In this section, we will examine various aspects of security. Securing
communication between client and server servers and creating the necessary
security relationship between the infrastructure components between View
servers in the data centers we have. To begin with, we have a general look at
the Secure Socket Layer or SSL before we can explain how to create and export
the certificate. The next section is about True SSO. True SSO provides users
with the conditions that transfer all their rights and privileges to the domain
into their virtual desktop without the need for authentication with Active
Directory.
Horizon View and SSL Certificates
Let's start by specifying SSL. SSL is an encryption technology developed
by Netscape, and is used in cases where it encrypts communication between a web
server and a web browser. Using SSL, the information sent to your web browser
is fully secured without anyone having access to it.
SSL works with an SSL Certificate installed on a server and used to
identify you. The question is, "How do we know if we are using a secure
connection to connect to a web server?" If your connection is secure, you
will see a padlock icon on your browser or the address of your bar is green. To
come The SSL Certificate is provided by a CA. (CA = Certificate Authorities)
What is the Certificate Authority?
A service that issues digital certificates after validation for
organizations or individuals. Certification authorities keep details of
certificates issued so far. These items are kept fully and regularly. It is
possible to provide a Certificate Authority from other organizations or to
build a Root CA for ourselves.
Why do we need SSL for Horizon View?
If you are transferring information from a website to an endpoint user,
you need to provide information security with encryption. In other words, data
can be at risk. Horizon View is essentially like a web service to connect to the
end-user and from its own device to View Connection Server, you should make
sure that the connection has the security required. In this case, SSL is used
to secure communication between the client device and the virtual desktop of
the user, though with View, no real data is transferred, and only pixels and
images are transferred to your virtual desktop, and if A side-by-side
interrupts the transfer. You will potentially see the page and re-design with
these pins. Also, SSL is used to communicate between Horizon View components.
For example, to communicate between Connection Servers and Replica Servers.
SSL Certificates for Horizon View:
By default, Horizon View uses a certificate that is self-signed and
suitable for PoC or Trial phases. But in the large operational environments, you need to have a valid
and appropriate certificate. From version 5.1, the use of certificates became a
requirement. Where they were used for Horizon View components to make the
connection. Such as Connection Server, Replica Serve, and View Composer, as
well as infrastructure
related to ESXi hosts and vCenter servers. Each of these components
requires a certificate that the certificate is installed on the client machine.
Installing a Root CA:
We will consider a server called HZN7-CERTS and we will be launching
this Root CA server.
1. Console HZN7-CERTS server and run Server Manager.
2. Follow the photo to add roles and features (1).
3. The Add Roles and Features Wizard page is displayed. Click the Next
button.
4. You see the Installation Type page. Select the Role-based or feature-based installation (2)
5. Click the Next button.
6. Select the Select a server from the server pool option (3) and then select the server list.
7. Click Next>. You are now viewing the Server Roles page.
8. Click Active Directory Certificate Services (5). From the popup that
opens to you, select Add Features that are required for
Active Directory Certificate
Services, and then click the Add Features button (6).
9. Go back to the Server Roles page, and see Active Directory
Certificate Services checked. Click the Next button.
10. You will see the Features configuration page. Click Next.
11. The Active Directory Certificate Services page is displayed to you.
12. Click the Next button. You will see the Role Services page.
13. Click the "Certification Authority" check box (7), then
click the Next button.
14. On the Confirmation page, click Restart the destination server automatically (8), and then click the Install button.
15. The certificate services feature is installed. To complete the
process, some settings need to be done.
16. From the menu at the top of the Server Manager Dashboard, click the
warning triangle, and click on the pop-up appearing on the Configure Active Directory
Certificate Services (9).
17. The AD CS Configuration page appears for you and the Credentials settings are specified.
18. Click Next to continue.
19. Click the "Certification Authority" check box (10), and
then click the Next button.
20. Enter the Setup Type page.
21. Select the Enterprise CA option (11) and click the Next button. Enter the CA Type field.
22. Select the Root CA option (12), and then click the Next button>
Continue to continue.
23. The Private Key Settings page is displayed.
24. Select the Create a new private key option (13) and click the Next button. Enter the Cryptography settings.
25. Do not touch the default settings and click the Next button.
26. The CA Name setting screen appears for you.
27. Do not change the default settings and click the Next button.
28. Enter the Validity Period settings.
29. Do not change the default settings and choose Next.
30. Enter the Certificate Database section.
31. Confirm the default settings and select Next>. You will see a page similar to the one below.
32. Click the Configure button to complete the settings. When everything is done correctly, the following message will be displayed to you.
33. Click the Close button to close the Server Manager page.
Our Certificate Server is installed and running. We need to start the
Horizon View settings for using this service.
Reviewed by Abd El-Rahman Oreiby
on
8/06/2020 07:23:00 ص
Rating:
ليست هناك تعليقات: