Horizon Mirage 4.x – phần 7. Edge Server
The Edge Server is a new feature of Horizon Mirage as of version 4.4. It allows the administrator to put a server up in the DMZ to accept incoming connections from clients outside of the corporate network, while not relying on VPN connections as was previously required.
The Horizon Mirage Edge Server requires an SSL connection, so obviously we need an SSL certificate. I’m going to show how to create the CSR using the Windows Certificates MMC. This differs from how we requested an SSL certificate from the local Windows Enterprise Root CA back in Part X.
1. On the Edge Server, Run > mmc. Click OK.
2. On the new console, click File > Add/Remove Snap-in…
3. Click Certificates and then Add.
4. Choose Computer account, and then click Next.
5. Choose Local computer, and then click Finish.
6. Click OK.
7. Right-click Personal, choose All Tasks, Advanced Operations, and then Create Custom Request.
8. Click Next.
9. Under Custom Request, choose Proceed without enrollment policy, and then clickNext.
10. For Template, choose (No template) Legacy key. Leave the defaults for extensionsand format (PKCS #10).
11. Click Details, and then click Properties.
12. On the General tab, include a Friendly name and Description.
13. On the subject tab, specify a common name (external URL of the Horizon Mirage Edge server), Organization, Country, State, and Locality.
14. On the Extensions tab, add Data encipherment under Key usage
and Server Authentication under Extended Key Usage.
15. On the Private Key tab under Key Options, choose a Key size (1024 or 2048) and check Make private key exportable.
Under Key type, choose Exchange. Click OK.
16. Click Next.
17. Choose a place to store the CSR, leave the file format in Base 64, and then clickFinish.
18. Now, take your CSR and generate a SSL certificate from your choice of vendors.
Install SSL Certificate
We now have the SSL certificate from our provider, ready to go.
1. Back in the Certificates MMC, right-click Personal, choose All Tasks, and then clickImport.
2. Click Next.
3. Type in the path (or Browse) to your certificate, and then click Next.
4. Click Finish.
You should see a prompt that the import was successful
and the SSL certificate should show up in the inventory.
Install Edge Server
- Edge Server is joined to my AD domain
- Firewall rules have been configured for external access into the DMZ (allow TCP/8000) and from the DMZ into the corporate network (allow TCP/389 or 636, TCP/1001, TCP/8000)
- Local Windows Firewall has been configured appropriately (allow TCP/1001,TCP/8000)
- SSL certificate is installed (as above)
- Added Mirage admin as an administrative user on the Edge Server
- Installed .NET 3.5
1. Shift + right-click MirageEdgeServer-35175.msi and choose Run as different user.
2. Fill in your Mirage admin credentials, and then click OK.
3. Click Run if prompted.
4. Click Next.
5. Accept the terms in the License Agreement, and then click Next.
6. Select the installation path, and then click Next.
7. Fill in the FQDN of your LDAP server (my Active Directory Domain Controller) and port(389 for LDAP), Token expiration time, FQDN and port number of the Mirage Server(default is 8000), and the Subject of the Mirage Edge Server Certificate (external URL of the Mirage Edge Server). Click Next.
8. Fill in the Horizon Mirage admin account information, and then click Next.
9. Set an activation code (save this, you’ll need it to add the Edge Server to the Mirage Server). Click Next.
10. Click Install.
11. Click Yes if you get a UAC prompt.
12. Click Finish.
Add Edge Server to the Horizon Mirage Server
1. In the Mirage Management Console, under System Configuration, click Edge Servers.
2. Click the green plus to add a new Edge Server.
3. Type in the Edge Server Address (must be accessible via the external FQDN, it’s checking the SSL certificate here) and activation code, and then click OK.
It should now show up as an Edge Server
Connect an External Client
To verify functionality, I’m going to install the Mirage Client on an external Windows 7 device and point it to my new Horizon Mirage Edge Server.
1. The difference here is that I’m going to point it to my Edge Server during the client installation:
2. After installation is complete, I’ll be prompted for Active Directory domain credentials:
3. I should now show up Connected and Pending Assignment in the Client (note theEdge in parenthesis after the server address)
4. It should show up similarly under Pending Devices in the Mirage Management Console
And that’s it for the Horizon Mirage Edge Server installation and configuration.