Leostream Tutorial - Connection Broker Best Practices for Persistent Desktops from VMware vCenter Server with RDP

Support | Contact |

Downloads & Documentation

Training

Tutorial: Persistent Desktops Using VMware vCenter Server and RDP

The Scenario
Procedure

The Scenario

The following procedure guides you through a Connection Broker setup that satisfies the following scenario.

We want to know	Here’s what you have
What type of desktops are you managing?	Virtual Machines hosted in ESX 3.5 and managed by VirtualCenter. (This process works equally well for vSphere and vCenter Server.)
What type of desktop pool structure do you want to use?	Use a single pool that contains all the desktops running a Microsoft Windows operating system
Is this a persistent or non-persistent pool, i.e., should the user be permanently assigned to the desktop after they log in the first time?	Persistent, i.e., When the user first logs in, assign a desktop from the pool. Then, keep the user permanently assigned to that desktop
What system do your users authenticate against?	Microsoft Active Directory
What remote viewer protocol will your users use?	Microsoft RDP
How is the power state of the machine managed?	Suspend the machine when the user logs out
What client device do users have?	Leostream Connect on a Windows thin client, laptop or fat client

The following procedure assumes that you already completed the following steps. Please, see the referenced section of the Leostream documentation if you have not completed each step.

1. The Connection Broker virtual appliance is installed in your virtualization layer (see the Leostream Installation Guide)

2. You have logged into the Connection Broker Administrator Web interface and entered your license key (See “Entering Your License Key” in the Connection Broker Administrator’s Guide)

3. You have configured your Connection Broker network settings (see “Setting Network Configuration and Connection Broker VIP” in the Connection Broker Administrator’s Guide)

Procedure

Step 1: Register your virtual machines with the Connection Broker

In order for the Connection Broker to assign virtual machines to end users, you must first tell the Connection Broker about the virtualization layer hosting the VMs.

Leostream defines centers as the external systems that inform the Connection Broker about desktops and other resources (such as applications, printers, and Teradici PC-over-IP host devices) that are available for assignment to end users.

In this scenario, virtual machines are hosted in VMware ESX, and ESX is managed by VMware VirtualCenter. Therefore, for the Connection Broker to manage these machines, define a center for VirtualCenter, as follows.

1. Go to the > Resources > Centers page, shown in the following figure.

2. Click the Add Center link, as shown in the following figure.

3. The Add Center form opens. Fill in the form with the appropriate information for your center. For example, the following form creates a center for VMware VirtualCenter (vCenter Server).

4. Click Save. The > Resources > Centers page shows the new center, and indicates that the center is refreshing, as shown in the following figure.

5. To view the desktops that the Connection Broker registered from the center, go to the > Resources > Desktops page, shown in the following figure.

Back to top

Step 2: Grouping desktops into pools

After you create your centers and the Connection Broker registers all your desktops, you can combine the desktops into logical groups, or pools. Use pools to create sets of desktops that have similar attributes, or come from the same center. Creating pools is optional, but provides convenience and flexibility when configuring your Connection Broker.

The Leostream Connection Broker defines a pool as any group of desktops or applications.

To create a desktop pool:

1. Go to the > Resources > Pools page, show in the following figure.

2. Click the Create Pool link, as shown in the following figure.

3. The Create Pool form opens. Fill in the form with the appropriate information. For example, the following form creates a pool containing all desktops with a Microsoft Windows operating system.

4. Click Save. The > Resources > Pools page shows the new pool, indented under its parent pool, as shown in the following figure.

Back to top

Step 3: Creating Protocol, Power Control, and Release Plans

After you separate your desktops into pools, define the behaviors you want to assign to the desktops in those pools. To perform this step, ask yourself the following questions.

What remote viewer protocols do I want the user to be able to use to connect to their desktops?
How do I want to manage the power state of each desktop, for example, should it be turned off when the user logs out?
How long do I want my user to be able to use a particular desktop, and claim it for their use? For example, if the user logs out, should they remain assigned to that desktop, or should another user be able to log into that desktop?

The Leostream Connection Broker defines a plan as a set of behaviors that can be applied to any number of pools. This step describes three types of plans: 1) Power Control, 2) Release, and 3) Protocol.

Creating Protocol Plans

Protocol plans determine which remote viewer protocol the Connection Broker chooses when connecting the user to their remote desktop. A particular protocol plan can assign multiple protocols, and the Connection Broker uses the protocol appropriate for that desktop. To create a Protocol plan:

1. Go to the > Plans > Protocol page, shown in the following figure.

2. For this example, click the Edit action associated with the Default Protocol plan, to modify it to restrict it to use only Microsoft RDP.

3. The setting in the Priority drop-down menu determines the order in which the Connection Broker tries to establish the connections using the different remote viewing protocols. In this example, for all protocols in the Leostream Connect and Thin Clients Writing to Leostream API section, with the exception of RDP, select Do not use from the Priority drop-down menu, as shown in the following figure.

4. Scroll down to the Web Browser section. In the following figure, the Default Protocol plan is modified to launch only ActiveX RDP connections.

5. The remainder of the Edit Protocol Plan form, shown in the following figure, configures the parameters used when launching a remote session from other types of client devices. In this example, the Default Protocol plan disallows connections from these other client devices.

6. Click Save.

Creating Power Control Plans

Power control plans define what happens to the desktop’s power state when the user disconnects or logs out of the desktop. To create a Power Control plan:

1. Go to the > Plans > Power Control page, shown in the following figure.

2. Click the Create Power Control Plan link, to build a new Power Control plan.

3. The Create Power Control Plan form opens. Fill in the form with the appropriate information. For example, the following form creates a plan that suspends the desktop when the user logs out.

4. Click Save.

Creating Release Plans

Release plans determine whether a desktop is persistent or non-persistent.

The Leostream Connection Broker defines a persistent desktop as a desktop that is continuously assigned to a particular user, i.e., the desktop is never released back to its pool. A non-persistent desktop is a desktop that is released to its pool. Non-persistent desktops rely on their Power Control plan to determine if they should be reverted to a clean snapshot after the desktop is released.

To create a Release plan:

1.Go to the > Plans > Release page, shown in the following figure.

2. To create a Release plan that models a persistent desktop, click the Create Release Plan link, as shown in the following figure

3. The Create Release Plan form opens. Fill in the form with the appropriate information. For example, to create a Release plan for persistent desktops, ensure that the desktop is not released to its pool when the user logs out, as shown in the following figure

4. Click Save. The new Release Plan appears on the > Plans > Release page, shown in the following figure.

The Leostream Connection Broker defines a rogue user as a user that has remotely logged into a desktop, but whose remote session is not managed by the Connection Broker. A rogue user can be a user that natively launched, for example, an RDP session to the desktop. Alternatively, a rogue user could be a user who logged into the desktop via the Connection Broker, but the Connection Broker subsequently released the desktop back to its pool before the user logged out.

Back to top

Step 4: Building Connection Broker Policies

After you define your pools and plans, build policies that assign the plans to desktops.

The Leostream Connection Broker defines a policy as a set of rules that determine how desktops are offered, connected, and managed for a user, including: what specific desktops are offered; what remote viewer protocol is used to connect to those desktops, which Power Control and Release plans are applied to those desktops, what USB devices the user can access in their remote desktop; and more.

To create a policy:

1. Go to the > Users > Policies page, shown in the following figure.

2. To create a new policy, click the Create Policy link, as shown in the following figure.

3. The Create Policy form opens. Fill in the form with the appropriate information, as shown in the following figures. In this step, enter a name for the policy that will assign your persistent desktop.

4. Select a pool to use for this policy, as shown in the following figure

5. The When User Logs into Connection Broker section, shown in the following figure, tells the Connection Broker how to pull desktops from the selected pool. In this example, the Connection Broker offers one desktop from the pool. That desktop does not need to have an installed Leostream Agent, and the desktop does not need to be turned on.

6. The When User is Assigned to Desktop section, shown in the following figure, tells the Connection Broker how to manage a desktop when the user actually connects to that desktop.

7. Finally, to complete the Desktop Assignment from Pools section, in the Plans section, select the Protocol, Power Control, and Release plans defined in step 3, as shown in the following figure.

The next two steps are provided for informational purposes. You do not need to modify any options in these sections to complete this example.

8. After you configure the Desktop Assignment from Pools section, you can indicate if the policy also offers Citrix XenApp applications, and configure how the policy handles hard-assigned desktops. This example does not require these sections, which are shown for reference in the following figure.

9. The Connection Broker uses the settings in the Desktop Assignment from Pools section to determine which desktops to offer from each pool. You can optionally filter the pool prior to the Connection Broker choosing desktops. This example does not use the Filters section, which is shown for reference in the following figure.

10. Click Save. The new policy is listed on the > Resources > Policies page, shown in the following figure.

Back to top

Step 5: Adding an Authentication Server

After you have your pools and policies configured, setup your authentication server in the Connection Broker.

1. Go to the > Users > Authentication Servers page.

2. Click the Add Authentication Server link, as shown in the following figure.

3. The Add Authentication Server form opens. Fill in the form with the appropriate information for your authentication server, as shown in the following figure.

4. Click Next >. The second page of the Add Authentication Server form opens. Enter your domain name, and confirm the information from the previous form is correct, as shown in the following figure.

5. Specify where in the Active Directory tree the Connection Broker begins searching for users, and what field the Connection Broker uses to match login names against, as shown in the following figure.

At this point, your authentication server setup is complete, and you could scroll down and click Save. To follow through this example, however, leave the Add Authentication Server form open and proceed to step 6.

Back to top

Step 6: Assigning Policies to Users

Step 6 builds on step 5 using the Add Authentication Server form.

If you clicked Save to close the Add Authentication Server form, use the Edit action associated with the authentication server to open the Edit Authentication Server form

1. Use the Assigning User Role and Policy section to assign policies to users based on the user’s Active Directory membership.

2. After all the rules are configured, set a default role and policy to apply to users that are not assigned a policy by one of the rules, as shown in the following figure.

3. Select any final options to apply to this authentication server, as shown in the following figure.

4. Click Save to save any changes to the authentication server.

Your basic Connection Broker configuration is complete, and you can now test your setup.

Back to top

Step 7: Testing a User Login

The following procedure allows you to test if your policies and authentication servers are correctly configured.

1. Go to the > Users > Users page, shown in the following figure.

2. Click the Test Login link, shown in the previous figure. The Login Test dialog opens.

3. Specify the test parameters, shown in the following figure.

4. Click Test to display the results, described in the following figure.

Back to top

Resources

	Connection Broker overview
	Connection Broker data sheet

For More Information

*Required field
Salutation:
First Name*:
Last Name*:
Email*:
Company*: