Connection Broker Managing User Connections to Workstations and Blades,

OpenStack Clouds, VDI, and More

Quick Start Using Leostream with Citrix®

XenDesktop® 7 and HDX

Version 8.1 January 14, 2016

2

Contacting Leostream Leostream Corporation http://www.leostream.com 465 Waverley Oaks Rd. Telephone: +1 781 890 2019 Suite 200 Fax: +1 781 688 9338 Waltham, MA 02452 USA

To submit an enhancement request, email features@leostream.com. To request product information or inquire about our future direction, email sales@leostream.com.

Copyright © Copyright 2002-2016 by Leostream Corporation This software program and documentation are copyrighted by Leostream. The software described in this document is provided under a license agreement and may be used or copied only under the terms of this agreement. No part of this manual may be copied or reproduced in any form without prior written consent from Leostream.

Trademarks The following are trademarks of Leostream Corporation.

Leostream™ The Leostream graphical logo™

The absence of a product name or logo from this list does not constitute a waiver of the trademark or other intellectual property rights concerning that product, name, or logo by Leostream. The OpenStack Word Mark and OpenStack Logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. Leostream is not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. OpenLDAP is a trademark of The OpenLDAP Foundation. Microsoft, Active Directory, SQL Server, Hyper-V, Windows, and the Windows logo are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other brand and product names are trademarks or registered trademarks of their respective holders. Leostream claims no right to use of these marks.

Patents Leostream software is protected by U.S. Patent 8,417,796.

Quick Start

3

Contents CONTENTS ......................................................................................................................................................................3

CHAPTER 1: INTRODUCTION ...........................................................................................................................................4

LEOSTREAM™ COMPONENTS ................................................................................................................................................. 4 WHAT IS THE CONNECTION BROKER? ...................................................................................................................................... 5 HOW THE CONNECTION BROKER MANAGES USERS .................................................................................................................... 7 CITRIX XENDESKTOP REQUIREMENTS ....................................................................................................................................... 8 SETTING UP A CITRIX STOREFRONT TO USE WITH LEOSTREAM ....................................................................................................... 8

CHAPTER 2: QUICK SETUP ...............................................................................................................................................9

STEP 1: DOWNLOADING AND INSTALLING THE LEOSTREAM AGENT ................................................................................................ 9 STEP 2: DOWNLOADING AND INSTALLING THE CONNECTION BROKER ............................................................................................. 9 STEP 3: CONFIGURING THE NETWORK ..................................................................................................................................... 10 STEP 4: ENTERING YOUR LEOSTREAM LICENSE ........................................................................................................................... 10 STEP 5: ADDING AN AUTHENTICATION SERVER .......................................................................................................................... 12 STEP 6: CREATING A CITRIX XENDESKTOP CENTER ...................................................................................................................... 13 STEP 7: INVENTORYING DESKTOPS FOR HDX CONNECTIONS ......................................................................................................... 15 STEP 8: DEFINING POOLS ...................................................................................................................................................... 16 STEP 9: BUILDING POWER CONTROL AND RELEASE PLANS ........................................................................................................... 17

Protocol Plans .......................................................................................................................................................... 18 Release Plans ........................................................................................................................................................... 19 Power Control Plans ................................................................................................................................................. 20

STEP 10: DEFINING USER POLICIES ......................................................................................................................................... 22 STEP 11: ASSIGNING USER ROLES AND POLICIES ........................................................................................................................ 23 STEP 12: TESTING YOUR CONNECTION BROKER CONFIGURATION .................................................................................................. 24 STEP 13: PREPARING CLIENT DEVICES ...................................................................................................................................... 25

CHAPTER 3: MANAGING YOUR LICENSE ..........................................................................................................................26

VIEWING LICENSE INFORMATION ............................................................................................................................................ 26 UPDATING THE CONNECTION BROKER ...................................................................................................................................... 26 INSTALLING A NEW LICENSE ................................................................................................................................................... 27

APPENDIX: LEOSTREAM AND XENDESKTOP INTEGRATION ..............................................................................................29

MANAGING PERSISTENT DESKTOP ASSIGNMENTS ....................................................................................................................... 29 MANAGING NON-PERSISTENT DESKTOP ASSIGNMENTS ............................................................................................................... 30

Chapter 1: Introduction

4

Chapter 1: Introduction This document provides information on how to configure the Leostream™ Connection Broker to use Citrix® XenDesktop® to establish HDX connections to remote Windows desktops. See the associated sections of the complete Connection Broker Administrator’s Guide for more information pertaining to each step. When using Leostream to manage HDX connections, the desktop assignments can be managed by either Leostream or Citrix.

1. If desktops are assigned to users via Leostream policies, Leostream pushes the assignments into the Citrix Studio (formerly Desktop Studio) in order to establish the HDX connection. Leostream can push assignments into XenDesktop versions 5.x and 7.x.

Leostream defines two types of desktops when working in a Citrix environment. A persistent desktop is defined as a desktop whose operating system persists between reboots, while a non-persistent desktop has an operating system that is streamed down from Citrix Provisioining Services during a reboot. In this context, persistence applies to the operating system, not the user assignment.

o Persistent desktops that are assigned by Leostream must be inventoried using an Active Directory center. Non-persistent desktops provisioned by Citrix Provisioning Server that are assigned by Leostream must be inventoried using the VMware vCenter Server center.

2. If desktops and applications are already assigned to users in Citrix Delivery Groups, Leostream pulls the assignments from a Citrix XenApp Services Site in order to offer those resources to users.

The remainder of this Quick Start Guide focuses on the first use case, where Leostream pushes assignments into a XenDesktop 7 Citrix Studio.

You must be using Connection Broker version 8.1 to manage HDX connections in XenDesktop 7.

Leostream™ Components The Leostream Connection Broker consists of the following four components.

Connection Broker: The main virtual appliance that manages the Hosted Virtual Desktop Infrastructure (HVD/VDI). The Connection Broker is the central management layer for configuring your deployment, including: inventorying desktops, applications, printers, and other resources, assigning these resources to users, and defining the end-user experience.

Leostream Agent: When installed on the remote desktops, the Leostream Agent provides the Connection Broker with insight into the connection status of remote users. On Microsoft®

Quick Start

5

Windows® operating systems, the Leostream Agent also performs functions related to the Leostream printing and USB management features and multi-monitor support. Although optional, the Leostream Agent is a critical component when scaling out deployments to a large number of end users. When installed on the Citrix Studio, the Leostream Agent executes the PowerShell scripts sent by the Connection Broker that push assignments into the Studio.

Leostream Connect: A client provided by Leostream that allows users to log into desktops from fat or thin clients. Using Leostream Connect, you can repurpose existing fat desktops and laptops, lowering the cost of VDI deployments. Some thin clients provide built-in Leostream Connect clients. In addition to Leostream Connect, users can log into Leostream using the Leostream Web client. To establish HDX connections, the user's client device must also have an installed Citrix Receiver.

All tests were conducted using Citrix Receiver 4.1

Database: In a proof-of-concept environment, the Connection Broker stores all information in an internal database. A large-scale, redundant production environment requires an external PostgreSQL or Microsoft SQL Server® 2012 or 2014 database.

What is the Connection Broker? A connection broker lies at the heart of any hosted desktop deployment, and is the key component for assigning and connecting end users to their resources. The Leostream Connection Broker is packaged as a virtual appliance that can be installed in a VMware®, Citrix®, Red Hat®, Microsoft, or KVM virtualization layer, making it easy to install, maintain, and update. The Connection Broker provides end users with consistent, reliable access to data and desktops from a wide range of fat and thin clients, and provides administrators with a centralized location to manage all their hosted desktop environments. The Connection Broker is managed using a web interface. In the web interface, you define the Leostream concepts shown in the following figure. Generally, you begin by defining authentication servers, and fill in the other concepts in the box as you work through your configuration.

The following table describes these concepts in more detail.

Chapter 1: Introduction

6

Leostream Concept Definition

Authentication servers

A server that provides authentication services to users logging into the Connection Broker. The Connection Broker supports Microsoft Active Directory®, Novell® eDirectory™, OpenLDAP™, and NIS directory services. You can specify any number of trusted or not-trusted domains, using any combination of authentication server types. In addition, the Connection Broker allows you to manually define local users without configuring an authentication server.

Centers The external systems from which the Connection Broker inventories hosted resources, including desktops, applications, and printers.

Pools Collections of desktops, gathered from a single or multiple centers.

Plans Common sets of rules that define how the Connection Broker manages the end user’s connection to their assigned desktop.

Policies Rules that assign desktops to users and define what occurs at all steps of the user’s session, including assignment, login, disconnect, and logout. Policies assign plans to desktops based on the desktop’s pool membership.

Roles Permissions that control the level of access users have to the Connection Broker Administrator Web interface.

Assignments A set of rules that determine which role and policy the Connection Broker assigns to a user, based on who the user is and where they logged in.

The following figure depicts a high-level architecture of a heterogeneous hosted desktop environment managed by Leostream.

Quick Start

7

How the Connection Broker Manages Users The following figure illustrates the different steps involved in connecting users to desktops, which are described in more detail after the illustration. With the exception of authenticating users, policies and plans determines how the Connection Broker handles each step.

1. User signs into the Connection Broker: The user can log into Leostream using a variety of thin

clients, web browsers, or software clients. Leostream supports username and password authentication, as well as a number of two-factor authentication systems.

2. Connection Broker authenticates user: After the Connection Broker receives the user’s credentials from the client, Leostream searches for the user in the domains defined in the Connection Broker.

3. Connection Broker offers resources based on user’s policy: The Connection Broker assigns a policy to the user using the assignment table associated with the authentication server chosen in step 2.

4. User requests connection to desired desktop: Users with policies that offer multiple desktops can choose which, and how many, desktops they want to access.

5. Connection Broker assigns desktop: After the user selects one or more desktops, the Connection Broker assigns those desktops to the user. When a desktop is assigned to a user, the Connection Broker does not offer that resource to any other user. After the assignment is made, the Connection Broker launches the display protocol selected for that connection. The user’s desktop connect never flows through the Connection Broker

6. User ends remote viewer session: When the user disconnects or logs out of their remote session, the Connection Broker applies any power control or release actions specified by the plans assigned to that desktop in the user’s policy.

7. Connection Broker unassigns desktop: If the user’s policy releases the desktop back to its pool, the Connection Broker unassigns the desktop. Otherwise, the Connection Broker retains the desktop assignment.

8. Connect Broker applies power policy: Lastly, the Connection Broker takes any power control actions set in the user’s policy.

Chapter 1: Introduction

8

Citrix XenDesktop Requirements Before integrating XenDesktop into your Leostream environment, ensure that the following general requirements are met.

Obtain all necessary Citrix licensing. For information on XenDesktop licensing, contact your Citrix sales representative.

Open the Citrix PowerShell prompt from the Start menu and ensure that the Get-ExecutionPolicy command returns RemoteSigned. If the execution policy is anything other than RemoteSigned you must use the Set-ExecutionPolicy command to switch to RemoteSigned before you can integration XenDesktop into Leostream.

Install a Leostream Agent on the server running the Citrix Studio, as described in Step 1: Downloading and Installing the Leostream Agent.

Setting up a Citrix Storefront to use with Leostream

In order to establish an HDX connection to a desktop, Leostream pushes the desktop assignment into the Citrix Studio. After the assignment is pushed into the Citrix Studio, Leostream uses a Citrix XenApp Services Site to obtain the ICA-file required to establish the HDX connection. You must create a Citrix Storefront that enables the XenApp Services Site, as shown, for example, in the following figure.

Make note of the XenApp Services URL underlined in the previous figure.

Quick Start

9

Chapter 2: Quick Setup The following procedure assumes you have not yet installed your Leostream Connection Broker. If you have installed your Connection Broker, ensure that you perform step 1 and then skip to step 5.

Step 1: Downloading and Installing the Leostream Agent You must install the Leostream Agent on the Citrix Studio in your XenDesktop farm if you intend to push Leostream assignments into XenDesktop. You can download the latest version of the Leostream Agent from the Leostream Downloads Web page. Consult the Leostream Installation Guide for complete instructions on installing the Leostream Agent. During the installation, do not install any of the additional Leostream Agent tasks. After installation, ensure that the Leostream Agent communicates on a port that is different from all ports used by the Citrix Studio. Leostream recommend configuring the Leostream Agent to use port 8730, as follows.

1. On the server running the Citrix Studio, open the Leostream Agent Control Panel dialog.

2. Go to the Options tab.

3. Change the Port to listen on to 8730, as shown in the following figure.

Step 2: Downloading and Installing the Connection Broker The Connection Broker runs as a virtual appliance within the following virtualization platforms:

Citrix® XenServer™ 6.x

Microsoft® Hyper-V™ Server 2012 (requires SCVMM)

Chapter 2: Quick Setup

10

Microsoft Windows Server® 2012 R2 Hyper-V (requires SCVMM)

Red Hat Enterprise Virtualization 3.0 (requires the Red Hat Enterprise Virtualization Manager)

VMware Workstation 9 and higher

VMware ESXi and vSphere 5.x and 6.x

KVM in an OpenStack cloud See the Leostream Installation Guide for complete instructions on downloading and installing the Connection Broker.

Step 3: Configuring the Network By default, the Connection Broker uses DHCP to determine its IP address. Leostream recommends using a static IP address or DNS SRV record for the appliance, and configuring DNS with your primary search domain. Otherwise, if your DHCP has a short lease time, your Connection Broker IP address may time-out and your end users will not be able to log in to their desktops. You must use the Connection Broker virtual machine console to specify your Connection Broker network configuration. See the “Network Options” section in Chapter 2 of the Connection Broker Virtual Appliance Guide for complete instructions.

Step 4: Entering your Leostream License After you obtain your Connection Broker IP address from the virtual appliance console, open the Administrator Web interface to enter your Leostream license key and configure your Connection Broker.

1. Open a Web browser.

2. Enter the Connection Broker IP address in your browser’s URL edit field. The Connection Broker Sign In page opens, as shown in the following figure:

3. Sign into the Connection Broker Web interface using the following default credentials:

User name: admin

Password: leo

4. Click Sign In. The Leostream license page, shown in the following figure, opens.

Quick Start

11

5. In the License key edit field, enter the license key you received via email. Ensure that there are no spaces in or after the sequence, and that you include the lines containing the text -----BEGIN LICENSE----- and -----END LICENSE----- line.

6. Click on the License Agreement link to view the End User License Agreement for the Connection Broker.

7. Read the agreement and, if you accept it, select the I have read and accept the license agreement check box.

8. Click Save. The Connection Broker Administrator Web interface opens

You can change your default Connection Broker Administrator password, as follows.

1. Click the Users tab in the main navigation menu.

2. Click the My Options tab in the Users page navigation menu.

3. Enter your new password in the Password and Re-type password edit fields, shown in the following figure.

4. Click Save.

The Connection Broker cannot remind you of your password. If you forget your administrator password, you must reset it using the Connection Broker virtual machine console. Please contact supportsite@leostream.com for instructions.

Chapter 2: Quick Setup

12

Step 5: Adding an Authentication Server The Connection Broker uses Active Directory to authenticate users as well as to inventory computers joined to the domain. If you offer persistent desktops, either physical or virtual machines, these machines must be inventoried using an Active Directory center. You must create the authentication server record in the Connection Broker before creating the center. To add an Active Directory authentication server:

1. Go to the > Users > Authentication Servers tab.

2. Click Add Authentication Server, as shown in the following figure.

3. In the Authentication Server name edit field, enter a name for this record in the Connection Broker.

4. In the Domain Name edit field, enter the domain name associated with these Active Directory servers.

If Leostream has issues adding desktops to your Delivery Group, check the value you entered in this Domain Name field. Generally, use the NetBIOS name for your domain, which should match

the domain provided in the down-level logon name format of DOMAIN\Username.

5. Use the Include domain in drop-down option to indicate if this is the default domain for the Domain field.

6. In the Connection Settings section, shown in the following figure, use the following procedure to set up an Active Directory authentication server.

a. Select Active Directory from the Type drop-down list.

b. From the Specify address using drop-down menu, select Hostname or IP address.

Quick Start

13

c. Enter the authentication server hostname or IP address in the Hostname or IP address edit field.

d. Enter the port number in the Port edit field.

e. Click on the Encrypt connection to authentication server using SSL (LDAPS) checkbox if you need a secure connection to the authentication server. The port number automatically changes to 636. Re-edit the Port edit field if you are not using port 636 for secure connections.

7. In the Search Settings section, shown in the following figure, enter the username and password for

an account that has read rights to the user records. Leostream does not need full administrator rights to your Active Directory authentication server.

8. In the User Login Search section, ensure that the Match Login name against this field edit field is set to sAMAccountName. This is the attribute that the Connection Broker should match the user’s entered login name against.

9. Click Save.

Step 6: Creating a Citrix XenDesktop Center Leostream uses the XenDesktop center to learn the location of the Citrix Studio that will hold Leostream assignments. To create a center for XenDesktop 7.x:

1. Go to the > Resources > Centers page.

2. Click Add Center. The Add Center form opens.

3. Select Citrix XenDesktop 7 from the Type drop-down menu. The form updates, as follows:

Chapter 2: Quick Setup

14

4. Enter a name for the center in the Name edit field.

5. In the XenDesktop Controller address edit field, enter the address the Connection Broker uses to communicate with the Citrix Studio in your XenDesktop farm.

6. In the Agent RPC port edit field, enter the port that the Leostream Agent installed on the Citrix Studio listens on. Ensure that this port is different from any of the ports used by the Studio.

7. In the Catalog for Leostream assignments edit field, enter the name of the catalog you want to hold all desktops assigned by Leostream.

Do not manually create this catalog. The Connection Broker automatically creates a Static machine catalog with this name when you save the Create Center form. This catalog is used when assigning persistent desktops to users.

8. In the Username edit field, enter the username for a user that has administrator rights to the desktop where the Citrix Studio is installed. Include the user’s domain in the field, in the form: domain\username.

9. Enter this user’s password in the Password edit field.

10. Select a value from the Refresh Interval drop-down menu to indicate how often the Connection Broker checks if the XenDesktop center is still online.

11. Click Save. After you save the center, ensure that the center is listed as Online on the > Resources > Centers page and that your new catalog was created in your Citrix Studio.

Quick Start

15

Step 7: Inventorying Desktops for HDX Connections In order for the Connection Broker to assign machines to end users, you must first inventory the desktops in Leostream. When assigning desktops with persistent operating systems, you must inventory the desktops using an Active Directory center.

If you are managing connections to virtual machines, do not create a center for your virtualization platform. If you do, the Connection Broker considers the desktop from the Active Directory center as a duplicate, and cannot push the assignment into XenDesktop.

To add an Active Directory center:

1. Go to the > Resources > Centers page.

2. Click Add Center. The Add Center form opens.

3. Select Active Directory from the Type drop-down menu. The form updates, as follows:

4. Enter a name for the center in the Name edit field.

5. Select an authentication server from the Authentication Server drop-down menu. This drop-down menu contains the Active Directory centers you entered in the > Users > Authentication Servers page.

Chapter 2: Quick Setup

16

6. In the Sub-tree edit field, specify the sub-tree within Active Directory that contains the computer records. If you do not specify a sub-tree, the Connection Broker assumes the same sub-tree starting point as specified in the Active Directory authentication server selected in step 3.

You can begin the search at a node higher up the search tree than what is specified in the Active Directory authentication server.

7. Enter an optional filter expression in the Advanced filter expression edit field.

8. Select the Inventory refresh interval. This setting tells the Connection Broker how often to query

the center for information on existing or new desktops in this center. The refresh interval is the length of time between when one refresh action completes and the next refresh action begins.

9. Click Save.

The desktops appear on the > Resources > Desktops page. Ensure that the desktops have an Availability of Available, not Duplicate. If the desktops from this center are marked as duplicates, delete the center that contains the available record. See the “Working with Desktops and Applications” chapter of the Connection Broker Administrator’s Guide for information on working with desktops in the Connection Broker.

Step 8: Defining Pools After you create your centers and the Connection Broker registers all your desktops, you can combine the desktops and applications into logical groups, or pools. Use pools to create sets of desktops and applications that have similar attributes, or come from the same center.

The Leostream Connection Broker defines a pool as any group of desktops or applications. To create a pool:

1. Click the Resources tab in the main navigation menu.

2. Click the Pools tab in the Resources page navigation menu.

3. Click Create Pool, as shown in the following figure.

4. In the Create Pool form, enter the basic pool characteristics, as follows:

a. Name: A unique identifier for this pool. This name is reflected in the Delivery Group name crated in the Citrix Studio.

Quick Start

17

b. Subset of pool: The parent pool from which to draw resources for this pool.

c. Define pool using: The information to use when defining resources in this pool. You can

define desktop pools using any of the following methods. You can create application pools using only the noted methods.

Desktop attributes: Fill the pool with desktops with common attributes, such as desktop name or operating system.

Tags: Fill the pool with desktops with a particular tag. You must define tags in your Connection Broker to use this option.

You must define tags and associate these tags with desktops before you can use tags to define pools.

Centers: Fill the pool with all desktops or applications in one or more centers.

LDAP attributes: Fill the pool with desktops with common LDAP attributes. This option is available only if you defined an Active Directory center in your Connection Broker.

Selection from parent pool: Manually select desktops or applications to include in the pool.

5. Based on your selection in part c of step 4, enter the characteristics that define the pool.

6. Ensure that you do not select the Place desktops in a Shared Citrix XenDesktop Group option at the bottom of the Edit Pool form when working with desktops with a persistent operating system.

7. Click Save.

The Pools page displays a hierarchy of all available pools. For a complete description of pools, see the “Creating Desktop and Application Pools” chapter in the Connection Broker Administrator’s Guide.

Step 9: Building Power Control and Release Plans After you separate your desktops into pools, define the behaviors you want to assign to the desktops in those pools, including:

Configuring a protocol plan to launch HDX connections

Indicating when non-persistent desktops should be rebooted

Defining how long users remain assigned to their desktop.

Chapter 2: Quick Setup

18

The Leostream Connection Broker defines a plan as a set of behaviors that can be applied to desktops based on their pool membership. Because a desktop can be in more than one pool, a desktop can be assigned different plans based on which pool the Connection Broker uses when offering that desktop to a particular user.

Protocol Plans Protocol plans determine which display protocols the Connection Broker uses to connect a user to a desktop from a particular pool. For a complete description of protocol plans, see “Building Pool-Based Plans” in the Connection Broker Administrator’s Guide. The Connection Broker provides one default protocol plan, which is shown on the > Plans > Protocol page, shown in the following figure.

To create a protocol plan for Citrix HDX:

1. Go to the > Plans > Protocols page.

2. Click the Create Protocol Plan at the top of the page. The Create Protocol Plan form opens.

3. In the Plan name edit field, enter the name to use when referring to this protocol plan.

4. In the Leostream Connect and Thin Clients Writing to Leostream API section and/or Web Browser section, select 1 from the Priority drop-down menu for Citrix HDX. You cannot save the form if more than one protocol is assigned the same priority in a particular section of the protocol plan. Ensure that you change the priority of any protocol that previously had a priority of 1 to a different, unique value.

5. From the Create assignment in selected XenDesktop center drop-down menu, select the XenDesktop center you created in Step 6: Creating a Citrix XenDesktop Center.

6. In the Site URL for XenApp Services Site edit field, enter the Site URL for your Citrix Storefront (see

Setting up a Citrix Storefront to use with Leostream). Do not include the trailing config.xml, for example:

Quick Start

19

7. Click Save.

Release Plans Release plans define how long a desktop remains assigned to a user. Available release plans are shown on the > Plans > Release page, shown in the following figure.

New Connection Broker installations contain one default release plan. However, you can create as many additional release plans as needed for your deployment. For example, to build a release plan that schedules a logout after the user disconnects from their desktop:

1. Click Create Release Plan on the > Plans > Release page. The Create Release Plan form, shown in the following figure, opens

Chapter 2: Quick Setup

20

2. Enter a unique name for the plan in the Plan name edit field.

3. In the When User Disconnects from Desktop section, select after 1 hour from the Forced Logout drop-down menu.

4. Click Save.

Power Control Plans Power control plans define what power control action is taken on a desktop when the user disconnects or logs out of the desktop or when the desktop is released to its pool. Available power control plans are shown on the > Plans > Power Control page, shown in the following figure.

Quick Start

21

New Connection Broker installations contain one default power control plan, called Default. You can create as many additional power control plans as needed for your deployment. For example, to create a power control plan that reboots a non-persistent desktop when the user logs out:

1. Select Create Power Control Plan on the > Plans > Power Control page. The Create Power Control Plan form, shown in the following figure, opens.

2. Enter a unique name for the plan in the Plan name edit field.

3. In the When User Logs out of Desktop sections:

a. From the Wait drop-down menu, select 0 minutes to reboot immediately after the logout, or select a period of time to wait before performing the reboot.

b. From the then drop-down menu, select Shutdown and Start to reboot the desktop gracefully.

4. Click Save to store the changes, or Cancel to return to the > Plans > Power Control page without creating the plan.

Chapter 2: Quick Setup

22

Step 10: Defining User Policies After you define your pools and plans, combine them into policies that assign resources to users.

The Leostream Connection Broker defines a policy as a set of rules that determine what desktops are offered to a user, and what display protocol, power control, and release plans are applied to those desktops. The Connection Broker provides a Default policy that is assigned to the user if no other policy exists or is applicable. You can modify the default policy, or create your own policy, to assign pools of desktops and applications to users. To create additional policies:

1. Click the Users tab in the main navigation menu.

2. Click the Policies tab in the Users page navigation menu.

3. Click Create Policy, as shown in the following figure.

4. In the Create Policy form, enter a name for the policy in the Policy name edit field. For a discussion on the remaining general policy properties, see the Connection Broker Administrator’s Guide.

5. In the Desktop Assignment from Pools section, select the pool created in step 8 from the Pool drop-down menu.

One policy can assign desktops from multiple desktop pools. Use the [Add Pools] menu at the bottom of the Desktop Assignment from Pools section to add additional pools to the Create Policy form.

6. For each desktop pool, from the Number of desktops to offer drop-down menu, select the number

of desktops to offer from this pool.

7. The controls shown in the following figure configure additional policy options that control how the Connection Broker chooses a desktop from the pool. For this example, keep all values at their default setting. See the “Configuring User Experience by Policy” chapter of the Connection Broker Administrator’s Guide for information on using the controls shown in the following figure.

Quick Start

23

8. In the Plans section, select the HDX Protocol Plan, Power Control and Release Plans you created in Step 9.

9. Click Save.

Step 11: Assigning User Roles and Policies When a user logs in to the Connection Broker, the Connection Broker searches the authentication servers defined on the > Users > Authentication Servers page for a user that matches those credentials. The Connection Broker then looks on the > Users > Assignments page, shown in the following figure, for the assignment rules associated with the authentication server that authenticated the user. For example, if the Connection Broker authenticated the user in the Leostream domain defined on the > Users > Authentication Servers page, the Connection Broker would look in the Leostream assignment rules in the following figure.

To assign roles and policies to users in a particular authentication server, click the Edit link associated with that authentication server on the > Users > Assignments tab, shown in the previous figure. The Edit Assignment form for this authentication server appears, as shown in the following figure.

Chapter 2: Quick Setup

24

By default, the Connection Broker matches the selection in the Group drop-down menu to the user’s memberOf attribute in Active Directory.

If you modified your groups in Active Directory after you last signed into your Connection Broker, you must sign out and sign back in to have your Connection Broker reflect the authentication server changes. To assign rules based on the user’s group attribute:

1. Select the group attribute from the Group drop-down menu

2. If you are using locations, select a location from the Client Location drop-down menu

3. Assign a role to this group and client location pair by selecting an item from the User Role drop-down menu

4. Assign a policy to this group and client location pair by selecting an item from the User Policy drop-

down menu If you need to assign roles and policies based on a different authentication server attribute, uncheck the Query for group information option at the bottom of the Edit Assignments form. After you save the form, the format of the Assigning User Role and Policy section changes. For information on locations and roles, see the Connection Broker Administrator’s Guide.

Step 12: Testing Your Connection Broker Configuration To test your Connection Broker, ensure that users are correctly assigned to applications, as follows:

1. Click the Users tab in the main navigation menu.

2. Click the Users tab in the Users page navigation menu.

Quick Start

25

3. Click Test Login, as shown in the following figure:

4. In the Test Login form that opens, enter the name of the user to test in the User Name edit field.

5. If you are allowing the user to specify their domain, select a domain from the Domain drop-down menu.

6. Use the Filter client list by location drop-down menu to restrict the clients shown in the Clients drop-down menu. You create these locations on the > Clients > Locations page. If you are not using locations, select All.

7. If you have any clients loaded into your Connection Broker, use the Client menu to select the client

you want to test this user logging in from.

8. Click Run Test. The Connection Broker searches the authentication server for your user, and then presents a report indicating which role and policy it assigned the user, and what applications it would offer.

Please complete a login test prior to contacting Leostream technical support.

After you test a login from the Connection Broker, you can use a Leostream Connect client or a Wyse thin client to log in as this user, and ensure that the Connection Broker assigns the same applications and successfully logs in the user.

Step 13: Preparing Client Devices End-users can launch HDX connections using any of the following client devices:

Leostream Connect (Windows and Java)

Dell Wyse® thin clients

The Leostream Web Client In order to launch HDX connections using Leostream Connect or the Web clent, you must install the Citrix Receiver on the client device. When using Citrix XenDesktop 7, Leostream was verified using Citrix Receiver version 4.1.

Chapter 3: Managing Your License

26

Chapter 3: Managing Your License You can view and manage license information within the Connection Broker Web interface. To view license information:

1. Click on the System tab in the top navigation menu.

2. Click on the Maintenance tab in the System page navigation menu.

Viewing License Information The License Information text on the right hand side of the Maintenance page, shown in the following figure, displays the license information.

The number of available licenses currently used, for example: Number of licenses in use: 7 of 100. This number indicates the number of users that can concurrently be assigned to resources using the Connection Broker.

The support expiration date, for example: Your support license expires 2020-05-03. This date indicates the last date that you are eligible for Leostream support and Connection Broker updates.

Contact sales@leostream.com to add users to your licenses or renew an expired support license.

Updating the Connection Broker The Connection Broker information displayed on the right side of the > System > Maintenance page displays the current Connection Broker version and the last time it was updated. If you have not recently updated your Connection Broker, you can download and install updates using options on the > System > Maintenance page. The most up-to-date Connection Broker update file can be found at: http://www.leostream.com/leostream-connection-broker-updates

Leostream recommends taking a snapshot of your Connection Broker virtual machine prior to installing an update. Also, qualify the Connection Broker update in a pre-production environment before you roll the new version into production.

Quick Start

27

If the update options are disabled, your Leostream support license has expired and you are no longer eligible for Connection Broker updates. Contact sales@leostream.com to renew your Leostream support license. To install the Connection Broker update file:

1. Go to the > System > Maintenance page.

2. Select the Install Connection Broker update option and click Next. The following Install Update File form opens.

3. Browse for or enter the full path to the update file.

4. Click Upload File. The Connection Broker checks the new file, and opens a form indicating the current version number and the new version number.

Certain browsers, such as Internet Explorer, may automatically unpack the file. If the TGZ-file was unpacked during the download from the Leostream website, the file will not upload into the Connection Broker.

5. Click Install version x.x.x.x in this form to finish the installation. The Connection Broker update may over a half hour if the Connection Broker needs to recompile components such as OpenSSL. The update is complete after the Connection Broker reboots.

Installing a New License To update your support license, or add users to your license:

1. Go to the > System > Maintenance page.

2. In the Update section, select the Install new license option.

3. Click Next.

4. In the Leostream license page, shown in the following figure, enter your new license key.

Chapter 3: Managing Your License

28

5. Click on the License Agreement link to open the End User License Agreement for the Leostream Connection Broker

6. Read the agreement and, if you accept it, select the I have read and accept the License Agreement check box.

7. Click Save.

Quick Start

29

Appendix: Leostream and XenDesktop Integration

Managing Persistent Desktop Assignments The Connection Broker performs the following steps when assigning a persistent desktop to a user.

1. The first time any user is assigned to this desktop, the Connection Broker adds the desktop to the Static Machine Catalog associated with the XenDesktop center selected in the protocol plan. The desktop must not belong to any other machine catalog. If the desktop is in another catalog, the Connection Broker cannot manage an HDX connection to that desktop.

2. The first time a desktop from this pool is assigned to a user, the Connection Broker creates a Static Delivery Group with the name Leostream – Pool Name where Pool Name is the name of the Leostream pool that contains the desktop. If the Delivery Group already exists, Leostream uses that Group.

3. The Connection Broker adds the desktop to the Delivery Group.

4. Leostream then assigns the user to that desktop in the Delivery Group.

The user is assigned directly to the desktop in the Group, not to the entire Delivery Group.

5. The Connection Broker uses the Storefront in the desktop’s protocol plan to retrieves the ICA-file to use to establish the HDX connection to that desktop.

6. The Connection Broker sends the ICA file to the client, which launches the Citrix Receiver to establish the connection.

When the user’s release plan instructs the Connection Broker to release the desktop, the Connection Broker performs the following actions.

1. The Connection Broker places the desktop into Maintenance Mode in the Citrix Delivery Group, to prepare the desktop to be removed from the group.

2. After the desktop is in maintenance mode, the Connection Broker removes the user association from the desktop in the Delivery Group.

3. The Connection Broker then removes the desktop from the Delivery Group.

4. If there are no other desktops in the Delivery Group, the Connection Broker places the Group into

Appendix: How Leostream Integrates with XenDesktop

30

Maintenance Mode in the Citrix Delivery Group, to prepare the Group to be removed.

5. The Connection Broker then deletes the Delivery Group.

6. Maintenance mode is finally turned off for the desktop, which remains in the Machine Catalog.

If any of the delete actions fail, you may see desktops or Delivery Groups in maintenance mode. Because the desktop is not removed from the Machine Catalog, the next time a user is assigned to that desktop, the Connection Broker locates the desktop in the Catalog and does not need to repeat the step to add the desktop.

Managing Non-Persistent Desktop Assignments The Connection Broker performs the following steps when assigning a non-persistent desktop to a user.

1. The Connection Broker locates the desktop in a Streamed Machine Catalog in XenDesktop. In order for the Connection Broker to locate the desktop, the virtual machine name in vSphere must match the name shown for the machine in the Catalog.

2. The first time a desktop from this pool is assigned to a user, the Connection Broker creates a Shared Delivery Group with the same name as the Leostream pool. If the Delivery Group already exists, Leostream uses that Group.

3. The Connection Broker adds the desktop to the Delivery Group, if the desktop is not already in the Group.

4. Leostream then assigns the user to the Delivery Group.

The user is not assigned to the specific desktop they were offered by Leostream. Because the user is assigned to the Deliver Group, and not the specific desktop, XenDesktop may ultimately connect the user to a different desktop in the group. If XenDesktop switches the user to a different desktop, Leostream modifies the assigned in the Connection Broker to match the desktop the user actually connected to.

5. The Connection Broker retrieves the ICA-file that would be used to establish the HDX connection to that desktop.

6. The Connection Broker sends the ICA file to the client, which launches the Citrix Receiver to establish the connection.

When the user’s release plan instructs the Connection Broker to release the desktop, the Connection Broker removes the user from the Delivery Group. The desktop remains in the Delivery Group, which speeds up subsequent logins to the desktop.