Part 2 : Deployment of Horizon Flex

In continuation from our previous post , We will deploy Horizon Flex and as seen from the previous part Horizon Flex is combination of Mirage and Flex Components. A typical architecture involves Horizon Flex Management Server using which the Administrator can apply various policies and restrict many functionalities on the Enterprise VM that is provided to the Entitled Users. Users are from active directory that we integrate. Unless we use the policy server for storing TAR files , we must use a File server to store the Golden Image.

flex01
And an optional Mirage Server for performing centralized Image management , with which we can take timely backups, apply patches etc to the restricted VM . The Users are allowed to download the entitled VM , Entitlement is performed by the administrator and Users can only download after they install appropriate Horizon Flex Clients . Fusion Pro for Mac systems and Player Pro for Windows systems.

Prerequisites and Deployment
Before we begin the deployment of Horizon Flex we must make sure all the Hardware, Network ports and Operating systems requirements are fulfilled. We must also have a valid license for Horizon Flex to successfully deploy. In this post how ever we will only see the Flex specific actions that are crucial for a successful deployment. For a quick introduction on Mirage kindly Click Here , Also the deployment of different Mirage components can be found in the Mirage section.

Certificates play crucial part in Flex deployment, we must have a valid Trusted Certificate Authority or CA signed certificate for our Flex VM. As all the communications that happens between Flex components are secured using SSL. We can create internal CA using Microsoft Windows Certificate Authority and use it to sign our certificates, but the easier way is to use Trusted CA like Verisign or Comodo to sign our certificate request. We can generate CSR (certificate signing request) using IIS that we configure in our Flex VM.

So lets see how to enable Microsoft IIS Role and its related roles for Flex VM. Initially lets begin by using either Windows 2012 or Windows 2008 R2 as the base operating system. Here in this example we will deploy all the components in a single VM. First off we must install SQL server Express or Standard version , if we already have SQL server then we must create a separate instance for Flex VM, I assume that we are aware of how to install SQL server, one thing to remember is we can use Databse Engine Services , Management Tools which should be sufficient also set up a mixed mode authentication for domain account while installing it. This Windows VM must also be part of domain.

After successful installation of SQL server we must start preparing for IIS role installation.
Navigate to Server Manager > Add Roles and Features > Click Next on Before you begin page > Choose Role based or Feature based installation type

1

After choosing installation type Click Next and Choose the server we want to install IIS role and Click Next and Choose defaults in the Select Roles and Click Next

1

In the Feature selection Choose IIS Roles and Click Next

1

In the Web Service Role of IIS Click Next

1

In the Role Services tab , Choose the appropriate services for the Flex VM,

1
Click Install and wait for the installation to get completed Click Close
Now that we have IIS role running on our Flex VM , we must now generate a CSR, This is a two step procedure

STEP 1 – Generate CSR
1) Click Start > select Administrative Tools > select Internet Information Services (IIS) Manager
2) In the Connections panel on the left, click the server name for which you want to generate the CSR.
3) In the middle panel, double-click Server Certificates
4) In the Actions panel on the right, click Create Certificate Request
5) Enter the following Distinguished Name Properties, and then click Next
Provide the following details
a) Common Name – FQDN of active directory domain which is in use for Flex deployment
b) Organization – Legal Name of the Company
c) Organizational Unit – Department or OU such as IT or HR
d) Fill City, State, Country details and Choose Microsoft RSA SChannel Cryptographic Provider as cryptography type
e) Choose 2048 as Bit lenght of the key and Choose location to save the key and Click Finish

STEP 2 – Request SSL certificate from a Trusted CA
1) Locate the saved CSR file ideally a .req file, copy all of its contents that is including
—-BEGIN NEW CERTIFICATE REQUEST—- and —-END CERTIFICATE REQUEST—-
2) Paste it in the online application ideally Trusted CA’s such as Verisign or Comodo etc
3) Once the CSR has been signed by a CA , you can download it
4) We must import the generated Certificate to the Trusted Root CA folder
5) Click Start > Open MMC as Administrator > Click File > Choose Add/remove Snap-in…

1
6) Choose Certificate Snap in > Add it > Click OK

1

7) Under Certificate Snap in > Choose Trusted Root Certificates > Certificates and right click an Choose All Tasks > Import

1

8) Store Location must be Local Machine and Click Next

1

9) This is the final step, Browse and Choose the downloaded signed certificate and choose defaults in certification location path

1
10) We will now see the import successful dialog box.

1

The main components of Horizon Flex is Flex Management Server which is a combination of the following Mirage Components kindly refer Mirage section for in depth deployment details, How ever I will brief a bit about them here
1) Install the Mirage Management server
Before you install this component make sure you have SQL server up and running, we must provide a new instance, or connect an existing instance while deploying Mirage Management server. Also we must provide a new Storage Area for Mongo DB ~250 GB

2) Install the Mirage server
Ideally we must import the CA signed certificate to personal folder for Mirage Server and provide a new Local Cache Area ~100 GB. Always have more than one instance of Mirage server for a truly enterprise distributed architecture, Here for a PoC we can use single instance of Mirage Server.

3) Install the Mirage Web Management Console.
At this stage we must have all IIS and ASP.NET features enabled for Mirage Web Management.

4) Install the Mirage File Portal.
We must create virtual directory and bind it to 7443 port in IIS for end users to download their secured VM on to endpoint

5) Install the Mirage Management Console.
Provide the Flex Server license as soon as you open the Console, and then connect to Mirage Server

6) Connect the console to the Mirage System.
We can then start configuring Flex VM in Flex Admin Console

We have successfully completed the deployment of Flex VM, we must now prepare golden copy for distributing to end users. We must also import these CA signed certificates on the endpoint. Click here for Next Part

One Response

  1. VMware for the future

    VMware Certified Advanced Professional 6 (Desktop and Mobility Deployment) – The industry-recognized VCAP6-DTM Deploy certification validates that you know how to deploy and optimize VMware Horizon 6 (with View) environments. It proves that you have the understanding and skills vital to leverage best practices to provide a scalable and reliable Business Mobility platform for your organization. Some of the subjects involve: Configuring and managing Horizon View components, configuring cloud pod archituecture, configuring Group Policy settings related to Horizon View, Configuring and optimizing desktop images for Horizon View & Mirage, Configuring and managing App Volumes AppStacks, Configuring desktop pools, Configuring and deploying ThinApp packaged applications, Configuring VMWare Identity Manager, etc.Sebastian’s take on the VCAP6 examination: “In my point of view VCAP6 exam is way better experience than VCAP5, the newest exam appears exactly like VMware HOL. The user interface is effortless, questions are prepared on the right section of the display, and can be hidden to the side or even restored when required. My bits of advice to the questions window: if you choose to make it floating, you must know how to restore it back. I ended up shifting it all around simply because I forget how to restore it back. The two arrows that looks like buttons on top were meant to dock the window to right or left. Fonts could be resized, which in my view was considerably better than scrolling down and up the question. The response speed of the whole interface was so quicker in comparison with VCAP5.5, and there wasn’t any lagging period experienced when moving over from window to window. Something to remember: BACKSPACE key is not working! I believe this is good as you don’t reload your exam window by mistake, on the other hand, it could be irritating from time to time when you type some thing incorrectly and you need to select and press Del to remove. The Desktop and shortcuts were sorted adequately, and necessary applications like web browser or Mirage console are easily launched. You will find there’s very good user interface for Remote Desktop Manager where you can find all necessary RDP connection to servers or desktops without the need to type username and password. The web browser had all the links in the Favorite Bar. At the time I’m writing this, there is no additional Thirty minute extension for Non-Native English speaker at No-Native English country, which is a bummer. You’ll find thirty-nine question to answer within the 3 hours period, and this can be actually really hard for non-native English speakers like me. Some questions take time to complete, so it is best to skip the questions that you cannot answer, and finish those you are able to. By the end of the 39 questions, you could come back to the uncompleted questions in case you have time. DO not squander a lot of time on one single question! The exam blue print is available on my web site at Szumigalski.com. It is well-organized and following it for the examination preparation will help a lot. Obviously, the most suitable is if you can have lots of practical experience! I’m in fact extremely pleased with the examination experience, even though I passed this time around by tiny margin, but I know what I missed for the exam, study from the mistakes and practice harder to acquaint myself with the environment. This qualification is going to open up your job prospects!”

Leave a Reply