In continuation from our previous post , We will deploy Horizon Flex and as seen from the previous part Horizon Flex is combination of Mirage and Flex Components. A typical architecture involves Horizon Flex Management Server using which the Administrator can apply various policies and restrict many functionalities on the Enterprise VM that is provided to the Entitled Users. Users are from active directory that we integrate. Unless we use the policy server for storing TAR files , we must use a File server to store the Golden Image.
And an optional Mirage Server for performing centralized Image management , with which we can take timely backups, apply patches etc to the restricted VM . The Users are allowed to download the entitled VM , Entitlement is performed by the administrator and Users can only download after they install appropriate Horizon Flex Clients . Fusion Pro for Mac systems and Player Pro for Windows systems.
Prerequisites and Deployment
Before we begin the deployment of Horizon Flex we must make sure all the Hardware, Network ports and Operating systems requirements are fulfilled. We must also have a valid license for Horizon Flex to successfully deploy. In this post how ever we will only see the Flex specific actions that are crucial for a successful deployment. For a quick introduction on Mirage kindly Click Here , Also the deployment of different Mirage components can be found in the Mirage section.
Certificates play crucial part in Flex deployment, we must have a valid Trusted Certificate Authority or CA signed certificate for our Flex VM. As all the communications that happens between Flex components are secured using SSL. We can create internal CA using Microsoft Windows Certificate Authority and use it to sign our certificates, but the easier way is to use Trusted CA like Verisign or Comodo to sign our certificate request. We can generate CSR (certificate signing request) using IIS that we configure in our Flex VM.
So lets see how to enable Microsoft IIS Role and its related roles for Flex VM. Initially lets begin by using either Windows 2012 or Windows 2008 R2 as the base operating system. Here in this example we will deploy all the components in a single VM. First off we must install SQL server Express or Standard version , if we already have SQL server then we must create a separate instance for Flex VM, I assume that we are aware of how to install SQL server, one thing to remember is we can use Databse Engine Services , Management Tools which should be sufficient also set up a mixed mode authentication for domain account while installing it. This Windows VM must also be part of domain.
After successful installation of SQL server we must start preparing for IIS role installation.
Navigate to Server Manager > Add Roles and Features > Click Next on Before you begin page > Choose Role based or Feature based installation type
After choosing installation type Click Next and Choose the server we want to install IIS role and Click Next and Choose defaults in the Select Roles and Click Next
In the Feature selection Choose IIS Roles and Click Next
In the Web Service Role of IIS Click Next
In the Role Services tab , Choose the appropriate services for the Flex VM,
STEP 1 – Generate CSR
1) Click Start > select Administrative Tools > select Internet Information Services (IIS) Manager
2) In the Connections panel on the left, click the server name for which you want to generate the CSR.
3) In the middle panel, double-click Server Certificates
4) In the Actions panel on the right, click Create Certificate Request
5) Enter the following Distinguished Name Properties, and then click Next
Provide the following details
a) Common Name – FQDN of active directory domain which is in use for Flex deployment
b) Organization – Legal Name of the Company
c) Organizational Unit – Department or OU such as IT or HR
d) Fill City, State, Country details and Choose Microsoft RSA SChannel Cryptographic Provider as cryptography type
e) Choose 2048 as Bit lenght of the key and Choose location to save the key and Click Finish
STEP 2 – Request SSL certificate from a Trusted CA
1) Locate the saved CSR file ideally a .req file, copy all of its contents that is including
—-BEGIN NEW CERTIFICATE REQUEST—- and —-END CERTIFICATE REQUEST—-
2) Paste it in the online application ideally Trusted CA’s such as Verisign or Comodo etc
3) Once the CSR has been signed by a CA , you can download it
4) We must import the generated Certificate to the Trusted Root CA folder
5) Click Start > Open MMC as Administrator > Click File > Choose Add/remove Snap-in…
7) Under Certificate Snap in > Choose Trusted Root Certificates > Certificates and right click an Choose All Tasks > Import
8) Store Location must be Local Machine and Click Next
9) This is the final step, Browse and Choose the downloaded signed certificate and choose defaults in certification location path
The main components of Horizon Flex is Flex Management Server which is a combination of the following Mirage Components kindly refer Mirage section for in depth deployment details, How ever I will brief a bit about them here
1) Install the Mirage Management server
Before you install this component make sure you have SQL server up and running, we must provide a new instance, or connect an existing instance while deploying Mirage Management server. Also we must provide a new Storage Area for Mongo DB ~250 GB
2) Install the Mirage server
Ideally we must import the CA signed certificate to personal folder for Mirage Server and provide a new Local Cache Area ~100 GB. Always have more than one instance of Mirage server for a truly enterprise distributed architecture, Here for a PoC we can use single instance of Mirage Server.
3) Install the Mirage Web Management Console.
At this stage we must have all IIS and ASP.NET features enabled for Mirage Web Management.
4) Install the Mirage File Portal.
We must create virtual directory and bind it to 7443 port in IIS for end users to download their secured VM on to endpoint
5) Install the Mirage Management Console.
Provide the Flex Server license as soon as you open the Console, and then connect to Mirage Server
6) Connect the console to the Mirage System.
We can then start configuring Flex VM in Flex Admin Console
We have successfully completed the deployment of Flex VM, we must now prepare golden copy for distributing to end users. We must also import these CA signed certificates on the endpoint. Click here for Next Part