INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER

(1)

INUVIKA OPEN VIRTUAL DESKTOP

FOUNDATION SERVER

ARCHITECTURE OVERVIEW AND SYSTEM REQUIREMENTS

Mathieu SCHIRES

(2)

List of Tables

1 OVD Components. . . 9

2 Minimum Browser Requirements . . . 12

(4)

1. INTRODUCTION

The purpose of this documentation is to provide a high-level description of the architecture typically used in an Inuvika Open Virtual Desktop (OVD) server deployment and the system re-quirements.

(5)

2. ARCHITECTURE OVERVIEW

2.1 SERVERS ROLES

A typical Inuvika OVD installation uses several servers with different roles. Some of the server roles are required and others are optional. On smaller deployments, several roles can be conﬁgured to run on the same physical server

2.1.1 OVD SESSION MANAGER (OSM)

This server is the central piece of an Inuvika OVD server farm and is always required. It manages the session establishment from a client, hosts the administration console and provides centralized management of all the OVD server resources. The OSM should be installed prior to any other server.

Inuvika provides various Linux packages for installing the OSM on a Linux server. Inuvika does not provide a Windows installer version of OSM.

2.1.2 OVD APPLICATION SERVER (OAS)

Inuvika OVD is an application and desktop delivery solution. The OAS in the OVD solution is the server that hosts the end user applications and is accessed from the client using an enhanced Remote Display Protocol.

An OVD farm may consist of multiple OAS (Windows and Linux). The user load can be load-balanced among the available application servers to provide better performance.

For the OVD Foundation Server only one OAS is allowed.

The OAS can be either a Linux system or a Windows system depending on the type of applications or desktop you want to deliver. Of course, you can mix Linux and Windows machines in an Inuvika OVD farm to deliver applications seamlessly from different application servers. OVD Enterprise is required for this capability

2.1.3 OVD WEB ACCESS (OWA)

This OWA server is responsible for managing browser-based client sessions. In Inuvika OVD, there are 2 types of browser-based sessions. The ﬁrst type of browser session uses a Java applet within the browser to communicate with OWA. In this case, OWA will install the Java applet if it is not already available in the browser. The second type of browser session requires an HTML5 compliant browser on the client machine but no software will be installed on the client machine. In both cases, the OVD session is tunneled over an SSL session. In addition, the OWA provides capabilities through a JavaScript API to integrate OVD with other web based applications.

Users may decide to use one of the Inuvika Enterprise Desktop Client to create an OVD session instead of using a web browser. In that case, OWA would not be required.

2.1.4 OVD WEB APPLICATION CONNECT (OWAC)

An OVD server may be conﬁgured to support Web Application Integration. This could be installed as a standalone server or could be conﬁgured on an existing server width different roles. The Web Application Integration provides seamless integration of Web Applications into the OVD environment and a Single Sign On capability

(6)

2.1.5 OVD FILE SERVER (OFS)

Within Inuvika OVD, the OFS provides a centralized file management system that enables users to access the same files independently of which application server is used to provide the application. OFS provides a network file system that the OAS Servers are able to access when users are running sessions. It is used to provide access to both user profiles and data folders and files.

The OFS is available for Linux based servers only. In a small OVD server farm, the OFS may reside on the same physical machine as the OAS. In larger installations, the OFS would typically be installed on dedicated hardware.

2.1.6 INUVIKA ENTERPRISE SECURE GATEWAY (ESG)

Inuvika OVD uses several ports during the client session, mainly HTTPS (443) and RDP (3389). But in some cases, for example when the user is remote, a ﬁrewall would typically be conﬁgured to block access to the RDP port. The ESG also can be used to unify access to multiple OVD Application Servers by providing a single point of access to the clients. The ESG is a dedicated server

The ESG tunnels all the OVD connections, between the clients and itself, over an HTTPS session. So from anywhere, users that have access to HTTPS (443), will also be able to start an OVD session.

2.2 OVERVIEW PORTS AND PROTOCOLS

The following diagram presents an overview of ports and protocols used in Inuvika OVD.

OAS OFS OSM i-RDP - TCP3389 HTTPS - TCP443 i-RDP - TCP3389 CIFS – TCP445 ESG HTTPS - TCP443 HTTPS - TCP443 OWA HTTPS - TCP443 WebDAV TCP1113

Anywhere Security Zone Back Oﬃce LAN

Open Virtual Desktop

OVD – TCP1111 OVD – TCP1112 i-RDP - TCP3389*

Any Device Any Device

ESG: Enterprise Secure Gateway OSM: OVD Session Manager OFS: OVD File Server OAS: OVD Applications Server OWA: OVD Web Access * When using HTML5 access

2.2.1 HYPER TEXT TRANSFER PROTOCOL (HTTP)

The base communication protocol used in Inuvika OVD for session establishment and man-agement is HTTP over SSL. This protocol runs over TCP port 443.

Inuvika OVD use also HTTP for communication between servers: OVD Session Manager (OSM) to OVD Application Server (OAS) and vice versa. For this usage, the TCP ports 1111 and 1112 (non standard ports) are used.

(7)

Access are purely web-based and use HTTP and the components are accessed via a web browser.

HTTP on Wikipedia

2.2.2 REMOTE DESKTOP PROTOCOL (RDP)

RDP is the remote display protocol used by Microsoft Corp.® for their Terminal Services™ and Remote Desktop Services software.

RDP is used by Inuvika Open Virtual Desktop to display desktop and applications on the client machine.

RDP uses TCP port 3389.

RDP on Wikipedia

2.2.3 SECURE SOCKET LAYER (SSL)

SSL is an cryptographic layer protocol that provide encryption between server and client. SSL is used by Inuvika OVD to tunnel RDP.

SSL on Wikipedia

2.2.4 SERVER COMMUNICATION

Servers communicate by using HTTP based Web Services. The OVD Session Manager listens on TCP port 1111 and Application Servers use port 1112.

The OSM identiﬁes an OAS using its Fully Qualiﬁed Domain Name (FQDN).

OAS Servers only respond to the OSM whose address is stored in their conﬁguration ﬁle. 2.2.4.1 SECURITY

A server is authenticated using the DNS resolution system.

When an OAS sends its status, it sends an extra argument called the fqdn. The OSM performs 2 authentication tests and 1 authorization test.

• _{FQDN resolution: the OSM resolves the FQDN to get an IP address and tests if it matches} the remote server IP. The authentication depends on that result being correct.

• _{reverse resolution: resolves the server IP address and tests if it matches the FQDN} argument. The authentication depends on that result being correct. This test can be disabled in the administration console using the Disable FQDN checkparameter

• _{authorization: the OSM will test whether the FQDN matches one of the Authorized FQDN} parameters deﬁned in the administration console.

2.2.4.2 HTTP RETURN CODES

The OVD Web Services use the standard HTTP return codes to know if the request succeeded.

• _{200 OK : request succeeded}

(8)

• _{401 Unauthorized : From OSM to OAS: OAS detects if the remote address does not} match its conﬁgured PSM. From OAS to OSM: OAS is not registered yet or failed authen-tication.

• _{500 Internal Server Error : The request failed because of an error in the system.}

2.2.5 CLIENT SESSION

2.2.5.1 ESTABLING A SIMPLE USER SESSION

The following schema describe the steps for the establishment of an Inuvika OVD user session.

(9)

2.3 COMPONENTS REQUIRED VS NON-REQUIRED

(10)

Component name Required Optional Details

OSM Yes -

-OAS Yes -

-OWA - Yes

This is not required if using Inuvika Enterprise Desktop Clients. OWAC - Yes If Web Application Integration is needed OFS Yes -

-ESG - Yes If external access to_{OVD is needed}

Table 1: OVD Components

3. SYSTEM REQUIREMENTS

This section provides all the system requirements for each OVD server role and for a client ma-chine to run an Inuvika Enterprise Desktop Client. It also lists the browsers that are supported and the supported Java versions.

3.1 OVD SESSION MANAGER (OSM)

All of the following Operating Systems are supported: • _{RHEL 6.x / Centos 6.x 64 bits}

• RHEL 7.x / Centos 7.x 64 bits

• _{Ubuntu 14.04 server (LTS version only) 64 bits} Minimum hardware conﬁguration:

• _{CPU: 1 Core (2 Cores recommended)} • _{Memory: 1 GB (2 GB recommended)} • Storage: 20 GB

• _{Network: 1 GB NIC (2 for failover)}

3.2 OVD APPLICATION SERVER (OAS)

3.2.1 OVD APPLICATION SERVER ON WINDOWS

All of the following Operating Systems are supported:

• _{Windows 2003 R2 SP2 32/64bit with Terminal Services in Application Server mode} • Windows 2008 R2 SP1 with Remote Desktop Services

(11)

• _{CPU: 2 cores (4+ cores recommended)} • _{Memory: 2 GB (8+ GB recommended)}

• _{Storage: 50+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).} • _{Network: 1 GB NIC}

3.2.2 OVD APPLICATION SERVER ON LINUX

All of the following Operating Systems are supported: • RHEL 6.x / Centos 6.x 64 bits

• _{RHEL 7.x / Centos 7.x 64 bits}

• _{CPU: 2 cores (4+ cores recommended)} • _{Memory: 2 GB (8+ GB recommended)}

• _{Storage: 50+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).} • Network: 1 GB NIC

3.3 OVD WEB ACCESS (OWA)

• Ubuntu 14.04 server (LTS version only) 64 bits Minimum hardware conﬁguration:

• _{CPU: 1 core (2 cores recommended)} • _{Memory: 1 GB(2 GB recommended)} • Storage: 20 GB

3.4 OVD WEB APPLICATION CONNECT (OWAC)

• RHEL 7.x / Centos 7.x 64 bits

(12)

• _{CPU: 1 core (2 cores recommended)} • _{Memory: 1 GB (2 GB recommended)} • _{Storage: 20 GB}

3.5 OVD FILE SERVER (OFS)

• _{CPU: 2 cores (4 cores recommended)} • _{Memory: 2 GB (4 GB recommended)}

• _{Storage: 100+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).} • _{Network: 1 GB NIC}

3.6 INUVIKA ENTERPRISE SECURE GATEWAY (ESG)

• _{CPU: 2 cores (4 cores recommended)} • _{Memory: 2 GB(4+ GB recommended)} • _{Storage: 20+ GB.}

• _{Network: 1 GB NIC}

3.7 INUVIKA ENTERPRISE DESKTOP CLIENT

EDC clients are provided for Windows, Linux or Mac platforms. The client is a standalone ap-plication which can be used instead of browser based access to provide a tighter integration with the platform on which it is installed through seamless application and local desktop inte-gration.

(13)

• _{Apple OSX 10.09 and 10.10 (java virtual machine must be installed in advance)} • _{Windows XP, 7, 8.0 and 8.1}

Minimal hardware conﬁguration: • 1 CPU Core

• _{1 GB RAM}

• _{Disk space: 100 MB}

3.8 OWA - BROWSER REQUIREMENTS

Minimum Browser Requirements:

The table below describes the minimum browser Requirements for the Operating Systems supported

Operating System

Internet

Explorer Firefox Chrome Safari

Windows v11 and higher v16 and higher v24 and higher -Apple - v16 and higher v24 and higher v7 and higher

Linux - v16 and higher v24 and higher

-Table 2: Minimum Browser Requirements

Supported Java versions: OWA supports Java with the 32bits and 64bits versions. Operating System Java SE 7.X Java SE 8.X OpenJDK 7 and_later

Windows • •

Apple • •

Linux • • •

Table 3: Supported Java versions

3.9 NETWORK BANDWIDTH REQUIREMENTS

The Network bandwidth required depends on the usage characteristics and the applications being served. Applications such as ﬂash animation, streaming videos or 3D usage consume a lot of bandwidth. The screen resolution and color depth are also a factor in determing the bandwidth consumption. Inuvika recommends a minimum of 128kbps per user for planning purposes. A Proof of Concept environment should be used to determine the required band-width based on actual usage scenarios.

3.10 FIREWALL AND PORTS

OVD requires the following ports to be open for different servers roles. Firewall rules need to be added for the incoming and outgoing traﬃc. OVD Session Manager:

(14)

• _{1111 (HTTP): for communication with an OVD Application Server} OVD Web Access:

• _{80 (HTTP): for communication with an end user’s browser} • 443 (HTTPS): for communication with an end user’s browser OVD Application Server:

• _{1112 (HTTP): for communication with the OVD Session Manager}

• _{3389 (RDP): for communication with an end user’s browser (with the Java access) or the} OVD Enterprise Client

OVD File Server:

• _{1112 (HTTP): for communication with the OVD Session Manager} • _{1113 (HTTP): for communication with an OVD Application Server} • _{445 (CIFS): for communication with an OVD Application Server} Inuvika Enterprise Secure Gateway:

INUVIKA OPEN VIRTUAL DESKTOP FOUNDATION SERVER