Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More Quick Start with Microsoft Hyper-V Version 8.1 October 21, 2015

Contacting Leostream Leostream Corporation http://www.leostream.com 465 Waverley Oaks Rd. Telephone: +1 781 890 2019 Suite 200 Fax: +1 781 688 9338 Waltham, MA 02452 USA To submit an enhancement request, email features@leostream.com. To request product information or inquire about our future direction, email sales@leostream.com. Copyright Copyright 2002-2015 by Leostream Corporation This software program and documentation are copyrighted by Leostream. The software described in this document is provided under a license agreement and may be used or copied only under the terms of this agreement. No part of this manual may be copied or reproduced in any form without prior written consent from Leostream. Trademarks The following are trademarks of Leostream Corporation. Leostream The Leostream graphical logo The absence of a product name or logo from this list does not constitute a waiver of the trademark or other intellectual property rights concerning that product, name, or logo by Leostream. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. OpenLDAP is a trademark of The OpenLDAP Foundation. Microsoft, Active Directory, SQL Server, Hyper-V, and Windows are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Other brand and product names are trademarks or registered trademarks of their respective holders. Leostream claims no right to use of these marks. Patents Leostream software is protected by U.S. Patent 8,417,796. 2

Quick Start Contents CONTENTS... 3 CHAPTER 1: INTRODUCTION... 4 LEOSTREAM COMPONENTS... 4 WHAT IS THE CONNECTION BROKER?... 4 HOW THE CONNECTION BROKER MANAGES USERS... 6 CHAPTER 2: QUICK SETUP... 8 STEP 1: DOWNLOADING AND INSTALLING THE CONNECTION BROKER... 8 STEP 2: LICENSING AND UPGRADING THE LEOSTREAM CONNECTION BROKER... 10 Adding a Leostream License... 10 Updating your Connection Broker... 12 STEP 3: ENABLING GENERAL CONNECTION BROKER FEATURES... 12 STEP 4: CREATING A CENTER FOR MICROSOFT HYPER-V... 13 STEP 5: DEFINING POOLS... 15 STEP 6: DEFINING PROTOCOL, POWER CONTROL, AND RELEASE PLANS... 16 Protocol Plans... 16 Power Control Plans... 17 Release Plans... 19 STEP 7: DEFINING USER POLICIES... 21 STEP 8: AUTHENTICATING USERS... 22 STEP 9: ASSIGNING USER ROLES AND POLICIES... 24 STEP 10: TESTING YOUR CONNECTION BROKER CONFIGURATION... 25 CHAPTER 3: MANAGING YOUR LICENSE... 27 VIEWING LICENSE INFORMATION... 27 UPDATING THE CONNECTION BROKER... 27 INSTALLING A NEW LICENSE... 28 3

Chapter 1: Introduction Chapter 1: Introduction This document provides information on how to install the Leostream Connection Broker into Microsoft Hyper-V using Microsoft System Center Virtual Machine Manager (SCVMM), and configure Leostream to manage virtual machines in Hyper-V. See the associated sections of the complete Administrator s Guide for more information pertaining to each step. Leostream Components Leostream consists of the following four components. Connection Broker: The main virtual appliance that manages the VDI environment. The Connection Broker is the central management layer for configuring your deployment, including: inventorying and provisioning desktops, assigning these desktops to users, and defining the end-user experience. Leostream Agent: When installed on a virtual machine, the Leostream Agent provides the Connection Broker with insight into the connection status of remote users. The Leostream Agent is available for Windows and Linux operating systems. Leostream Connect: A software client provided by Leostream that allows users to log into desktops from fat or thin clients. Using Leostream Connect, you can repurpose existing desktops and laptops as client devices, lowering the cost of VDI deployments. Some thin clients provide built-in Leostream Connect clients. In addition to Leostream Connect, users can log into Leostream using the Leostream Web client. Database: In a proof-of-concept environment, the Connection Broker stores all information in an internal PostgreSQL database. A large-scale, redundant production environment requires an external PostgreSQL or Microsoft SQL Server 2012 or 2014 database. What is the Connection Broker? The Leostream connection broker lies at the heart of a VDI deployment, and is the key component for assigning desktops to end users. The Leostream Connection Broker runs as a virtual appliance within Hyper- V, making it easy to install, maintain, and update. The Connection Broker provides end users with consistent, reliable access to desktops from a wide range of client devices. The Connection Broker is managed using a web interface. In the web interface, you define the Leostream concepts shown in the following figure. Generally, you begin by defining authentication servers, and fill in the other concepts in the box as you work through your configuration. 4

Quick Start The following table describes these concepts in more detail. Leostream Concept Authentication servers Centers Pools Plans Policies Roles Assignments Definition A server that provides authentication services to users logging into the Connection Broker. The Connection Broker supports Microsoft Active Directory, Novell edirectory, OpenLDAP, and NIS directory services. You can specify any number of trusted or not-trusted domains, using any combination of authentication server types. In addition, the Connection Broker allows you to manually define local users without configuring an authentication server. The external systems from which the Connection Broker inventories hosted resources, including desktops, applications, and printers. Collections of desktops, gathered from a single or multiple centers. Common sets of rules that define how the Connection Broker manages the end user s connection to their assigned desktop. Rules that assign desktops to users and define what occurs at all steps of the user s session, including assignment, login, disconnect, and logout. Policies assign plans to desktops based on the desktop s pool membership. Permissions that control the level of access users have to the Connection Broker Administrator Web interface. A set of rules that determine which role and policy the Connection Broker assigns to a user, based on who the user is and where they logged in. The following figure depicts a high-level architecture of a heterogeneous hosted desktop environment managed by Leostream. 5

Chapter 1: Introduction How the Connection Broker Manages Users The following figure illustrates the steps involved in connecting users to desktops, which are described in more detail after the illustration. With the exception of authenticating users, policy logic determines how the Connection Broker handles each step. 6

Quick Start 1. User signs into the Connection Broker: End users log into the Connection Broker using a Web browser, thin client, mobile device, or Leostream Connect software client. Different client types support different types of credentials, such as username/password, smart cards, proximity cards, RSA tokens, or fingerprints. 2. Connection Broker authenticates user: After the Connection Broker receives the user s credentials from the client, Leostream searches for the user in the domains defined in the Connection Broker. 3. Connection Broker offers resources based on user s policy: The Connection Broker assigns a policy to the user using the assignment table associated with the domain chosen in step 2. 4. User requests connection to desired desktop: Users with policies that offer multiple desktops can choose which, and how many, desktops they want to access. 5. Connection Broker assigns desktop: After the user selects one or more desktops, the Connection Broker assigns those desktops to the user. When a desktop is assigned to a user, the Connection Broker will not offer that desktop to any other user. After the assignment is made, the Connection Broker launches the display protocol selected for that desktop. The Connection Broker does not proxy the display protocol connection. 6. User ends remote viewer session: When the user disconnects or logs out of their remote desktop, the Connection Broker applies any power control or release actions specified by the plans assigned to that desktop in the user s policy. 7. Connection Broker unassigns desktop: If the user s release plan releases the desktop back to its pool, the Connection Broker unassigns the desktop. Otherwise, the Connection Broker retains the desktop assignment. 8. Connect Broker applies power policy: Lastly, the Connection Broker takes any power control actions set in the user s policy. 7

Chapter 2: Quick Setup Chapter 2: Quick Setup The following procedure steps you through a general Connection Broker installation and basic configuration. Step 1: Downloading and Installing the Connection Broker Use the Microsoft System Center Virtual Machine Manager (SCVMM) to install the Leostream Connection Broker into a Hyper-V virtualization layer. SCVMM stores VHD-files in the Virtual Machine Manager Library. The Leostream Connection Broker no longer installs on Hyper-V Server 2008. If you require support for Hyper-V 2008, please contact supportsite@leostream.com. To use the Connection Broker to manage VMs hosted on this Hyper-V hypervisor, you must also install the Leostream Agent on the Hyper-V server. See the Leostream Installation Guide for more information. To install the Connection Broker: 1. Download the ZIP-file associated with the Connection Broker for Microsoft Hyper-V. http://www.leostream.com/downloads/leostream-connection-broker-microsoft-hyper-v.zip 2. Extract the contents of the ZIP-file into the Virtual Machine Manager library share folder s VHDs directory. If you plan to deploy multiple Connection Brokers, archive a copy of the extracted files. By default, the VMM library share folder is located in the following directory: %LocalDisk\ProgramData\Virtual Machine Manager Library Files\VHDs where %LocalDisk is typically C:. The library can also be found at: \servername\msscvmmlibrary\vhds 3. Open the Virtual Machine Manager. 4. In the left-hand pane of the SCVMM interface, click on Library. 5. In the Library, expand the Library Servers node. 6. In the Library Servers node, expand the server node where you unpacked the Connection Broker ZIP-file. 7. Inside the appropriate server node, right-click on the VHDs folder and select Refresh. The folder you unpacked in step 2 should appear in the right hand pane of Physical Library Objects. 8

Quick Start 8. In the VHDs folder, select the folder you unpacked in step 2. The Connection Broker vhdx file appears in the Physical Library Objects. 9. Right-click on the vhdx file and select Create Virtual Machine, as shown in the following figure. a. On the Specify Virtual Machine Identity page, enter a name into the Virtual Machine Name edit field. You must use a unique name for every Connection Broker appliance that you deploy. Select Generation 1 from the Generaion drop-down menu and click Next. b. On the Configure Hardware page, select Hyper-V for the Compatibility profile and click Next. c. On the Select Destination page, select Place the virtual machine on a host. Select the Destination host and click Next. d. On the Select Host page, select the Hyper-V server where the Connection Broker appliance will reside and click Next. e. On the Configure Settings page, enter the absolute path name where the Connection Broker appliance will be stored and click Next. f. On the Select Networks page, select the network that the Connection Broker appliance will use and click Next. 9

Chapter 2: Quick Setup g. On the Add Properties page, select CentOS Linux 5 (32 bit) from the Specify operating system you will install in the virtual machine drop-down menu and click Next. h. In the Confirm the settings page, check the Start the virtual machine after deploying it option and click Create. 10. After the Create virtual machine job finishes, in the left-hand pane, select VMs and Servers. The Connection Broker that you created should appear in the list of VMs in the right hand pane. If the Connection Broker does not appear in the list, go to the left-hand pane, right-click on the Hyper-V Server where the Connection Broker appliance was deployed, and select Refresh Virtual Machines. To view the Connection Broker console, right-click on the Connection Broker in the list of VMs and select Connect or View > Connect via Console. VMM may display warning 13206 when creating the Connection Broker VM. This warning can result when you create a new VM from a VHD-file with a non-windows operating system, and can be ignored. You can now start the virtual machine. After the virtual machine is running, the Connection Broker IP address appears in the console, for example: If the console cannot obtain an IP address from DHCP, you can manually configure the network. See Manually Configuring the Connection Broker Address section in the Leostream Installation Guide for more information. Otherwise, proceed to the next step. In a production environment, Leostream recommends using a static IP address or DNS SRV record for the appliance, and configuring DNS with your primary search domain. See the Network Options section in Chapter 2 of the Connection Broker Virtual Appliance Guide for complete instructions. Step 2: Licensing and Upgrading the Leostream Connection Broker Adding a Leostream License After you have the Connection Broker IP address, open the Administrator Web interface, as follows. 1. Open a new browser. 10

Quick Start 2. Enter the Connection Broker IP address in your browser s URL edit field. The Connection Broker Sign In page opens, as shown in the following figure. 3. Sign into the Connection Broker Web interface using the following credentials: User name: admin Password: leo 4. Click Sign In. The Leostream license page, shown in the following figure, opens. 5. In the License key edit field, enter your license key. If you do not have a Leostream license key, contact sales@leostream.com Ensure that there are no spaces in or after the sequence and that you include the lines containing the text -----BEGIN LICENSE----- and -----END LICENSE----- line. 6. Click on the License Agreement link to view the end user license agreement. Select the I have read and accept the License Agreement option if you agree to the terms of the Leostream end user license agreement. 7. Click Save. 11

Chapter 2: Quick Setup Updating your Connection Broker After you install your Connection Broker virtual appliance, upgrade to the latest version, as follows. 1. Download the Leostream update file from the following site: http://www.leostream.com/leostream-connection-broker-updates 2. Go to the > System > Maintenance page in your Connection Broker. 3. Select the Install Connection Broker update option on the > System > Maintenance page. 4. Click Next. The following Install Update File form opens. 5. Browse for the update file or enter the full path to the update file. 6. Click Upload File. The Connection Broker checks the new file, and opens a form indicating the current version number and the new version number. 7. Click Install version x.x.x.x in this form to finish the installation The Connection Broker update may take over a half hour if the Connection Broker needs to recompile components such as OpenSSL. The update is complete after the Connection Broker reboots. Step 3: Enabling General Connection Broker Features The Connection Broker disables some advanced functionality, by default. If you need to enable additional features, such as virtual machine provisioning, or if you need to change the appearance of the login dialog, such as adding the Domain field, please use the following procedure. 1. Click the System tab in the top navigation menu. 2. Click the Settings tab in the System page navigation menu. The Edit Settings form opens, as shown in part in the following figure. 12

Quick Start 3. Select the global Connection Broker features required by your application, for example USB passthrough control. 4. Select the authentication server features appropriate for your environment. To allow end users to select their domain, ensure that you select the Add domain field to login page option, as shown in the following figure. 5. You can also use this form to configure Leostream Connect and the Leostream Web client. 6. Click Save. Step 4: Creating a Center for Microsoft Hyper-V The Connection Broker interfaces with a number of third party systems to inventory and control hosted desktops. Leostream defines centers as the external, third-party systems that inform the Connection Broker about desktops that are available for assignment to end users. The Connection Broker manages virtual machines hosted in a Microsoft Hyper-V virtualization layers by integrating with Microsoft System Center Virtual Machine Manager (SCVMM) 2012 or 2012 R2. The Connection Broker uses Microsoft Windows PowerShell commands to communicate with SCVMM. To ensure that the Connection Broker can communicate with SCVMM, you must issue the following PowerShell command in SCVMM: 13

Chapter 2: Quick Setup Set-ExecutionPolicy RemoteSigned You must have a Leostream Agent installed on the SCVMM server. If you reboot the SCVMM server, the Leostream Agent may not automatically restart. You can manually restart the Leostream Agent using the Leostream Agent Control Panel Options dialog. To add an SCVMM center to your Connection Broker: 1. Go to the > Resources > Centers page. 2. Click on Add Center. The Add Center form opens. 3. Select Microsoft Hyper-V SCVMM Server from the Type drop-down menu. The form updates, as follows: 4. Enter a name for the SCVMM center in the Name edit field. 5. Enter the hostname for the SCVMM in the SCVMM Server hostname or IP address edit field. You may not be able to use the SCVMM IP address in this field if the SCVMM creates a root agency certificate with the fully qualified domain name of the SCVMM server during installation. 6. In the Username edit field, enter the name of a user with administrative privileges. 7. In the Password edit field, enter this user s password. 14

Quick Start 8. In the Domain edit field, enter this user s domain. 9. Select a time from the Inventory refresh interval drop-down menu. This setting tells the Connection Broker how often to refresh the desktops imported from this center. The refresh interval is the length of time between when one refresh action is completes and the next refresh action begins. 10. Click Save. Step 5: Defining Pools After you create your centers and the Connection Broker registers your desktops, you can combine the desktops into logical groups, or pools. Use pools to create sets of desktops that have similar attributes, or come from the same center. The Leostream Connection Broker defines a pool as any group of desktops or applications. Leostream provides a number of flexible methods for creating pools. For a complete description, see the Creating Desktop and Application Pools chapter in the Connection Broker Administrator s Guide. In this example, you can create a pool of all of the virtual machines in Hyper-V with a Windows operating system, as follows: 1. Click the Resources tab in the main navigation menu. 2. Click the Pools tab in the Resources page navigation menu. 3. Click Create Pool, as shown in the following figure. The Create Pool form opens. 4. Enter a unique name for this pool in the Name edit field. 5. From the Subset of pool drop-down menu, select All Windows Desktops. 6. Select Centers from the Define pool using drop-down menu. 7. From the Available centers list in the Center Selection section, select the Hyper-V center you created in step 4. 8. Click the Add highlighted items link below the Available centers list. 9. Click Save. 15

Chapter 2: Quick Setup Step 6: Defining Protocol, Power Control, and Release Plans After you separate your desktops into pools, define the rules that control how the Connection Broker manages the user s connection to desktops in those pools. To perform this step, ask yourself the following questions. What display protocols do I want the user to use to connect to their desktops? How do I want to manage the power state of each desktop, for example, should it be turned off when the user logs out? How long can users remain assigned to a particular desktop? For example, if the user logs out, should they remain assigned to that desktop, or should another user be able to log in? The Leostream Connection Broker defines a plan as a set of rules that can be applied to any number of pools. This step describes three types of pool-based plans: 1) Protocol, 2) Power Control, and 3) Release. Protocol Plans Protocol plans determine which display protocol the Connection Broker uses to connect a user to their desktop from a particular pool. For a complete description of protocol plans, see Building Pool-Based Plans in the Connection Broker Administrator s Guide. The Connection Broker provides one default protocol plan, which is shown on the > Plans > Protocol page, shown in the following figure. For this example, create a protocol plan that instructs the Connection Broker to connect to the remote desktops using only Microsoft RDP, as follows: 1. Go to the > Plans > Protocols page. 2. Click the Create Protocol Plan at the top of the page. The Create Protocol Plan form opens. 3. In the Plan name edit field, enter the name to use when referring to this protocol plan. 4. In the Leostream Connect and Thin Clients Writing to Leostream API section: a. Select 1 from the Priority menu associated with RDP and RemoteFX. b. Edit the default command line parameters and configuration file, as required. c. Select Do not use for the Priority menus associated with all other protocols. 16

Quick Start See the Leostream Guide for Choosing and Using Display Protocols for more information on defining command line parameters and configuration files for each supported display protocol. 5. Because this example creates a protocol plan only for user s logging in through Leostream Connect, the remainder of the Create Protocol Plan form does not require modifications. Click Save to save the form. Power Control Plans Power control and release plans allow you to take actions on the user s remote desktop based on different events, such as: When the user disconnects from their desktop When the user logs out of their desktop When the desktop is released to its pool When the user s session has been idle for a specified length of time The remote desktop must have an installed and running Leostream Agent to allow the Connection Broker to distinguish between user logout and disconnect and to perform actions based on idle time. Not all display protocols allow the Connection Broker to perform actions at these times. Power control plans define what power control action is taken on a desktop. Available power control plans are shown on the > Plans > Power Control page, shown in the following figure. 17

Chapter 2: Quick Setup New Connection Broker installations contain one default power control plan, called Default. You can create as many additional power control plans as needed for your deployment. To build a new power control plan: 1. Select Create Power Control Plan on the > Plans > Power Control page. The Create Power Control Plan form, shown in the following figure, opens. 2. Enter a unique name for the plan in the Plan name edit field. 3. For each of the remaining sections: a. From the Wait drop-down menu, select the time to wait before applying the power action. b. From the then drop-down menu, select the power control action to apply. Selecting Do not change power state renders the setting in the Wait drop-down menu irrelevant, as no action is ever taken. 4. Enter any optional Notes. 5. Click Save to store the changes, or Cancel to return to the > Plans > Power Control page without creating the plan. 18

Quick Start Release Plans Release plans define how long a desktop remains assigned to a user and when it is released to its pool, as well as if a user should be forcefully logged out of their desktop. Available release plans are shown on the > Plans > Release page, shown in the following figure. New Connection Broker installations contain one default release plan. However, you can create as many additional release plans as needed for your deployment. For example, to build a release plan that schedules a logout after the user disconnects from their desktop: 1. Click Create Release Plan on the > Plans > Release page. The Create Release Plan form, shown in the following figure, opens 19

Chapter 2: Quick Setup 2. Enter a unique name for the plan in the Plan name edit field. 3. In the When User Disconnects from Desktop section, select after 1 hour from the Forced Logout drop-down menu. 4. Click Save. When using this release plan, the Connection Broker forcefully logs the user out an hour after they disconnect from their desktop. The logout event then triggers the When User Logs Out of Desktop section of the release plan, which releases the desktop back to its pool and removes the user s assignment to the desktop. 20

Quick Start Step 7: Defining User Policies After you define your pools and plans, build policies that assign the plans to desktops. The Leostream Connection Broker defines a policy as a set of rules that determine how desktops are offered, connected, and managed for a user, including: the pools to offer desktops from; what display protocol is used to connect to those desktops, which power control, and release plans are applied to those desktops, what USB devices the user can access in their remote desktop; and more. The Connection Broker provides a Default policy that applies if no other policy exists or is applicable. The Default policy assigns one desktop from the All Desktops pool. You can create additional policies, as follows: 1. Click the Users tab in the top navigation menu. 2. Click the Policies tab in the Users page navigation menu. 3. Click Create Policy, as shown in the following figure. 4. In the Create Policy form, enter a name for the policy in the Policy name edit field. For a discussion on the remaining general policy properties, see the Connection Broker Administrator s Guide. 5. In the Desktop Assignment from Pools section, use to Pool menu to select the pool to offer desktops from. One policy can assign desktops from multiple pools. Use the [Add Pools] menu at the bottom of the Desktop Assignment from Pools section to add additional pools to the Create Policy form. 6. For each pool, from the Number of desktops to offer drop-down menu, select the number of desktops to offer from this pool to a user of this policy. 7. For each pool, use the controls shown in the following figure to configure the policy options. See the Configuring User Experience by Policy chapter of the Connection Broker Administrator s Guide for information on using the controls shown in the following figure. 21

Chapter 2: Quick Setup In a simple proof-of-concept environment, many of these settings can be left at their default values. Note that, by default, the Connection Broker does not offer a desktop to a user if the desktop does not have an installed Leostream Agent. If you want to assign desktops that do not have a Leostream Agent, select the Yes, regardless of Leostream Agent status option from the Offer running desktops drop-down menu. 8. Click Save. See the Configuring User Experience by Policy chapter in the Connection Broker Administrator s Guide for a complete description on Connection Broker policies. Step 8: Authenticating Users The Connection Broker can authenticate users in standard LDAP systems, such as Active Directory, OpenLDAP, or Novell edirectory. For information on adding OpenLDAP or edirectory services, see the Connection Broker Administrator s Guide. For this example, add an Active Directory authentication server, as follows. Leave any options that are not covered in the following procedure at their default values. 1. Go to the > Users > Authentication Servers tab. 2. Click Add Authentication Server, as shown in the following figure. 22

Quick Start 3. In the Authentication Server name edit field, enter a name for this record in the Connection Broker. 4. In the Domain Name edit field, enter the domain name associated with this Active Directory server. 5. Use the Include domain in drop-down option to indicate if this is the default domain for the Domain field. 6. In the Connection Settings section, shown in the following figure, use the following procedure to set up an Active Directory authentication server. a. Select Active Directory from the Type drop-down list. b. From the Specify address using drop-down menu, select Hostname or IP address. c. Enter the authentication server hostname or IP address in the Hostname or IP address edit field. d. Enter the port number in the Port edit field. e. Click on the Encrypt connection to authentication server using SSL (LDAPS) checkbox if you need a secure connection to the authentication server. The port number automatically changes to 636. Re-edit the Port edit field if you are not using port 636 for secure connections. 7. In the Search Settings section, shown in the following figure, enter the username and password for an account that has read rights to the user records. Leostream does not need full administrator rights to your Active Directory authentication server. 23

Chapter 2: Quick Setup 8. In the User Login Search section, ensure that the Match Login name against this field edit field is set to samaccountname. This is the attribute that the Connection Broker should match the user s entered login name against. 9. Click Save. Step 9: Assigning User Roles and Policies When a user logs in to the Connection Broker, the Connection Broker searches the authentication servers defined on the > Users > Authentication Servers page for a user that matches those credentials. The Connection Broker then looks on the > Users > Assignments page, shown in the following figure, for the assignment rules associated with the authentication server that authenticated the user. For example, if the Connection Broker authenticated the user in the Leostream domain defined on the > Users > Authentication Servers page, the Connection Broker would look in the Leostream assignment rules in the following figure. To assign roles and policies to users in a particular authentication server, click the Edit link associated with that authentication server on the > Users > Assignments tab, shown in the previous figure. The Edit Assignment form for this authentication server appears, as shown in the following figure. By default, the Connection Broker matches the selection in the Group drop-down menu to the user s memberof attribute in Active Directory. 24

Quick Start If you modified your groups in Active Directory after you last signed into your Connection Broker, you must sign out and sign back in to have your Connection Broker reflect the authentication server changes. To assign rules based on the user s group attribute: 1. Select the group attribute from the Group drop-down menu 2. If you are using locations, select a location from the Client Location drop-down menu 3. Assign a role to this group and client location pair by selecting an item from the User Role dropdown menu 4. Assign a policy to this group and client location pair by selecting an item from the User Policy dropdown menu If you need to assign roles and policies based on a different authentication server attribute, uncheck the Query for group information option at the bottom of the Edit Assignments form. After you save the form, the format of the Assigning User Role and Policy section changes. For information on locations and roles, see the Connection Broker Administrator s Guide. Step 10: Testing Your Connection Broker Configuration To test your Connection Broker, ensure that users are being correctly assigned to their desktops, as follows: 1. Click the Users tab in the main navigation menu. 2. Click the Users tab in the Users page navigation menu. 3. Click Test Login, as shown in the following figure: 4. In the Test Login form that opens, enter the name of the user to test in the User Name edit field. 5. If you are allowing the user to specify their domain, select a domain from the Domain drop-down menu. 6. Use the Filter client list by location drop-down menu to restrict the clients shown in the Clients drop-down menu. You create these locations on the > Clients > Locations page. If you are not using locations, select All. 7. If you have any clients loaded into your Connection Broker, use the Client menu to select the client you want to test this user logging in from. 25

Chapter 2: Quick Setup 8. Click Run Test. The Connection Broker searches the authentication server for your user, and then presents a report indicating which role and policy it assigned the user, and what desktops and applications it would offer. Please, complete a login test prior to contacting Leostream support. 26

Quick Start Chapter 3: Managing Your License You can view and manage license information within the Connection Broker Web interface. To view license information: 1. Click on the System tab in the top navigation menu. 2. Click on the Maintenance tab in the System page navigation menu. Viewing License Information The License Information text on the right hand side of the Maintenance page, shown in the following figure, displays the license information. The number of available licenses currently used, for example: Number of licenses in use: 7 of 100. This number indicates the number of users that can concurrently be assigned to resources using the Connection Broker. The support expiration date, for example: Your support license expires 2020-05-03. This date indicates the last date that you are eligible for Leostream support and Connection Broker updates. Contact sales@leostream.com to add users to your licenses or renew an expired support license. Updating the Connection Broker The Connection Broker information displayed on the right side of the > System > Maintenance page displays the current Connection Broker version and the last time it was updated. If you have not recently updated your Connection Broker, you can download and install updates using options on the > System > Maintenance page. The most up-to-date Connection Broker update file can be found at: http://www.leostream.com/leostream-connection-broker-updates Leostream recommends taking a snapshot of your Connection Broker virtual machine prior to installing an update. Also, qualify the Connection Broker update in a pre-production environment before you roll the new version into production. 27

Chapter 3: Managing Your License If the update options are disabled, your Leostream support license has expired and you are no longer eligible for Connection Broker updates. Contact sales@leostream.com to renew your Leostream support license. To install the Connection Broker update file: 1. Go to the > System > Maintenance page. 2. Select the Install Connection Broker update option and click Next. The following Install Update File form opens. 3. Browse for or enter the full path to the update file. 4. Click Upload File. The Connection Broker checks the new file, and opens a form indicating the current version number and the new version number. Certain browsers, such as Internet Explorer, may automatically unpack the file. If the TGZ-file was unpacked during the download from the Leostream website, the file will not upload into the Connection Broker. 5. Click Install version x.x.x.x in this form to finish the installation. The Connection Broker update may over a half hour if the Connection Broker needs to recompile components such as OpenSSL. The update is complete after the Connection Broker reboots. Installing a New License To update your support license, or add users to your license: 1. Go to the > System > Maintenance page. 2. In the Update section, select the Install new license option. 3. Click Next. 4. In the Leostream license page, shown in the following figure, enter your new license key. 28

Quick Start 5. Click on the License Agreement link to open the End User License Agreement for the Leostream Connection Broker 6. Read the agreement and, if you accept it, select the I have read and accept the License Agreement check box. 7. Click Save. 29