2. Deploying and Configuring a Horizon Server POD

This lab will guide you to install Connection Servers ( Primary and Replica) which acts a broker. If this lab is not complete, you will not able to proceed further with any other labs during the session.

In this lab we will deploy and configure the primary Management Block elements that are required to get a vSphere based Horizon Platform up and running

  • We will deploy a Horizon Pod in a fictitious location called Bangalore.
  • The fictitious Seattle site , which is site 2 has already been deployed and configured
Section 1: Deploying the First Connection Server in the Horizon Pod
  1. In your Skillable lab environment
  • Side bar
    • select the Resources tab
  1. In your Skillable lab environment
    • Resources tab
      • scroll down and select ControlCenter.techseals.co
  1. In your Skillable lab environment
    • under Techseals\Administrator
      • in the password area
        • enter Pa$$w0rd
        • select the Enter Icon

in the Resources box, click on Pa$$w0rd and your password will be entered automatically

  1. On the ControlCenter server desktop
    • select the Remote Desktops Folder
      • In the Remote Desktops folder
        • open the Site 1 Folder
          • select and launch Horizon-01a.rdp and login
  1. On the Horizon-01a server
    • on the Desktop
      • select the software shortcut
      • in the Software folder path
        • browse to > Horizon > 2412
  1. In the Horizon\2412 folder
    • select and right-click Horizon Connection Server installer
      • select Open
      • In the Open File - Security Warning window
        • select Run
  1. In the Horizon Connection Server deploy wizard
    • select Next
  1. In the Horizon Connection Server deploy wizard
    • Destination Folder
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Installation Options
      • leave all configurations as default
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Data Recovery
      • next to Enter data recovery password
        • enter Pa$$w0rd
      • next to Re-enter password:
        • enter Pa$$w0rd
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Firewall Configurations
      • leave all configurations as default
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Initial Horizon Administrators
      • leave all configurations as default
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • User Experience Improvement Program
      • leave all configurations as default
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Operational Data Collection window
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • User Experience Improvement Program
      • next to General
        • select the dropdown
          • review the deploy platforms Horizon supports
      • ensure General is selected
      • select Install

The deployment should take about 10 minutes

  1. In the Horizon Connection Server deploy wizard
    • Installer Completed
      • select Finish
      • minimize your Horizon-01a RDP session
Section 2: Configuring the Horizon Pod

Omnissa best practices recommend using Subscription based licensing using Horizon Cloud Services. In Siloed or closed environments Perpetual licensing can still be used. Due to challenges with Cloud Services and limited supported features for Horizon 8 with Horizon Cloud Services, we will using Perpetual Licensing in this environment

Task 1. Activating Horizon Licensing
  1. On your ControlCenter server
    • select your Site 1 - Bangalore Chrome shortcut
  1. On your Chrome Site 1 Browser
    • from the Favourites Bar
      • select the Horizon Site 1
  1. On your Chrome Site 1 Browser
    • Horizon Site 1
      • select Advanced
      • select Proceed to horizon-01a.techseals.co (unsafe)
  1. In the Horizon login page
    • in the Username area
      • enter administrator
    • in the Password area
      • enter Pa$$w0rd
        • select SIGN IN
  1. In the Horizon Admin console
    • In the Licensing and Usage area
      • under the Licensing tab
        • next to ACTIVATE
          • select the drop down
          • from the drop down
            • select Term or Perpetual license
  1. In the Activate License window
    • next to License Key
      • enter 
89095-08KTH-01PFJ-39C9K-0Z902-TWPPF
  • to the right
    • select VALIDATE
  • In the bottom right corner
    • select Save
Task 2 - Configuring the Events DB
  1. In the Horizon Admin Console
    • in the left pane
      • below Settings
        • select Event Configuration
  1. In the Event Configuration window
    • below Event Database
      • select EDIT
  1. In the Edit Event Database window
    • enter the following below
      • *Database server
        • enter sql-01a.techseals.co
      • *Database Name
        • enter EVENTSDB1
      • *User Name
        • enter viewadmin
      • *Password
        • enter Pa$$w0rd
      • *Confirm Passw0rd
        • enter Pa$$w0rd
      • Table Prefix
        • enter VE_
    • to close the Edit Event Database window
      • select OK
Task 3 - Adding a vCenter Server Resource Block
  1. In the Horizon Admin Console
    • In the left-pane
      • expand Settings
        • select Servers
      • In the Servers area
        • from vCenter Servers tab
          • select ADD
  1. In the Add vCenter Server wizard
    • step 1 . vCenter information
      • enter the following below
        • * Server address
          • enter vcenter-01a.techseals.co
        • * User Name
        • * Password
          • enter Pa$$w0rd
      • below Deployment Type
        • to the right of General
          • select the dropdown
            • note the various Cloud platforms a vCenter Resource Block can run on
        • ensure General is selected
      • select NEXT
  1. In the Invalid Certificate Detected window
    • select VIEW CERTIFICATE
  1. In the Certificate Information window
    • select ACCEPT
  1. In the Add vCenter Server wizard
    • step 2 . Storage
      • below Hosts
        • next to /Region01a/host/Bangalore/esxi-01a.techseals.co
          • select the radio button
          • select NEXT
  1. In the Add vCenter Server wizard
    • Step 3 Ready to Complete
      • select SUBMIT
Task 4 - Horizon Admin Certificate Permissions

The Horizon Administrative Console has a Certificate Admin Permissions area, before using this we need to have an admin account with the relevant permissions

  1. In the Horizon Admin Console
    • in the left Inventory
      • below Settings
        • select Certificate Management
  1. In the Certificate Management area
    • Note that all configurations are greyed out
  1. In the Horizon Admin Console
    • in the left Inventory
      • below Settings
        • select Administrators
  1. In the Global Administrators View area
    1. select the Role Permissions tab
      • to the left
    2. select ADD
  1. In the Add Role window
    • below * Name
      • enter CertAdmin
  1. In the Add Role window
    • in the bottom right corner
      • go to page 2 by selecting
        • the change page Icon >
  1. In the Add Role window
    • below Privilege
      • scroll down until you find
        • Manage Certificates
      • next to Manage Certificates
        • select the Checkbox
      • In the bottom right-corner
        • select OK
  1. In the Global Administrators View page
    • select the Administrators and Groups tab
      • in the Middle, down half-way
        • select ADD PERMISSIONS
  1. In the Add Permissions window
    • step 1 Select a role area
      • scroll down until you find CertAdmin
    • next to CertAdmin
      • select the radio button
    • in the bottom right corner
      • select FINISH
  1. In the Horizon Admin Console
    • in the top right corner
      • next to administrator
        • select the dropdown icon
      • from the dropdown
        • select Log Out
  1. In the Horizon Admin Login
    • In the User  Name area
      • enter administrator
    • in the Password area
      • enter Pa$$w0rd
    • select SIGN IN
  1. In the Horizon Admin Console
    • in the left Inventory
      • below Settings
        • select Certificate Management
  1. In the Certificate Management area
    • Note that you now have permission to manage Certificates
  1. In the Certificate Management area
    • Note that you have a certificate designated for Machine Identity
    • Note that this certificate is not trusted

In the next Task we will update the self-signed certificate on your Horizon Server with a CA-signed certificate

Task 5 - Replacing a Self-signed certificate with a CA-signed Certificate
  1. In the Certificate Management area
    • select IMPORT
  1. In the Import Signed TLS Certificate window
    • In line with *Certificate Type
      • next to PFX
        • select the radio button
    • In line with *Certificate File
      • select BROWSE
  1. In the Open window
    • In the Quick Access bar
      • select Desktop
    • in the middle area
      • select the Software (horizon-01a) shortcut
  1. In the Open window
    • Software folder
      • go to certificates > Techseals
        • select WildCard_2025.pfx
    • In the bottom right-corner
      • select Open
  1. In the Import Signed TLS Certificate window
    • in line with * Password
      • in the Box
        • enter Pa$$w0rd
    • in the bottom right corner
      • select IMPORT
  1. In the Certificate Management area
    • note that there are now two Machine Identity Certificates
      • one is still In Use but the Status is Invalid
      • one is not being is not In Use but its Status is  Valid
  1. On the ControlCenter server
    • switch back to your Horizon-01a RDP session
  1. On the Horizon-01a Connection Server
    • on the Desktop
      • select the CertsMMC
  1. In the Certificates CertsMMC
    • below Certificates (Local Computer)
      • expand Personal
        • select Certificates
    • in the right pane
      • select and right-click  horizon-01a.techseals.co
      • in the dropdown menu
        • select Properties
        • In the Certificates window
          • Rename the Friendly name: vdm-selfsigned
          • Click OK
  1. In the CACertsSnapin
    • Certificates folder
      • select and right-click the *.techseals.co certificate
        • select Properties
  1. In the *.techseals.co Properties window
    • General tab
      • next to Friendly name:
        • note that the friendly name vdm, has been added automatically
          • In the past we had to manually write this in
      • select OK
  1. On the Horizon-01a server
    • select and right-click the START button
      • select Run
  1. In the Run window
    • next to Open:
      • enter services.msc
    • select OK
  1. On the Services window
    • scroll down to Omnissa Horizon View Connection Server
      • select and right click  Omnissa Horizon Connection Server
        • from the drop down
          • select Restart
  1. In the Services console
    • Wait until all the Horizon services restart

then wait at least 3 minutes before doing the next step

  1. In the ControlCenter server
    • Open your Site 1 browser
      • from the Favourites bar
        • select the Horizon Site 1 shortcut
      • Notice your Server is now trusted using a CA-signed Certificate
Section 3: Deploying and Configuring a Replica Server for a Horizon Pod

We will first Deploy the Replica , then we will replace the self-signed certificate with a CA signed certificate

Task 1: Deploying the Replica Server Connection server
  1. On the ControlCenter server desktop
    • select the Remote Desktops Folder
      • In the Remote Desktops folder
        • open the Site 1 Folder
          • select and launch Horizon-01b.rdp and login
  1. On the Horizon-01b server
    • On the Desktop
      • select the Software shortcut
      • In the Software folder path
        • browse to > Horizon > 2412
  1. In the Horizon\2412 folder
    • select and right-click Horizon Connection Server installer
      • select Open
      • In the Open File - Security Warning window
        • select Run
  1. In the Horizon Connection Server deploy wizard
    • select Next
  1. In the Horizon Connection Server deploy wizard
    • Destination Folder
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Installation Options
      • select Horizon Replica Server
        • select Next
  1. In the Horizon Connection Server deploy wizard
    • Source Server
      • next to Server:
        • enter horizon-01a.techseals.co
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Firewall Configurations
      • leave all configurations as default
      • select Next
  1. In the Horizon Connection Server deploy wizard
    • Ready to Install the Program
      • select Install

The deployment should take about 10 minutes

  1. In the Horizon Connection Server deploy wizard
    • Installer Completed
      • select Finish
Task 2: Configuring the Replica Server Connection server with CA Signed Certificate
  1. On your ControlCenter server
    • on your Site 1 browser
      • in the top right corner
        • select the 3 dotted Icon
    • from the dropdown
      • select New Incognito window
  1. On your Site 1, Incognito Browser session
    • in the address bar
      • enter https://horizon-01b.techseals.co/admin
  1. On your Site 1, Incognito Browser session
    • notice Your Horizon server certificate is not trusted
      • select Advanced
      • select Proceed to horizon-01b.techseals.co (unsafe)
  1. In the Horizon Login
    • in the username area
      • enter administrator
    • in the password area
      • enter Pa$$w0rd
    • select SIGN IN
  1. In the Horizon admin console
    • below Settings
      • select Certificate Management
  1. In the Certificate Management area
    • note that your Machine Identity certificate Status is Invalid
  1. In the Certificate Management area
    • select IMPORT
  1. In the Import Signed TLS Certificate window
    • in line with *Certificate Type
      • next to PFX
        • select the radio button
    • in line with *Certificate File
      • select BROWSE
  1. In the Open window
    • in the Quick Access bar
      • select Desktop
    • in the middle area
      • select the Software (horizon-01a) shortcut
  1. In the Open window
    • Software folder
      • go to certificates > Techseals
        • select WildCard_2025.pfx
    • in the bottom right-corner
      • select Open
  1. In the Import Signed TLS Certificate window
    • in line with * Password
      • in the Box
        • enter Pa$$w0rd
    • in the bottom right corner
      • select IMPORT
  1. In the Certificate Management area
    • note that there are now two Machine Identity Certificates
      • one is still In Use but the Status is Invalid
      • one is not being is not In Use but its Status is  Valid
  1. On the Horizon-01b Connection Server
    • On the Desktop
      • select the MMC shortcut
  1. In the Certificates Snapin
    • below Certificates (Local Computer)
      • expand Personal
        • select Certificates
    • In the right pane
      • select and right-click  horizon-01b.techseals.co
      • in the dropdown menu
        • select Delete
        • In the Certificates window
          • select Yes
  1. In the CertsSnapin
    • Certificates folder
      • select and right-click the *.techseals.co certificate
        • select Properties
  1. In the *.techseals.co Properties window
    • General tab
      • next to Friendly name:
        • once again note the vdm entry has already been added
    • select OK
  1. On the Horizon-01b server
    • select and right-click the START button
      • select Run
  1. In the Run window
    • next to Open:
      • enter services.msc
    • select OK
  1. On the Services window
    • scroll down to Omnissa Horizon View Connection Server
      • select and right click Omnissa Horizon View Connection Server
        • from the drop down
          • select Restart

wait at least 5 minutes before doing the next step

  1. In the ControlCenter server
    • Open your Site 1 browser
      • in the address bar
        • enter horizon-01b.techseals.co/admin
          • with your keyboard press enter
      • Notice your Server is now trusted using a CA-signed Certificate

If this does not work restart your Horizon Connection server services and wait another 5 minutes

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.