Preparing for Horizon View – Setting up a root CA.

While Horizon View does come with self signed certificates but it is always best, in a production environment, to your own SSL certificates.

I connect to my lab remotely using, either my laptop, or other mobile device and like to know that my connection is secure.

If you don’t want to setup your own cert server Lets Encrypt is a public CA and does offer certificates (wild card certs too) for free. If you do choose to use them please consider donating. They are an opensource and free setup and could use your help.

Installing a root CA.

I used a windows 2016 server for this deployment.

  1. In the Server Manager window click on Add roles and features.
  2. Select Role-Based or feature-base installation and click Next.
  3. Select the local server and click Next.
  4. Select Active Directory Certificate Services, and click Next.
  5. Check Include management tools (if applicable). Click Add Features.
  6. Click Next.
  7. Click Next.
  8. Click Next.
  9. Click Next.
  10. Select Certificate Authority. Click Next.
  11. Click Install.
  12. Once the install is complete Click Close.
  13. Once the Install is finished we need to complete the post install tasks. Navigate to Server Manager and click on the alert icon. Click on the post deployment task that needs to be completed.
  14. If you need to change the credentials do so here. I just used the creds I was logged in with. Click Next.
  15. Select Certification Authority and click Next.
  16. Select Enterprise CA and click Next. You can select Standalone CA if that’s what you need. The options might be slightly different.
  17. Select Root CA and click Next.
  18. Select Create a new private key and click Next.
  19. Select the following:
    1. Cryptographic provider – RSA#Microsoft Software Key Provider
    2. Key length – 2048
    3. Algorithm – SHA256
    4. Click – Next.
  20. Leave the defaults and click Next.
  21. Select the validity period of your certificate. (I chose to leave it at 5 years. In a prod environment you might want that to be less). Click Next.
  22. Leave the defaults and click Next.
  23. In the final window check your settings and click Install.

And that’s it, we now have a working root CA!

 

Working VMware’s VDI Solution.

Over the last couple of months (with another work colleague) I’ve been looking into Horizon view 7.4.

So far I really like what I see. It looks like VMware has put  fair amount of effort in the the product lately. From instant clones (windows and Ubuntu) to automated full fat clones for Linux, the product is really starting to look slick.

The next series of blog posts will be covering the installation and configuration of Horizon view, setting up various different solutions (Linux desktops, View security server and as an alternative the Unified Access Gateway, etc) and will take a look at the various “additionals” available, this includes the paks for vRealise Operations Manager and Log Insight.

So what will we need and be setting up to get the basics going?

  1. Lab (I’ve covered how to build this a while back, its a bit old but should still get you started).
  2. Certificate Authority for our domain.
  3. SQL server 2016 Express and SQL server 2016 management tools. Note: While the express version of SQL sever isn’t on the interoperability matrix it does work.
  4. A minimum of 3 Windows servers which will run:
    1. View Connection server
    2. View Composer Server, which will also run our instance of SQL express.
    3. View Security Server
  5. Horizon View Software (Download the lot)
  6. Windows 10 Enterprise
  7. 2 Popular Linux Disto’s.
    1. Centos
    2. Ubuntu

While there can seem to be quite a lot of moving parts, I would expect most prod environments to have access to either SQL standard as a minimum or Oracle (12C standard release 1 and 2 are supported) as well as a CA (certificate Authority).

Our three windows servers, which will form the base of our deployment,  will be configured as follows:

  • Windows 1 – Connection server
  • Windows 2 – Security Server
  • Windows 3 – Composer and SQL Express server

Before we run through the View install’s I’ll first go through setting up and configuring the CA, getting the cert onto the windows connection server, and configuring SQL for the two DB’s we’ll need.