite for IP addresses and DNS names used by various View components.
The main requirements for IP addresses and DNS names are summarized in the
following for each component:
As you can see, it is recommended to use Load
Balancer to balance the connections between the View of the internal servers
and the external security servers. In small environments, the use of a security
server is sufficient and there is no need for Load Balancer.
Want to download this blog as a PDF document, click the link below:
https://drive.google.com/file/d/1bj2yyfgDr0S5rxio3-sPshgP1TcLRxFZ/view
Abd El-Rahman Oreiby
Senior Data Center Engineer
Al Thuraya Security Egypt
www.abdelrahmanoreiby.weebly.com
Reviewed by Abd El-Rahman Oreiby
on
8/05/2020 10:41:00 م
Rating:
ليست هناك تعليقات: