• No results found

How To Plan A Desktop Workspace Infrastructure

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "How To Plan A Desktop Workspace Infrastructure"

Copied!
11
0
0

Loading.... (view fulltext now)

Download now ( 11 Page )

Full text

(1)
(2)

Copyright © 2014 Moka5, Inc. All rights reserved.

Moka5™, MokaFive™, LivePC™, and the Moka5 logo are trademarks of Moka5, Inc. All other product or company names may be trademarks of their respective owners.

This documentation (and the software described herein) was provided based on your prior agreement to a license agreement governing its use. A copy of the licensee agreement can be found on the web at http://www.moka5.com/legal/(for individuals) or in the signed written agreement between you, or your company, and Moka5, Inc. (and/or its resellers and distributors).

Open Source Components

Moka5/Desktop Workspace includes software components developed by open source organizations. A listing of, and links to the sources for, these components can be found athttp://opensource.mokafive.com/v2.

Company Information Moka5 Headquarters

(3)

Contents

Planning the Desktop Workspace Infrastructure 4

Desktop Workspace Infrastructure Components 4 Serving Users Coming From the Internet 5

Backup 5

Network Requirements 6

DNS 6

SSL/TLS 6

Ports 6

Load Balancer/Layer 7 Firewall Considerations 7

Network QoS 7

License Server for Windows 7 LivePCs 7

Scaling the Infrastructure 8

Scaling Enterprise Deployments 8

Service Availability 9

End User Implications of Server Component Failure 9 Administrator Implications of Server Component Failure 10

About Dell Software 11

(4)

Planning the Desktop Workspace

Infrastructure

-Serving Users Coming From the Internet -Backup

-Network Requirements -DNS

-SSL/TLS -Ports

-Load Balancer/Layer 7 Firewall Considerations -Network QoS

-License Server for Windows 7 LivePCs

The infrastructure starts around the seed of a single Desktop Workspace Standard Installation. You can extend this infrastructure with additional servers to serve needs related to scale, security, and remote users.

Desktop Workspace Infrastructure

Components

The components of a Desktop Workspace Infrastructure setup include:

l Standard Installation (Management Server with Primary Image Store). This server forms the core

of the infrastructure. Keeps track of users, groups, policies, LivePCs as well as distributes updates to users.

l Application Gateway: This optional component can be placed in the DMZ to proxy connections to a

management server and image store on an intranet.

l Replica Image Store: Speed delivery of LivePCs and reduce load on network links by caching and

distributing at various points in the network

l Desktop Workspace Creator: Used to create LivePCs and domain join packets. Since Desktop Workspace

Player and Creator cannot be installed on the same computer, plan on having a desktop or laptop computer for Creator activities.

l Desktop Workspace Player: The client that runs on your end user's computer.

(5)

In addition, Desktop Workspace Infrastructure uses the following components:

l Directory Service: Desktop Workspace Infrastructure comes with an embedded LDAP server but most

organizations will want to attach the Infrastructure to their corporate directory, usually a Microsoft Active Directory, to avoid creating another set of users.

l Database: Desktop Workspace Infrastructure Infrastructure comes with an embedded Derby database

for trial use (less than 100 users). Migration from Derby to SQL server is supported as of 3.7.

l RSA Authentication Service: Some organization may wish to authenticate users with a second factor.

The management server and application gateway support SecurID by communicating with an RSA Authentication Service.

Please refer toSystems Requirementsin the RELEASE NOTES.

Serving Users Coming From the Internet

If your organization will be supporting clients that check in from the Internet (e.g. home users or partners), you may require an Application Gateway. For security reasons, an Application Gateway is typically deployed in a network DMZ to accept traffic from Internet-based clients.

Application Gateways do two main things:

l Terminate client connections. This protects your infrastructure from buffer overrun and other attacks. l Enable you to add two-factor authentication (i.e., RSA SecurID), which increases your ability to check for

authorized access.

The application gateway is optional. If you have an existing device that terminates connections, like a NetScaler or ISA firewall, and will not use two-factor authentication, the existing device should be sufficient. Exposing the management server’s port directly to the Internet is another option. However, if you decide to use an

application gateway, there are some DNS requirements:

l Split DNS is highly recommended. DNS lookups of the management server’s DNS name on the Internet

should resolve to the application gateway’s IP. The DNS lookup from the intranet should resolve to the management server IP.

l On the Application gateway itself, the DNS name of the Management Server (e.g. Desktop

Workspace.example.com) should resolve to the internal IP address.

Backup

The following pieces should be backed up:

l The Desktop Workspace server install folder on the Management Server. LivePCs and some important

server configuration lives here.

l The database. For embedded databases, the database lives in the Desktop Workspace server

(6)

Make backups with a tool that supports backing up a consistent snapshot, like Windows Backup. 

Network Requirements

DNS

The Desktop Workspace management server should be given a user-friendly DNS name on initial install. Changing the DNS name requires uninstalling all existing Players and Creators and deleting existing LivePC subscriptions in the field.

For multi-tenancy, Desktop Workspace requires a DNS record for each tenant or, alternatively, a single wildcard DNS record.

In addition, serving users coming from the Internet requires configuring external DNS servers. See the Application Gateway section above for more details.

SSL/TLS

Desktop Workspace Player and Creator can be used securely with the self-signed certificates that Desktop Workspace configures out of the box. However, browsers will generate certificate warnings.

To get rid of the browser warnings, consider purchasing certificates from a well-known certificate authority to avoid browser warnings.

If you have an enterprise certificate authority and users will only be accessing Desktop Workspace Servers on browses on corporate computers that have been configured to trust the enterprise CA (i.e., not home computers), you may be able to save money by requesting a certificate from the enterprise CA. The ADVANCED SETUP GUIDE has more details on configuring and setting up SSL.

Ports

For incoming connections, all servers listen on a configurable listener port — default is 443. Management servers make outgoing connections to:

l Image store listener port (if customer is using external image store) l LDAP (if not using embedded)

l Database (if not on same computer as management server) l SMTP server (if sending e-mail alarms is supported)

l Application Gateway listener port (if you want management server to monitor the app gateway)

Application gateways make outgoing connections to:

(7)

l Management server listener port

l Image store listener port (may be on same box as management server)

Image stores make outgoing connections to:

l Management server listener port

l Listener ports for other image stores (if replica or replicated primary)

Players and Creators make outgoing connections to:

l Management server listener port l Application gateway’s listener port l Image store listener ports

Desktop Workspace Infrastructure requires functioning DNS on every box.

Load Balancer/Layer 7 Firewall

Considerations

Load balancers and layer 7 firewalls (collectively, layer 7 devices) need to be configured to pass the hostname as the client presented it in the HTTP Host header and not substitute the DNS name of the server.

In addition, layer 7 devices should be configured to send the X-Forwarded-For header with the IP address of the client. This will help the management server redirect the client to an appropriate replica image store.

Network QoS

See scaling discussion for information on how to prioritize Desktop Workspace traffic with respect to other network traffic.

License Server for Windows 7 LivePCs

(8)

Scaling the Infrastructure

Please contact your Dell representative for specific guidance creating an infrastructure appropriate for your needs. The diagrams below are intended to illustrate how Desktop Workspace server components can be deployed to meet the needs of different environments.

Scaling Enterprise Deployments

Running an application on multiple servers enables increasing number of users, since the resources of a single server are finite. Desktop Workspacesupports load balancing to make several management servers participate in the same service. Deployments must be scaled to address steady state operations such as periodic player checkins and transient load such as distribution of LivePC images and player updates. 

When the management server is configured with a load balancer, client (Player) check-ins are distributed to multiple management server instances. Each additional management server adds to the overall capacity of the management server cluster. Note that even in the case of a horizontally scaled management server there will continue to be a single database, and therefore a single view into all objects and activities through the management console.

Image Store LivePC image distribution is largely constrained by the available bandwidth. Distribution performance of LivePC image updates can be increased by deploying additional replica image stores.

(9)

Service Availability

-End User Implications of Server Component Failure -Administrator Implications of Server Component Failure

End User Implications of Server

Component Failure

The Desktop Workspace solution is based on virtual desktops running on the client host.  For this reason, the impact of a server component failing is typically small for end users.

Component

End-user Implications if Component Fails

Management Server

l Most users will be able to use their LivePCs normally

l Users will not be able to subscribe to new images, or get updates to existing images l Users with expired credentials will not be able to start their Players

l First-time users will not be able to start their Players l Users will not be able to register new Players

Primary Image Store

l Users will not be able to subscribe to new images, or get updates to existing images

Replica Image Store

l Users will not be able to subscribe to new images, or get updates to existing images,

until Management Server is reconfigured to reroute clients to another Replica. Application

Gateway

l For clients within the corporate firewall, there is no impact.

l Clients outside the corporate firewall will experience the same impact as they

would if the Management Server failed.

(10)

Administrator Implications of Server

Component Failure

Infrastructure failures can affect administrators in various ways.

Component

Administrator implications if component fails

Management Server or Database

l Administrators will not be able to access the Console and therefore cannot

perform any administrative functions.

l Pending policy changes will stop being distributed.  Policy distributions will

resume when the Management Server is re-started.

Primary Image Store l Administrators will not be able to upload new or updated images to the

Primary Image Store.

l Administrators will not be able to upload new versions of the Player for

distribution.

Replica Image Store l No administrator impact.

Application Gateway l Administrators on the corporate network would experience no impact. l Administrators on the Internet will not be able to access the Console.

(11)

About Dell Software

Dell listens to customers and delivers worldwide innovative technology, business solutions and services they trust and value. For more information, visitwww.software.dell.com.

Contacting Dell Software

Technical Support: Online Support

Product Questions and Sales: (800) 306-9329

Email:

[email protected]

Technical Support Resources

Technical support is available to customers who have purchased Dell software with a valid maintenance contract and to customers who have trial versions. To access the Support Portal, go to

http://software.dell.com/support/.

The Support Portal provides self-help tools you can use to solve problems quickly and independently, 24 hours a day, 365 days a year. In addition, the portal provides direct access to product support engineers through an online Service Request system.

The site enables you to:

l Create, update, and manage Service Requests (cases) l View Knowledge Base articles

l Obtain product notifications

l Download software. For trial software, go toTrial Downloads. l View how-to videos

References

Download now ( PDF - 11 Page - 137.41 KB )

Related documents

First-year interest groups and 1st semester BME design class exposure to improve engineering student outcomes

In order to better understand if the FIG success is correlated to engineering student outcomes, the authors surveyed all first year BME students at the end of the fall 2017

PRIVATE PENSION SERIES N 8. Pension Fund Regulation and Risk Management

PROTECTING PENSIONS: POLICY ANALYSIS AND EXAMPLES FROM OECD COUNTRIES – ISBN-9789264028104© OECD 2007 regulatory regime, as shown in Figure 6a for the final salary plan with

Confidence Intervals for the Squared Multiple Semipartial Correlation Coefficient

the modification did not reduce the number of conditions in which the interval contained the estimated coverage probability. Therefore, the following results describe performance

Pre-legislative scrutiny as a way of ensuring the quality of legislation

See also Reed Dickerson, Materials on legal drafting (West Publishing CO. See also N.K. See also Miers D.R.. It is necessary to specify that a legislative draft needs to seek

Improving drought tolerance by altering the photosynthetic rate and stomatal aperture via green light in tomato (Solanum lycopersicum L.) seedlings under drought conditions

Compared with RB-drought, the higher drought tolerance, water using efficiency and lower stomatal aperture under RbG-drought could demonstrate the positive effects of green

Singularity Analysis of Lower-Mobility Parallel Robots with an Articulated Nacelle

Using Grassmann-Cayley Algebra, the geometric conditions associated with the dependency of six Pl ¨ucker vectors of finite and infinite lines in the projective space P 3

Critical incidents on the front-line: occupational health considerations for probation officers

Keywords: occupational health and safety, front-line worker, psychosocial hazard, probation officer, probation work, occupational critical incident, grounded theory,