Wednesday Jan 07, 2009

How to setup VMWare View and Sun Ray Server Software 4.1 for a POC

With the 4.0 release of Sun Ray Server Software we can use VMWare's desktop broker, View, to provide Windows desktops to our Sun Rays. This guide will explain how to do it!

Prep Work:
The following items need to be up and running before we can proceed with the SRSS 4.1 connector for View. If you are starting from scratch there is a lot of steps to get through. Most likely you will be asked to deploy in front of a working View environment and can skip most of the prep work.

Install of ESX (Directions)
Install of Virtual Center (Directions) - note 32 bit windows is required and do not install on the AD Server
Install of View Connector Server (Directions) - note 32 bit windows is required and do not install on the AD Server
Install of XP with View Agent (Directions)

Install of Solaris 10 either on a separate box or a VM (Directions)
Install of Sun Ray Server Software 4.1 (Directions)

Configuration settings in View:
We need to make a couple of configuration changes to View. I recommend getting things working without SSL first, and then coming back and turning on SSL if your environment requires it.

First lets change View to accept non-ssl connections. Log into your View administrative website. Go to the configurations tab. Edit your global settings to turn require ssl to off. When you make the change View is going to state that it needs to be restarted. Hold off for now.

Srvdm-6

On the pop up screen un-tick require ssl

Srvdm-12

View by default tries to tunnel the connection. We need to change it to direct connect. In the View administrator, on the configuration tab you need to select your server and click on edit.

Srvdm-10

On the pop up screen. Click on direct connect.

Srvdm-11

At this point we need to restart the View service. You will find it in the Windows Service manager as VMWare View Connection Server.

Sun Ray Connector for VMware Virtual Desktop Manager(SRVDM):
Now that we have a working View environment and a working SRSS environment we can get to the steps to tie the 2 together. First we need to download SRVDM to our Sun Ray Server. The bits can be found here.

Install SRVDM:
# unzip srvdm_1.0.zip
# cd srvdm_1.0
# pkgadd -d Packages/Solaris_10+/i386/
accept the defaults and you should get a message that the install finished correctly.

Configure Kiosk:
We will use the web interface for the Sun Ray server to configure the Sun Ray server to present windows desktops.

Log into your web admin port http://<name of run ray server>:1660
The username is admin and the password is the one you gave it during set up.

Click on the advanced tab:

Srvdm - Advanced

Then on the Kiosk Sub tab:

Srvdm - Sub Tab

If you are setting up your Kiosk mode for the first time you will see a message about no Kiosk Mode settings. Click the edit button on the right. If you have kiosk mode setup already jump to the next step:

Srvdm-3

Change the session drop down to VMWare Virtual Desktop Manager Session.
We are going to start our tests without SSL turned on. In the arguments field add
-http -s <servername> and click on OK

Srvdm-4

At this point you will have a kiosk mode defined and then you will need to tell the server when to use it. This is accomplished by using the the System Policy to turn Kiosk Mode on for card users and non card users. Click on the System Policy Sub Tab on the Advanced Menu and then click on the enable check box for Kiosk Mode under both non card users and card users. Then click on the save button.
Srvdm-7

You will get a message saying the changes have been stored and you need to restart the server. Click on the link to switch to the servers tab.
Srvdm-8

Select your server and click on cold restart.

Srvdm-9

You should now have the VIew Login on your Sun Rays.
 Img 10Bd6-4D57738484186B2B108Cd0F2686D825D.4963F987

And yes after entering your credentials you will have a windows desktop on your Sun Ray.  Twitpic Photos Large 1696364-1

If you are need to enable SSL the steps can be found here. Remember to recheck the use SSL setting that we shut off above, and restart the View Connection service. Also remember to go back into the kiosk config and take out the -http argument and restart the Sun Ray Server.

Technorati Tags: , , ,

How to setup SRVDM and VMWare View SSL

This entry assumes that you have a non ssl working SRVDM View environment. If you don't check out this entry on how to get one.

The SSL certificate that comes with the default install of View is not a valid one. You will get hostname mismatch errors if you use the VMWare clients, and you will not be able to connect through the Sun Ray client. In order to get the Sun Ray connector for VMWare View to connect we need to either move a valid certificate in place, or create a self signed one. The steps below can be found in the View Documentation.

Generate Certificate:
First lets create a self signed certificate. If you have a signed certificate already skip this step. On your VMWare View server start a command prompt and switch to the following directory:

C:\\Program Files\\VMware\\VMware View\\Server\\jre\\bin>

Once there execute the following command;

keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360

You will be asked a series of questions which will be used to create your certificate. Make sure you remember what you make the password! Also the first question which is your name is somewhat misleading. It needs to be the name of the server.

Enable Certificate:
We need to move the certificate we created, keys.12, from the C:\\Program Files\\VMware\\VMware View\\Server\\jre\\bin to C:\\Program Files\\VMware\\View Manager\\Server\\sslgateway\\conf.

Next we need to create the file, C:\\ProgramFiles\\VMware\\View Manager\\Server\\sslgateway\\conf\\locked.properties and insert the following 2 lines into it:

keyfile=keys.p12
keypass=<secret>

Where secret is the password you used to create the certificate above.

Restart the VMWare View Connection Server.

In the View admin site, in the event log you should see a line about using the keys.p12 file.

View-Ssl-1

Now when you go back to your View site, through the web interface, you should be able to connect without getting name errors. Note you will still get an error about a self signed cert, but that is the only one you should get now.

Install the certificate on Sun Ray Servers:
The readme that comes with the SRVDM provides us a command on how to import the certificate into SRVDM. That is all well and good, if we have the certificate! When you go to the View Admin Site, you needed to add a security exception because it is a self signed certificate. If you have a non-self signed certificate, Firefox will automatically store the certificate for you. In either case the following steps using firefox can be used to get the certificate.

We can use firefox to export the certificate. The challenge is that since we are using a self signed certificate you can only do it while you are adding the security exemption. In firefox go to preferences. Click on the advanced tab, encryption, view certificates.

Srvdm-Ssl2

You should see your certificate, but notice the export button is grayed out.

Srvdm-Ssl4

We need to click on delete and start the process over to get our cert. Once the certificate is deleted, return to the View admin site. You will get the cert error again, and click on add exception. Click on Get Certificate, before clicking on confirm exception click on the view button.

Srvdm-Ssl5

Next we need to click on the details tab and then export

Srvdm-Ssl7

Name the cert and save it someplace appropriately. Close out the windows and confirm the security exemption to get back into the View website.

Now that we have the cert in hand we can import into our Sun Ray servers. First you need to copy (scp) the cert we just saved to the the Sun Ray server. Once there we need to run the following command changing VDM certificate to the file name you gave the cert during the export above. Also make sure to note the password you use.

#keytool -import -file <VDM certificate> -trustcacerts -v -keystore /etc/opt/SUNWkio/sessions/vdm/keystore

Next we need to edit /etc/opt/SUNWkio/sessions/vdm/vdm and insert the password
Line 17 has the word javaKeyStorePass, we need to add the password we set in the step above into the file.

NOTE! There is a typo that will prevent things from working. You must correct the typo with the following 2 commands:
#sed 's/trustStore=$javaKeyStorePass /trustStorePassword=$javaKeyStorePass /' /etc/opt/SUNWkio/sessions/vdm/vdm > /tmp/vdm
#cp /tmp/vdm /etc/opt/SUNWkio/sessions/vdm/vdm

We need to restart the kiosk sessions on the Sun Ray server. Since this a POC server and we have made lots of changes, I suggest doing a cold restart.
# /opt/SUNWut/sbin/utrestart -c

When the Sun Rays come back up, you should receive the VIew log in and be good to go.

If things are not working for you, one of my colleagues wrote a great blog entry about how to debug things which can be found here.

My same colleague also wrote an entry about how to get the certificate working in VDM versions prior to view which can be found here. Note the typo directions above are from this entry.

Technorati Tags: , , ,

About

user12609114

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today