Deploy View Enrollment Server
Today we will discuss about Horizon View Enrollment server and Enrollment server deployment.
Horizon View 7.5 blog series: “Horizon View 7.5”
Previous blog post: “Replace SSL certificate on View Security Server”
You can run the Connection Server installer and select the Horizon 7 Enrollment Server option to install an enrollment server. The enrollment server requests short-lived certificates on behalf of the users you specify. These short-term certificates are the mechanism True SSO uses for authentication to avoid prompting users for Active Directory credentials.
Image Credit: VMware EUC Blog
You must install and set up at least one enrollment server, and the enrollment server cannot be installed on the same host as View Connection Server. VMware recommends that you have two enrollment servers for purposes of failover and load balancing. If you have two enrollment servers, by default one is preferred and the other is used for failover. You can change this default, however, so that the connection server alternates sending certificate requests to both enrollment servers.
Image Credit: VMware EUC Blog
If you install the enrollment server on the same machine that hosts the enterprise CA, you can configure the enrollment server to prefer using the local CA. For best performance, VMware recommends combining the configuration to prefer using the local CA with the configuration to load balance the enrollment servers. As a result, when certificate requests arrive, the connection server will use alternate enrollment servers, and each enrollment server will service the requests using the local CA.
Create a Windows Server 2008 R2 or Windows Server 2012 R2 virtual machine with at least 4GB of memory, or use the virtual machine that hosts the enterprise CA. Do not use a machine that is a domain controller.
Verify that no other View component, including View Connection Server, View Composer, security server, Horizon Client, or View Agent or Horizon Agent is installed on the virtual machine.
Verify that the virtual machine is part of the Active Directory domain for the Horizon 7 deployment.
Verify that you are using an IPv4 environment. This feature is currently not supported in an IPv6 environment
VMware recommends that the system must have a static IP address.
Verify that you can log in to the operating system as a domain user with Administrator privileges. You must log in as an administrator to run the installer.
In my environment I have deployed standalone view Enrollment Server on top of windows 2012 R2 with 2 CPU and 4 GB RAM.
- Host Name: ENRL
- IP Address: 192.168.0.125
- Domain: vgyan.local
Before proceeding View Enrollment Server installation make sure server under domain and you have assigned static IP.
CA Certificate Enrollment
CA certificate is very much impotant for Enrollment Server.
From target server, Open Certificate MMC console. From Console Root, expand Certificates (Local Computer) field. Right click on Personal store > All Tasks > Request New Certificate option.
Select “Active Directory Enrollment Policy” and click “Next”.
In Request Certificate field, Select “Computer”, make sure status is “Available“.
Go to Certificate Property, in general tab change friendly name to “vdm”.
This is an important point in Horizon View Environment, certificate friendly name should be “vdm”.
Certificate Properties, go to Private Key tab and select “Make private key exportable”, Click “OK” to continue.
Click on “Enroll” button.
Verify Certificate Installation Results, make sure it’s “Succeeded“. Click on “Finish”.
Verify enrolled certificate under Certificates folder.
- Issued to: enrl.vgyan.local
- Issued by: vgyan-CA-CA
So now we have valid SSL certificate for Enrollment Server.
Horizon View Enrollment Server 7.5 Installation
I downloaded VMware-viewconnectionserver-x86_64-7.5.0-8583568 software from VMware software downloads.
Open VMware-viewconnectionserver-x86_64-7.5.0-8583568 and run as administrator.
Accept EULA and click Next.
Verify installation folder and click Next.
From the installation option, Select Horizon 7 Enrollment Server option.
Select “Horizon 7” as authentication mode.
Click “Next” to continue.
Windows firewall is requirement for horizon view. So do not disable windows firewall, While installing Enrollment server it will configure windows firewall automatically.
Select “Configure windows firewall automatically” and click “Next”.
Verify and click “Install”.
Once the installation completed, click “Finish”.
Verify all the required services are installed and running as expected.
So we successfully deployed Horizon View Enrollment Server 7.5.
While deploying Identity Manager and True SSO, we will discuss more about Enrollment Server.
That’s all guys.. will discuss more on Horizon View 7.5 in upcoming post, Horizon View components installation and configuration, various Desktop pool creations, Application publishing etc… stay tuned..
Next blog post will be “Add View Licence, Event DB and vCenter Server to Horizon View”
I hope you enjoyed reading this post. Feel free to share this to others if it is worth sharing!!!