About Me

My photo
This blog has been created to share technical information, interesting innovations that I notice on daily basis and Architectural/Consulting overview of various technologies. My areas of interest, on which I would be blogging, are VMware, Microsoft and Citrix Technologies. I hope you will enjoy this blog and share your experience with me.

VMware Horizon TrueSSO - Configuration for High Availability and Redundancy

In this post I will demonstrate the configuration that are required to deploy the VMware Enrollment Servers for High availability and redundancy. This includes two Certificate Authority CA’s and Enrollment Servers

TrueSSO Availability and Redundancy

My colleague Tarique Chowdhury has an excellent post on the TrueSSO Lab Setup. However in that deployment it talks about a single Enrollment Server and Certificate Authority Server.

This post is not a replacement of the Setting Up TrueSSO guide on VMware Pubs. However the below mentioned two sections complement during the configurations for everything else follow the setup guide/blogs:

Certificate deployment – Enrollment Agent (Computer).

Deploying the Enrollment Agent (Computer) certificate onto this server, we are authorizing this ES to act as an Enrollment Agent and generate Certificates on behalf of users.

    Both the Certificate Authority Server Enrollment Agent (Computer) certificate needs to be added. They are added one-by-one. The Personal –> Certificate store should look like below on the ES:

    Enrollment Agent (Computer)

    Configure TrueSSO on the Horizon Connection Servers:

    Step1: Adding both the Enrollment Server (ES) - Adding the ES to the environment, we are able to query the ES about the domain and relevant True SSO info.

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --environment --add –enrollmentServer tsso1.askaresh.com,tsso2.askaresh.com

    Adding ES

    Step2 - List both the newly deployed Enrollment Server - We will get info about various components of the environment which will be useful for configuring True SSO.

    vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso1.askaresh.com  --domain askaresh.com

    vdmutil --authAs username –authDomain askaresh --authPassword password --truesso --environment --list --enrollmentServer tsso2.askaresh.com  --domain askaresh.com

    Listing ES

    Step3 - Adding the Connector for TrueSSO - A True SSO Connector is a configuration set where we specify details like ES(s), CA(s) and a Certificate Template to use for a certain Domain. When a Horizon CS gets a request to launch a desktop for an AD user, it will look up True SSO Connector for the domain the user belongs to and will use the components as specified to obtain a Certificate on behalf of the user.

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --create --connector --domain askaresh.com --template TrueSSO --primaryEnrollmentServer tsso1.askaresh.com –secondaryEnrollmentServer tsso2.askaresh.com --certificateServer MSSUBCA01-CA,MSSUBCA02-CA --mode enabled

    TrueSSO Connector

    Step4 - List the SAML Authenticator available in Horizon environment - A SAML Authenticator contains the trust and metadata exchange between Horizon View and vIDM. To use True SSO, we need to identify the correct SAML Authenticator and enable True SSO.

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --list --authenticator

    Listing SAML

    Step5 - Enable TrueSSO for the SAML Authenticator

    vdmutil --authAs username --authDomain askaresh --authPassword password --truesso --authenticator --edit --name VIDM-PROD --truessoMode ENABLED

    Enable TrueSSO

    Step6 - Check the status on the Horizon Administrator Dashboard

    TrueSSO Dashboard

    I hope you find these steps useful during the TrueSSO Availability and Redundancy configurations.



    Ho Shawn said...

    Hi, I hoped to check with you. If my customer only has 1 enrollment server with 1 connection server to begin with, then a replicate server is added, how could we add the newly added replicate server onto the existing enrollment server?

    vdmutil reports error when we create connector. It complains the connector has been created.

    for IT the said...

    Great Article
    Final Year Project Domains for CSE
    Project Centers in Chennai

    JavaScript Training in Chennai
    JavaScript Training in Chennai

    Aruna Ram said...

    The post is very helpful for developing myself and most of the required contents are there. Thanks for your great post with your sharing us...!
    Unix Training in Chennai
    Unix shell scripting Training in Chennai
    Excel Training in Chennai
    Corporate Training in Chennai
    Oracle Training in Chennai
    Oracle DBA Training in Chennai
    Pega Training in Chennai
    Unix Training in Chennai
    Unix shell scripting Training in Chennai

    Scott E. said...

    Aresh, Cheers this is exactly what I was looking for. If I have any feedback during my build I will post. Thank you for providing this.

    Scott E. said...
    This comment has been removed by the author.
    sandeep saxena said...

    I like to learn a piece of new information about technology. Im really like your post. Good job.
    Struts Training in Chennai
    Struts course in Chennai
    Struts Training center in Chennai
    struts Training in Anna Nagar
    Wordpress Training in Chennai
    Wordpress Training Institutes in Chennai
    Spring Training in Chennai
    Hibernate Training in Chennai

    Manisha Sudha said...

    Awesome blog...thanks for sharing valuable articles.....
    Struts Training in Chennai
    Struts Training institutes in Chennai
    Struts Training Chennai
    struts Training in Anna Nagar
    struts Training in T Nagar
    Wordpress Training in Chennai
    SAS Training in Chennai
    Spring Training in Chennai
    Photoshop Classes in Chennai
    DOT NET Training in Chennai

    Prakash said...

    Wonderful Blog!!! Waiting for your upcoming data... thanks for sharing with us.
    Software Testing Training in Chennai
    software testing course in chennai
    software testing training institute in chennai
    software testing course
    Software testing training in vadapalani
    Software testing training in porur
    Python Training in Chennai
    Hadoop Training in Chennai
    Big data training in chennai
    JAVA Training in Chennai

    arolincy said...

    Thank you for your efforts and I am inspiried with your written style.
    IELTS Coaching in Chennai
    Best IELTS Coaching in Chennai
    german classes
    learn Japanese in Chennai
    Best Spoken English Class in Chennai
    TOEFL Coaching Centres in Chennai
    IELTS Coaching in OMR
    IELTS Coaching in Porur

    Victoria said...
    This comment has been removed by the author.
    Victoria said...

    Good luck in finding the best vmware backup solution

    Adhuntt said...

    Great blog thanks for sharing Leaders in the branding business - Adhuntt Media is now creating a buzz among marketing circles in Chennai. Global standard content creation, SEO and Web Development are the pillars of our brand building tactics. Through smart strategies and customer analysis, we can find the perfect audience following for you right now through Facebook and Instagram marketing. Click here 360 your brand journey Adhuntt Media.
    digital marketing company in chennai

    Karuna said...

    Nice blog thanks for sharing Join the Karuna Nursery Garden family and be a part of our network of home gardeners. We can help you setup the perfect front yard for your family to relax in. Reach us out to get more information on our terrace garden consultants in Chennai too.
    plant nursery in chennai

    Pixies said...

    Excellent blog thanks for sharing Pixies Beauty Shop is unlike any of the other cosmetic shops in Chennai. With tons of exclusive imported brands to choose from and the best value, this is the best shopping destination for your personal and salon needs.
    beauty Shop in Chennai

    My Blog List