Leostream FAQ - tips for Connection Broker installation, configuration, scaling, troubleshooting

Support | Contact |

Downloads & Documentation

Training

Leostream Connection Broker – Frequently Asked Questions

Getting Started
Installation, Upgrades and Licensing
Troubleshooting

Networking
General
Authentication Servers
Working with Centers
Working with Desktops
Working with Applications
End User Experience
Policies
Scalability

Getting Started

Why do I need a Connection Broker?
The Leostream Connection Broker allows you to harness the full power of a VDI environment by providing the tools to deliver and manage end-user resources hosted in the data center efficiently and securely. The Leostream Connection Broker provides a comprehensive, open, and flexible approach to virtualizing end-user resources, allowing you to repurpose existing desktops, use any of a number of remote viewer protocols, and integrate with your existing infrastructure.

How do I obtain a trial license?
You can obtain a 30-day trial license from the Leostream Web site, as follows:

Go to www.leostream.com.
Click on the Free Trial link at the top right-hand side of the page.
Enter your contact information and click Submit.

Leostream will send a confirmation email to the email address entered in the Free Trial form, followed by a separate email with the Connection Broker license. You can then download the Connection Broker from the Leostream Web site.

How do I download the Connection Broker?
Click here to download the Leostream Connection Broker v6.2 virtual appliance. See the Leostream installation guide for instructions on installing the virtual appliance into your specific virtualization layer. After you complete the installation, go to the > System > Maintenance page and perform a Check for updates to update the appliance to 6.3.

How do I configure my Connection Broker?
Configuration of your Connection Broker – defining your authentication server, creating desktop and/or application centers, defining pools and policies, and assigning policies to users – depends on your environment. See the Quick Start Guide appropriate for your application.

Installation, Upgrades, and Licensing

How do I install my Connection Broker?
The Connection Broker is a virtual appliance that you import into your virtualization layer. The Installation Guide describes the installation steps. The installation steps may vary depending on which virtualization layer you use.

Why do I need the Leostream Agent?
Although the Leostream Agent is an optional component, it is crucial when deploying VDI on an enterprise level.

The Leostream Agent communicate with the Connection Broker to provide information about when a user logs out or disconnects from a desktop. In addition, the agent is responsible for a number of end-user experience enhancements, including managing USB device passthrough and multi-monitor support.

How do I perform an unattended installation for Leostream Connect or the Leostream Agent?
You can store the settings for one Leostream Connect installation to use when automating a future Leostream Connect installation.

To save installation settings, install Leostream Connect from the command line using the following syntax:

LeostreamConnectSetupXXX.exe /SAVEINF=”filename”

Then use the following command to automate future installations:

LeostreamConnectSetupXXX.exe /LOADINF=”filename”

How do I upgrade the Leostream Agent on my desktops?
The Connection Broker allows you to upgrade the Leostream Agent from a central location. To perform the upgrade, the Leostream Agent must be able to verify the source of the upgrade request as the Connection Broker. Therefore, the Leostream Agent must have a working connection to the Connection Broker before attempting the upgrade, either through a DNS SRV record or IP address definition. You can double check your connection on the Agent using the Test button on the Options tab on the Leostream Agent Control Panel dialog.

Note: If you install the USB component on the Leostream Agent, you encounter a Windows security pop-up regarding drivers that prevents the install from completing. Desktops with USB support require manual intervention to complete the Leostream Agent installation.

To update the Agents:

Go to the > Resources > Desktops list. Desktops with an old Leostream Agent have an Upgrade choice in the Actions column.
Choose Upgrade. The Connection Broker pushes the Agent out to the desktop, where it is installed and restarted remotely. Note: the Agent is restarted, not the desktop.
To upgrade several desktops:

Select the checkboxes for these desktops in the Bulk actions column. If the column of bulk actions checkboxes is not shown, click the Customize link at the bottom of the page and ensure that the Bulk actions item is in the Selected Items list.
Choose Edit from the dropdown menu at the top of the Bulk actions column.
Check Upgrade Agent to latest version.
Click Save. The Connection Broker upgrades the Leostream Agent on all of the selected desktops.

How do I change the port used for Connection Broker communications?
By default, the Connection Broker listens on port number 8080. Both the Leostream Connect client and Leostream Agent use this port number to communicate with the Connection Broker.

To change the port:

Go to the > Resources > Desktops page.
Select Edit for the appropriate desktop.
In the Leostream Agent section, enter a new value into the Port edit field.
You can edit multiple desktops at once, as follows:

Select the checkboxes for these desktops in the Bulk actions column. If the column of bulk actions checkboxes is not shown, click the Customize link at the bottom of the page and ensure that the Bulk actions item is in the Selected Items list.
Choose Edit from the dropdown menu at the top of the Bulk actions column.
Enter a new value in the Port edit field.
Click Save.

This change affects the port that the Connection Broker uses to contact the Leostream Agent, not the port each Leostream Agent is listening on. You can set the listening port on the Leostream Agents using either DNS SRV records or by configuring each Leostream Agent manually.

To configure the listening port on the Leostream Agent manually:

Open the Leostream Agent Control Panel dialog.
Go to the Options tab.
Uncheck the Obtain Connection Broker address automatically check box.
Enter the Connection Broker address into the Address edit field, if it is not already there.
Enter the new port number in the Port edit field.

How do I install Leostream Connect/Java on a Mac OS?
Leostream does not provide native support for the Apple Mac operating system. However, you can configure Leostream Connect/Java to work on an Apple Mac operating system. Click here to download instructions.

How can I tell how many licenses are in use?
The > System > Maintenance page provides information about license use and support expiration. The Licenses currently used line indicates how many licenses are in use, as determined by how many concurrent users are assigned resources (desktops or applications) by the Connection Broker.

If the number of licenses in use exceeds the license limit, the Connection Broker also displays a warning message. Your may unexpectedly exceed your license limit if inactive users are still assigned to desktops. To release licenses, inspect the list of users on the > Users > Users page, and delete any users that should no longer exist in your system. If you still exceed your license limit, check if your policies are set to keep the user assigned to their desktops after log out. To release a license when the user logs out, set your policies to release the desktop back to its pool.

Why can't I upgrade my Connection Broker?
Your support license expiration date indicates the last day you are eligible for Connection Broker upgrades and online support. Once the expiration date has passed, the Check for updates option disables. To view your support expiration date, go to the > System > Maintenance page or look at the bottom of any page in the Connection Broker Web interface.

Troubleshooting

Networking

Why am I receiving the “Can't connect to 10.100.5.37:8080 (connect: Connection refused)” error?
Typically, this error indicates that the Connection Broker is blocked by a firewall.

Why am I receiving the “Unable to scan: protocol error, "500 Can't connect to 10.100.5.37:8080 (connect: No route to host)” error?
Typically, this error indicates there is a DNS error, where the Connection Broker cannot reach other machines.

Why do I get a “Web site under construction” page?
If the user receives a Web site under construction page, you have another Web server running on the same IP address as your Connection Broker. You must have a unique IP address for the Connection Broker.

Turn off the Connection Broker and confirm that you get the same result. Reconfigure your system so your Connection Broker has a unique IP address.

General

Why is the Delete button missing on some of my forms?
The Connection Broker hides the Delete button if the record associated with the form is still in use. For example:

Tag: If the Delete button is not available for a tag, that tag is assigned to at least one of your desktops. Look at the Tag columns in the > Resources > Desktops page to determine which desktops are referencing the tag. Edit these desktops so they no longer reference the tag you want to delete.
Location: If the Delete button is not available for a location, at least one of your authentication servers uses that location to assign a role and policy to a user. Edit the Assigning User Role and Policy section of all of your authentication servers to ensure that they do not reference this location.
Plans: If the Delete button is not available for a plan, at least one of your policies references this plan. Check all the pools in all your policies, and ensure that this plan is not referenced in any of the associated Plan drop-down menus.
Policy: If the Delete button is not available for a policy, at least one of your authentication servers can assign that policy to a user. Edit the Assigning User Role and Policy section of all of your authentication servers to ensure that they do not reference this policy.
Role: If the Delete button is not available for a role, at least one of your authentication servers can assign that role to a user. Edit the Assigning User Role and Policy section of all of your authentication servers to ensure that they do not reference this role.
Authentication Server: If the Delete button is not available for an authentication server, one of your existing Active Directory centers references that authentication server. Check the Active Directory centers in the > Resources > Centers page and ensure that none of these centers point to the authentication server you want to delete.

What can I do if my Connection Broker disk is full?
If you are using the Connection Broker internal database, you may experience disk-full errors. Typically, disk-full errors occur if you are running your Connection Broker in debug mode, therefore storing large amounts of logging information. The log files may grow to a size that fills the Connection Broker disk, and you may no longer be able to log into your Connection Broker or, in worst case scenarios, be able to successfully boot the Connection Broker virtual machine.

To solve disk-full errors, you can mount the full Connection Broker virtual disk onto a second Connection Broker, and manually clean out the large files. Click here to download a document describing this procedure.

Authentication Servers

What permissions must the account used to create the Authentication Server be granted?
When creating an Authentication Server in your Connection Broker, you must provide the credentials for an account that has Read permissions for User objects.

In Active Directory, you can check the access control list (ACL) for the Users group, to determine who has Read permissions for these objects.

In the Active Directory Users and Computers dialog, right-click on the Users node in the console tree.
Select Properties from the right-click menu.
In the Users Properties dialog, go to the Security tab.
Ensure that the account you entered when defining your Authentication Server in the Connection Broker is part of a group included in the Group and user names list. If the user does not fall into any of the groups in this list, you must add the necessary group, or individual user, to this list.
After an appropriate group or user is included in the Group and user names list, check the Permissions list to ensure that this user has Read permissions for users.

If the user has Read permissions in this list, check the Special Permissions (by clicking the Advanced) button to ensure that the account does not inherit a Deny permission.

If the account you entered does not have, or is explicitly denied, Read permissions for User objects, the Connection Broker displays the error LDAP Error: Unable to locate the user when you test the authentication server.

What format does the Login name need to be in?
The user ID entered in the Login field must be defined in LDAP format using a fully qualified login name. Software tools such as Softerra™ LDAP Browser can help you identify the correct format for the login string.

How do I debug problems with the communication between the Connection Broker and my Authentication Servers?
If you are experiencing any type of problem with the communication between the Connection Broker and your authentication server, try using the Test action to debug the problem. To invoke the Test action:

Go to the > Users > Authentication Servers page.
Click the Test action associated with the appropriate authentication server.
In the form that opens, enter the user name and password for a user you know is in that authentication server.
Click Authenticate.

If the authentication server is setup correctly, you see a report describing that user’s record. Some common error messages include the following.

Common error: “LDAP Error: Could not bind to “DomainName”: Check the administrator credentials entered in the Search Settings section. See the "Why do I get a bind error when I test my Authentication Server" Knowledge Center article for more information.
Could not resolve hostname: Check the DNS record for the host name you entered into the Address edit field.
User not found: Check all of the following:
- The user's credentials were correctly entered in the Test form.
- The sub-tree entered into the User Login Search section includes the branch that contains the user you tested.
- The account you used when creating the Authentication Server has Read permissions for the User objects in your Active Directory service.

Why do I get a bind error when I test my Authentication Server?
Binding is the process of associating the Connection Broker with a specific Active Directory Domain Services object. The Connection Broker is unable to bind with Active Directory if the credentials provided when the authentication server was created are, for example, invalid or expired. If a test of the authentication server produces a Could not bind error, look at the error code at the end of the error string. The following table describes some common error codes and their meaning.

Code	Definition	Notes
525	User not found	The specified username is invalid.
52e	Invalid credentials	The user name is valid, however the password is not correct
530	Not permitted to logon at this time	The user name and password are valid, however the account is restricted from logging in at this particular time of day
532	Password expired	The user name and password are valid, however the password has expired
533	Account disabled	The user name and password are valid, however the account is currently disabled
701	Account expired	The user name and password are valid, however the account has expired
733	User must reset password	The user name and password are valid, however the password must be reset before they can log in
755	Account locked	The user name and password are valid, however the account is locked

How do I enter a specific authentication server property to use when assigning users to roles and policies?
By default, the Connection Broker creates authentication servers with the Query for group information check box selected. In this case, the first column in the Assigning User Role and Policy section of the Edit Authentication Server form contains drop-down menus pre-populated with the groups in the authentication server. This menu is static and does not reflect changes made to the groups in the authentication server.

If the groups in your authentication server are still under development or if you want to use an attribute other than group membership when defining assignment rules, create your authentication server record, as follows:

Go to the > Users > Authentication Server page.
Click Create.
In the Other section, deselect Query for group information option.
In the Attribute edit field, enter the authentication server attribute to use when defining assignment rules. For example, use memberOf to match Active Directory groups.
In the Attribute Value column, enter a value for that attribute to use for each rule.

Why did my Connection Broker stop working when I changed the administrator credentials in Active Directory?
The Connection Broker uses the authentication server to authenticate users, identify groups that a user may belong to, and assign policies to users based on these groups. The Connection Broker must be able to log into the authentication server with an account that has read access to the entire LDAP tree.

If you change the password that the authentication server uses to access the LDAP system, you must also change the password in the Connection Broker. The password for the Authentication Server login can be changed on the > Users > Authentication Server page.

How do I use my internal OpenLDAP-based authentication server with the Connection Broker?
The Connection Broker can authenticate users against any authentication server that uses the standard OpenLDAP format. To create a record for an OpenLDAP authentication server in the Connection Broker:

Go to the > Users > Authentication servers page
Click Create.
In the Type drop-down menu, select either Active Directory or eDirectory. This selection determines default values in the remainder of the form, but does not influence how the Connection Broker treats the authentication server after it is created.
Before clicking the Next button, ensure that the Query for group information checkbox is not selected.
The following fields have default values that you should ensure are correct for your OpenLDAP system:

The Login edit field in the Search Settings section
The Sub-tree: Starting point for user search edit field in the User Login Search section
Also in the User Login Search section, the Match Login name against this field edit field.
The Attribute edit field in the Assigning User Role and Policy section

Working with Centers

What privileges do I need to interact with VMware vCenter Server?
The Leostream Connection Broker requires specific VMware vCenter Server (vCenter) privileges in order to perform various actions, such as starting and stopping VMs or provisioning virtual machines from templates. If your Connection Broker is unable to perform any of these actions, you may have created your center with an account that does not have all the required privileges.

Click here to download a description of what vCenter Server privileges are required to perform the various Connection Broker actions. Then, ensure that the account provided for your vCenter Server center in the > Resources > Centers page has the necessary privileges.

Why are my centers offline?
The Connection Broker marks centers offline if it cannot reach the center. If the credentials you entered into the center are not correct or are for a user who does not have administrator rights, the center appears offline. The center can also be offline if the server IP address is unreachable.

You can use the Log action On the > Resources > Centers page to get more information. You can also test the credentials you entered for vCenter centers using the Test action.

Note: If you change the password in one of your centers, you must also change the password in Connection Broker. To do this, go to the > Resources > Centers page and select the Edit action associated with that center. For Active Directory centers, go to the > Users > Authentication servers page and select the Edit action for that authentication server associated with the Active Directory center.

Why is the Active Directory option missing from the Type drop-down menu when I create a Center?
You must create an Active Directory authentication server in the Connection Broker before you can create a Center. To create the authentication server:

Go to the > Users > Authentication servers page.
Click Create.
Select Active Directory in the Type drop-down menu.
Fill in the remaining fields in the Connection Settings and Search Settings sections.
Click Next.
Enter a name for the authentication server.
In the User Login Search section, enter the sub-tree that contains the desktops you want to include in the center.
Click Save.

This Active Directory authentication server can now be used to create an Active Directory Center.

Note: You can use this same authentication server to authenticate users and assign roles and policies.

Working with Desktops

Why is my > Resources > Desktops page empty?
If your > Resources > Desktops page does not list any desktops, check the following.

Is the list being filtered? Switch the Filter this list drop-down menu to No filter and select All from the drop-down menu at the top of each column.
If the table is still empty, are your centers online? Go to the > Resources > Centers page and check the Status column for each center. If your centers are offline, refer to the “Why are my centers offline?” FAQ.
If the center is online, try refreshing the center by selecting the Refresh option for that center.

Why are my users receiving the “No Desktops are Available” warning?
When all desktops are already assigned to users, new users receive the “No Desktops are Available” error message. By default, desktops remained assigned to a user even after the user disconnects.

To resolve this issue:

Find out which desktops are assigned, and to which user they are assigned.
Modify your policies to release desktops back to their pools when the user disconnects or logs out to ensure that you do not run out of desktops.

To determine which desktops are assigned to users:

Go to the > Resources > Desktops page and sort the list backwards by the User column. (The icon next to the User column header should point down, which may require you to click twice on the column header). Desktops that are assigned to users appear at the top of the desktop list.
Go to the > Resources > Pools page and click on the number in the Assigned column of the All Desktops pool. A table opens, listing each assigned machine and its owner.

To manually release desktops back to their pools and, hence, make the desktop available for assignment, go to the > Resources > Desktops page and select the Release action for that desktop.

To modify your policies to release desktops back to their pools, for each pool in the Edit Policy page, assign a release plan that automatically releases desktops back to their pools when the user logs out.

Why are desktops marked “Unreachable”, “Unavailable”, or “Duplicate”?
The Unreachable status indicates that the Connection Broker cannot communicate with the desktop. This typically occurs when the remote viewer port on the desktop is closed or blocked. Test the remote viewer port and ensure that it is not blocked by a firewall.

Once the Connection Broker marks a desktop as Unreachable, you must manually set the desktop back to Available, as follows:

Go to the > Resources > Desktops page
Select the Edit action associated with the appropriate desktop
Select Available from the Availability drop-down menu.
Click Save.

The Unavailable status indicates that the Connection Broker will not assign that desktop to the user. The Connection Broker marks newly discovered/provisioned desktops as Unavailable, if you select the Set newly-discovered Desktops to “Unavailable” option on the Edit Center page. You can also manually set the status of a desktop to Unavailable using the Edit Desktop dialog.

The Duplicate status indicates that a desktop is included in the > Resources > Desktops page more than once. Typically, this occurs when the Connection Broker discovers the desktop in multiple centers. The Connection Broker does not assign machines with a status of Duplicate.

To remove Duplicate entries, you must delete the center that contains them.

Note: If you have a virtual machine in vCenter center registered in Active Directory center, the Active Directory entry is marked as the duplicate.

If you have an Active Directory center and use DNS names for machines, you may see duplicate machines if you have several DNS records that point to the same IP address. You cannot indicate to the Connection Broker which record is real, and which is the duplicate. To remove these duplicate entries, you must remove the stale DNS records.

Why does my ActiveX RDP session not launch on a Windows Vista client?
If the Connection Broker Web interface displays a white box with a black outline, and the lower corner indicates the page is “Done”, the ActiveX RDP control is unable to launch when your users try to connect to their VMs.

If you are using an SSL VPN, this problem may be related to the Web browser's security zones. By default, Microsoft Internet Explorer version 7 does not allow the SSL VPN site and, therefore, does not pass through the appropriate permissions. To solve this problem, add your SSL VPN site to the list of trusted sites in the Security tab of the Internet Options dialog.

Why are the Leostream Agents Marked “Unreachable” or “Unresponsive”?
The Unreachable status indicates that the Connection Broker cannot call out to the Leostream Agent. This typically occurs when the Leostream Agent is stopped or is blocked by a firewall. Check the firewall status of the Leostream Agent on the desktop.

The Unresponsive status indicates that the Connection Broker can call out to the Leostream Agent, but the agent is not responding back. This typically occurs when the Leostream Agent is not properly configured for firewalls or SSL communication, or if the agent is pointing at a different Connection Broker.

How can I test which desktops are offered to a particular user?
Use the Test Login to determine which policy and, therefore, desktop will be offered to a user. To do so:

Go to the > Users > Users page.
Click the Test Login link
Enter the name of the user to test in the User Name edit field. This user does not need to already be in the Connection Broker database.
If appropriate, select a domain, location, and client to test the login from.
Click Test.

During the test,

The Connection Broker queries the Authentication Server for the user’s group membership
The Connection Broker assigns a policy based on the group membership
The available desktops are selected from the pools in the policy
The Connection Broker selects particular desktops for assignment
The Connection Broker selects the appropriate remote viewer protocol

How do I setup single sign-on when using a Novell client?
Leostream Agent 4.4 automatically configures the remote desktop's registry keys to support single sign-on when logging in with Novell client 4.91 SP4.

If you are using version 4.91 SP4 of the Novell client, and do not want to install the Leostream Agent on your remote Windows desktops, you must create the following registry keys in order to perform single sign-on, as described in the Novell documentation.

In HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Login

TSClientAutoAdminLogon.
- Value Type=REG_SZ
- Data=1
DefaultLoginProfile
- Value Type=REG_SZ
- Data=Default

If you are experiencing problems with single sign-on when using version 4.91 SP4 of the Novell client, see the related Novell forum for more information.

When configuring the Microsoft RDP configuration file for single sign-on with Leostream Connect, it is important to use the Novell Fully Qualified Domain Name, which has the format:

.cn=Fred.ou=Users.o=Company and is contained within the {NOVELL_FQDN} dynamic tag.

For more information, refer to the Novell application note on eDirectory naming conventions.

If you can connect but cannot get full access to resources, read the Novell support documents 10087621, and 10052847.

Working with Applications

Can I deliver applications through Terminal Services?
Currently, you can deliver full desktops from Terminal Services, not solely applications. This feature request is under consideration.

End User Experience

How do I use the Leostream multi-monitor support?
Leostream multi-monitor support allows you to provide end users with a true multi-monitor experience. The Leostream multi-monitor support is compatible with any remote viewer protocol, to the extent multiple monitors are supported by the remote viewer protocol. For example, when used with RDP, the cumulative resolution cannot exceed 4096 x 2048.

To enable multi-monitor support:

Install the Leostream Agent on your remote desktops, ensuring that the Enable multiple display support component is selected during installation.
Configure and assign Monitor Layouts to your client devices.

See the Guide to Leostream Multiple Monitor Support for a complete description of how to configure monitor layouts and use the Leostream multiple display support.

What restrictions does RDP 6.0 have when working with multiple monitors?
If your monitor layouts are not being applied to clients connecting via RDP, check that the monitors attached to the client adhere to the following restrictions.

All monitors must have the same resolution
The cumulative resolution cannot exceed 4096 x 2048

In addition, the Connection Broker places the following constraints on the monitor layout.

The monitors must be arranged horizontally
The primary monitor must be at the far left
There can be no more than 16 monitors

How can I repurpose my PCs and laptops as thin clients?
You can use the Leostream Connect client to turn existing PCs and laptops into VDI clients. By installing Leostream Connect in shell mode and with client-side single sign-on, you can hide the underlying operating system and any applications on the client device.

If you install Leostream Connect in shell mode and with client-side single sign-on, end users experience the following behavior

The user boots up their desktop/laptop and see the normal Windows login prompt.
The user enters their credentials into the Windows login prompt.
Because Leostream Connect is in shell mode and using client-side single sign-on, after the user logs in, Leostream Connect automatically starts up (but does not present a login dialog), grabs the user’s credentials, and passes those on to the Connection Broker.
If the user’s policy offers them a single desktop, Leostream Connect automatically launches the remote session. If the user’s policy offers them multiple resources, Leostream Connect offers the list of resources.
When a remote session is launched, Leostream Connect automatically signs the user into the remote session. From and end user’s perspective, it’s as if their original Windows login, logged them directly into the remote session.
When the user logs out of the remote session, they are logged out of Leostream Connect and taken back to the original Windows login screen.

How do I install Leostream Connect on an HP gt7725 Thin Client?
When using an HP gt7725 thin client, you can login to your Leostream Connection Broker using the HP SAM client that is natively installed on the gt7725. If, instead, you want to use the Leostream Connect client, you must manually install the Java version of Leostream Connect and a Java run-time environment on the thin client.

Click here for complete instructions for installing Leostream Connect on your HP gt7725 thin client.

Policies

How do I connect to a Linux desktop?
You can connect to a Linux desktop from either a Windows or Linux client. If connecting from a Linux client, install the Java version of Leostream Connect on the client device.

To define a protocol plan to use when connecting to Linux desktops:

Go to the > Plans > Protocol page.
Select Edit for the protocol plan.
In the Leostream Connect and Thin Clients Writing to the Leostream API section, select the appropriate number from the Priority drop-down menus for each of the following protocols that can be used to connect to a Linux desktop.

RGS
VNC
Radmin
NoMachine NX
Ericom Blaze

Enter appropriate information in the Command line parameters and Configuration file fields.
Set the Priority drop-down menu for all other protocols, such as RDP, to Do not use

Note: If you are connecting to a Windows machines from a Linux client, ensure that you set the Priority for rdesktop to 1, and the Priority for RDP to Do not use.

How do I launch different remote viewers based on the Web browser used?
If you have end users with different types of Web browsers, you may not want to use the same remote viewer for each user. For example, if the end user logs in via Microsoft Internet Explorer, you may want to launch an ActiveX RDP session; if they log in via Mozilla Firefox, you must launch a regular RDP session.

Use Connection Broker locations to support this scenario. Click here to download a document that describes how to configure your Connection Broker to use locations to over-ride the remote viewer selected by the protocol plan in the user's policy.

How do I configure my policy to allow the user to log into either a Windows or a Linux machine?
One policy can assign both Windows and Linux machines. Define different protocol plans to use when connecting to each type of desktop. When defining policies, assign these Windows and Linux protocol plans to the associated Windows and Linux pools.

Note: The Connection Broker chooses which protocol to use based on which port is open on the remote desktop. The Connection Broker does not currently take the client's capability into account then choosing a protocol from the protocol plan.

What are some common considerations when defining policies and assignments?
Leostream Connection Broker policies are incredibly flexible, allowing you to configure your system specifically for your business needs. The following list indicates some things to consider when working with policies and assignments.

In some cases, it is useful to hard-assign desktops to particular users. However, to get the most out of your deployment, use Connection Broker policies to assign resources to users, instead of performing hard-assignments.
Once a machine is assigned to a user, the Connection Broker continues to deliver that same desktop to the user whenever they log in. This behavior may reduce system overhead in some Windows environments. Keep in mind, however, that you cannot assign that machine to another user without first releasing the machine from the first user. To maximize resource usage, set the policy to release the desktop back to the pool when the user logs out.
In order to save system resources, shutdown or suspend desktops after they is unassigned from a user. Keep in mind, however, that this feature may increase the time it takes for a user to log in to their desktop. Also, if several desktops simultaneously require a reboot, this feature may cause a spike in system resources, such as disk I/O. If you are using this feature, make sure to monitor your system when you have many users simultaneously logging in.
Also, suspended machines resume with the same IP address as they were previously assigned. In a DHCP environment, be aware of your DHCP lease expiration period. To use the suspend-and-restore policy feature, ensure that the DHCP lease expiration time is longer than the elapsed time a machine is typically suspended.

Scalability

How do I build a cluster of Connection Brokers?
A cluster is a group of Connection Brokers that share a common external Microsoft SQL Server 2005 database. Clustering Connection Brokers allows you to support more connections per second, while assuring redundancy in the event that one of your servers fails.

The simplest way to create a cluster is, as follows:

Install and configure your initial Connection Broker using an internal data base.
Once that Connection Broker is configured as required, switch to an external SQL Server 2005 database, as follows:

Go to the > System > Maintenance page.
Select the Switch to another database option.
Click Next.
Select the Use a remote Microsoft SQL Server 2005 database option
Enter the IP address, port, username, and password for your database. If a database named LEO does not exist, one is automatically created.
Enter a value into the Site ID field. All Connection Brokers in the cluster must have a unique ID.
Click Save. The Connection Broker downloads the information from its internal data base into the external database.

Install the additional Connection Broker. To maximize redundancy, install the brokers on different virtualization hosts.
For each additional Connection Broker, switch to the SQL Server 2005 database as described in step 2, making sure to give each Connection Broker a unique Site ID.

How do I ensure that my Connection Broker deployment is production-ready?
The Leostream Connection Broker is a production-class virtual appliance. To ensure a production-class deployment of your overall VDI, create systems that ensure the redundancy, resiliency, and scalability of your deployment, including:

Create a Connection Broker cluster that contains sufficient Connection Brokers to handle user logins in the event that a server hosting one of the Connection Broker fails. For added resiliency, when building the Connection Broker cluster, ensure that you place individual Connection Brokers on different servers.
Establish a schedule for backing up your Connection Broker database. Implement your site standard database backup procedure, to ensure that your data is protected.
Create weekly snapshots of each Connection Broker virtual machine. By backing up the entire Connection Broker virtual machine, you do not need a separate backup procedure for the underlying Connection Broker operating system.
Create monthly clones of each Connection Broker virtual machine. Leostream recommends storing these backups in an off-site location. Test your restore process to ensure that the media can be read, and that procedures are correctly documented.
Use DNS to configure your Connection Broker IP addresses. Your DNS will round-robin between Connection Brokers during normal operation.
Never perform a Connection Broker upgrade without first taking a snapshot of your existing Connection Broker virtual machine. Also, test upgrades in an isolated deployment, before rolling out to your production environment.

Resources

	Connection Broker overview
	Connection Broker data sheet

For More Information

*Required field
Salutation:
First Name*:
Last Name*:
Email*:
Company*: