The Scenario

The following procedure guides you through a Connection Broker setup that satisfies the following scenario.

The following procedure assumes that you already completed the following steps. Please, see the referenced section of the Leostream documentation if you have not completed each step.

1. The Connection Broker virtual appliance is installed in your virtualization layer (see the Leostream Installation Guide)

2. You have logged into the Connection Broker Administrator Web interface and entered your license key (See “Entering Your License Key” in the Connection Broker Administrator’s Guide)

3. You have configured your Connection Broker network settings (see “Setting Network Configuration and Connection Broker VIP” in the Connection Broker Administrator’s Guide)

4. You have installed the Leostream Agent on the virtual machines (see the Leostream Installation Guide)

Procedure

Step 1: Registering virtual machines with the Connection Broker

In order for the Connection Broker to assign virtual machines to end users, you must first tell the Connection Broker about the virtualization layers hosting the VMs.

Leostream defines centers as the external systems that inform the Connection Broker about desktops and other resources (such as applications, printers, and Teradici PC-over-IP host devices) that are available for assignment to end users.

In this scenario, virtual machines are hosted in VMware vSphere, and managed by VMware vCenter Server. For the Connection Broker to manage these machines, define a center for the vCenter Server, as follows.

1. Go to the > Resources > Centers page, shown in the following figure.

2. Click the Add Center link, as shown in the following figure.

3. The Add Center form opens. Fill in the form with the appropriate information for your center, for example, the following form creates a center for VMware vCenter Server.

4. Click Save. The > Resources > Centers page shows the new center, and indicates that the center is refreshing, as shown in the following figure.

5. To view the desktops that the Connection Broker registered from the center, go to the > Resources > Desktops page, shown in the following figure.

Step 2: Registering physical desktops with the Connection Broker

You can register physical desktops with the Connection Broker in one of three ways.

1. Create an Uncategorized Desktops center and install the Leostream Agent on all physical desktops. When the Leostream Agent announces itself to the Connection Broker, the Connection Broker automatically adds the desktop to the > Resources > Desktops page.

2. Manually import individual or groups of desktops using the Import Desktop and Import Range of Desktops options on the > Resources > Desktops page.

3. Add an Active Directory center, to register computers inventoried in Microsoft Active Directory.

This example uses method three, adding an Active Directory center. Before you can add an Active Directory center, you must first register Active Directory as an authentication server with the Connection Broker, as follows.

1. Go to the > Users > Authentication Servers page, shown in the following figure.

2. Click the Add Authentication Server link, shown in the following figure.

3. The Add Authentication Server form opens. Fill in the form with the appropriate information for your Active Directory authentication server.

4. Click Next. The second page of the Add Authentication Server form opens. Enter your domain name, and confirm the information from the previous form is correct, as shown in the following figure.

5. Specify the location in the Active Directory tree where the Connection Broker begins searching for computers.

6. At this point, your authentication server is sufficiently configured to create an Active Directory center. Scroll down to the bottom of the form and click Save. The new authentication server appears on the > Users > Authentication Servers page, shown in the following figure.

7. Now, to add the Active Directory center, go to the > Resources > Centers page, shown in the following figure.

8. Click the Add Center link, circled in the previous figure.

9. Configure the Add Center form to create an Active Directory center, as shown in the following figure.

10. Click Save. The > Resources > Centers page now contains two centers, as shown in the following figure.

The > Resources > Desktops page, shown in the following figure, lists all desktops from both centers.

You can edit a duplicate desktop to find out which record represents the master desktop.

Step 3: Grouping desktops into pools

After you create your centers and the Connection Broker registers all your desktops, you can combine the desktops into logical groups, or pools. Use pools to create sets of desktops that have similar attributes, or come from the same center. Creating pools is optional, but provides convenience and flexibility when configuring your Connection Broker.

The Leostream Connection Broker defines a pool as any group of desktops or applications.

To create a desktop pool:

1. Go to the > Resources > Pools page, show in the following figure.

2. Click the Create Pool link, shown in the following figure.

3. The Create Pool form opens. Fill in the form to create a pool of desktops with similar attributes. For example, the following form creates a pool containing all desktops in the center for vCenter Server.

4. Click Save. The > Resources > Pools page shows the new pool, indented under its parent pool, as shown in the following figure.

5. To create a second pool of physical desktops, click the Create Pool link, and configure the Create Pool form, as follows.

6. Click Save. The > Resources > Pools page now displays both pools, as shown in the following figure.

Step 4: Creating Protocol, Power Control, and Release Plans

After you separate your desktops into pools, define the behaviors you want to assign to the desktops in those pools. To perform this step, ask yourself the following questions.

• What remote viewer protocols do I want the user to be able to use to connect to their desktops?

• How do I want to manage the power state of each desktop, for example, should it be turned off when the user logs out?

• How long do I want my user to be able to use a particular desktop, and claim it for their use? For example, if the user logs out, should they remain assigned to that desktop, or should another user be able to log into that desktop?

The Leostream Connection Broker defines a plan as a set of behaviors that can be applied to any number of pools. This step describes three types of plans: 1) Power Control, 2) Release, and 3) Protocol.

Creating Protocol Plans

Protocol plans determine which remote viewer protocol the Connection Broker chooses when connecting the user to their remote desktop. A particular protocol plan can assign multiple protocols, and the Connection Broker uses the protocol appropriate for that desktop.

To create a Protocol plan:

1. Go to the > Plans > Protocol page, shown in the following figure. In this example, the Default Protocol plan is appropriate for the VMs.

2. For this example, you need a protocol plan that establishes connections to blades using HP RGS, and to VMs using RDP. Because the VMs do not have an installed RGS sender, you can use a single protocol plan to accomplish both connections. To create this Protocol plan, click the Create Protocol Plan link.

3. The setting in the Priority drop-down menu determines the order in which the Connection Broker tries to establish the connections using the different remote viewing protocols. For this example, give RGS a priority of 1, and RDP a priority of 2, as shown in the following figure.

With the protocol priorities set as shown in the previous figure, the Connection Broker first looks to see if the port associated with HP RGS is open on the remote desktop. If that port is open, the Connection Broker establishes an RGS connection to the desktop. If the port is not open, the Connection Broker checks if the RDP port is open and, if so, connects to the desktop using RDP.

4. Scroll down to the Web Browser section, shown in the following figure. Configure this section with the preferred viewers to launch when a user logs in through a Web browser. For example, the following figure configures the plan to launch only ActiveX RDP connections

5. The remainder of the Edit Protocol Plan form, shown in the following figure, configures the parameters used when launching a remote session from other types of client devices. In this example, the plan disallows connections from these other client devices.

6. Click Save.

Creating Power Control Plans

Power control plans define what happens to the desktop’s power state when the user disconnects or logs out of the desktop. This example requires two power control plans.

1. A power control plan for the blades, which instructs the Connection Broker to never change the blade’s power state.

2. A power control plan for the VMs, which reverts the VM to its most recent snapshot when the user logs out.

To create a Power Control plan:

1. Go to the > Plans > Power Control page, shown in the following figure.

2. For this example, the default Power Control plan is sufficient for the blades; no changes are made to these desktops’ power states. However, for the VMs, an additional Power Control plans is necessary, in order to revert the VMs back to a snapshot when the user logs out. Click the Create Power Control Plan link, shown in the following figure, to create a new Power Control plan

3. The Create Power Control Plan form opens. Fill in the form with the appropriate information, for example, the following form creates a plan to revert the desktop to its most recent snapshot when the user logs out.

4. Click Save.

Creating Release Plans

Release plans determine whether a desktop is persistent or non-persistent.

The Leostream Connection Broker defines a persistent desktop as a desktop that is continuously assigned to a particular user, i.e., the desktop is never released back to its pool. A non-persistent desktop is a desktop that is released to its pool. Non-persistent desktops rely on their Power Control plan to determine if they should be reverted to a clean snapshot after the desktop is released.

This example requires two release plans:

1. 1. A release plan for the blade, which models a persistent desktop. The blade always remains assigned to the user.

2. 2. A release plan for the VM, which models a non-persistent desktop. The VM is released back to the pool when the user logs out. In cases where the user disconnects instead of logs out, they can log back into the desktop anytime in the next eight hours. After eight hours, the user is forcefully logged out and their desktop is returned to its pool.

To create these Release plans:

1. Go to the > Plans > Release page, shown in the following figure.

2. To create a release plan that models a persistent desktop, click the Create Release Plan link, shown in the following figure

3. The Create Release Plan form opens. Fill in the form with the appropriate information. For this release plan, ensure that the desktop is not released when the user logs out, as shown in the following figure

4. Click Save. The new Release Plan appears on the > Plans > Release page, shown in the following figure.

5. To create the second Release plan for the VMs, click the Create Release Plan link, shown in the following figure

6. The Create Release Plan form opens. Fill in the form with the appropriate information, as shown, for example, in the following figure

7. Click Save. The new Release Plan appears on the > Plans > Release page, shown in the following figure.

The Leostream Connection Broker defines a rogue user as a user that has remotely logged into a desktop, but whose remote session is not managed by the Connection Broker. A rogue user can be a user that natively launched, for example, and RDP session to the desktop. Alternatively, a rogue user could be a user who logged into the desktop via the Connection Broker, but the Connection Broker subsequently released the desktop back to its pool before the user logged out.

Step 5: Building Connection Broker Policies

After you define your pools and plans, you can combine them into policies

The Leostream Connection Broker defines a policy as a set of rules that determine how desktops are offered to and managed for a user, including: what specific desktops are offered; what remote viewer protocol is used to connect to those desktops, which Power Control and Release plans are applied to those desktops, what USB devices the user can access in their remote desktop; and more.

To create a policy:

1. Go to the > Users > Policies page, shown in the following figure.

2. To create a new policy, click the Create Policy link, shown in the following figure.

3. The Create Policy form opens. Fill in the form with the appropriate information, shown in the following figures. In this step, enter a name for the policy that will assign one blade and one non-persistent VM.

4. In this example, the Desktop Assignment from Pools section will assign two desktops, one from the pool of VMs and one from the pool of physical desktops. To configure options associated with the pool of VMs, select that pool from the Pools menu, as shown in the following figure

5. The When User Logs into Connection Broker section, shown in the following figure, tells the Connection Broker how to pull desktops from the selected pool. In this example, the Connection Broker offers one desktop from the VMs pool. That desktop must have an installed Leostream Agent, and be turned on.

6. The When User is Assigned to Desktop section, shown in the following figure, tells the Connection Broker how to manage a desktop when the user actually connects to that desktop.

7. Finally, to complete the Desktop Assignment from Pools section, in the Plans section, select the Protocol, Power Control, and Release plans defined in step 3, as shown in the following figure.

8. The policy now assigns one VM. To complete this example, the policy must also assign one blade from the Physical Desktops pool. To add another pool to the policy, select 1 more from the [Add Pools] drop-down menu, as shown in the previous figure. Another Pool sub-section is added to the Desktop Assignment from Pools section.

9. Configure the policy options associated with the pool of physical desktops, as shown in the following figure.

The next two steps in this procedure are provided for informational purposes. You do not need to modify any options in these sections to complete this example.

10. After you configure the Desktop Assignment from Pools section, you can indicate if the policy also offers Citrix XenApp applications and configure how it handles hard-assigned desktops, as shown for reference in the following figure.

11. The Connection Broker uses the settings in the Desktop Assignment from Pools section to determine which desktops to offer from each pool. You can optionally filter the pools prior to the Connection Broker choosing desktops. This example does not use the Filters section, which is shown for reference in the following figure.

12. Click Save. The new policy is listed on the > Resources > Policies page, as shown in the following figure.

Step 6: Adding an Authentication Server

Because this example is brokering physical desktops in Active Directory, you already created an authentication server. That same server can be used to authenticate users logging into the Connection Broker. To ensure that the authentication server is correctly configured for users:

1. Go to the > Users > Authentication Servers page.

2. Click the Edit action associated with the authentication server, as shown in the following figure.

3. Check where in the Active Directory tree the Connection Broker begins searching for users and what field the Connection Broker uses to match login names against, as shown in the following figure.

At this point, your authentication server setup is complete. With the Edit Authentication Server form open, proceed to step 7.

Step 7: Assigning Policies to Users

If you clicked Save to close the Edit Authentication Server form, use the Edit action associated with the authentication server to open the Edit Authentication Server form, as described in the previous step.

1. Use the Assigning User Role and Policy section, shown in the following figure, to assign policies to users based on the user’s Active Directory membership.

2. After all the rules are configured, set a default role and policy to apply to users that are not assigned a policy by one of the rules, as shown in the following figure.

3. Select any final options to apply to this authentication server, as shown in the following figure.

4. Click Save to save any changes to the authentication server.

Your basic Connection Broker configuration is complete, and you can now test your setup.

Step 8: Testing a User Login

The following procedure allows you to test if your policies and authentication servers are correctly configured.

1. Go to the > Users > Users page, shown in the following figure.

2. Click the Test Login link, shown in the previous figure. The Login Test dialog opens.

3. Specify the test parameters, as shown in the following figure.

4. Click Test to display the results.