3. Enterprise Configurations for App Volumes and Dynamic Environment Manager

Part 1. Certificate Management for App Volumes Manager services
  1. On your ControlCenter server
    • Open the Remote Desktops > Site 1 folder
      • select and launch the Appvol-01a.RDP shortcut
  1. In the Windows Security window
    • login as TechSeals\administrator
      • in the password area
        • enter Pa$$w0rd
      • select OK
  1. On the AppVol-01a server
    • from the Taskbar
      • select the folder icon
  1. In the File Explorer window
    • Quick access bar
      • expand This PC
        • select Local Disk (C:)
  1. In the File Explorer window
    • browse to
      • C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf
    • In the conf folder
      • rename appvol_self_vmware.com.crt to appvol_self_vmware.com.crt.origin
      • rename appvol_self_vmware.com.key to appvol_self_vmware.com.key.origin
  1. On the Appvol-01a Desktop
    • select and open the Software shortcut
      • in the Software folder, open
        • certificates > Techseals
      • In the Techseals folder
        • copy and paste
          • _techseals_co.crt and private.key
          • to C:\Program Files (x86)\CloudVolumes\Manager\nginx\conf
  1. In the File Explorer window
    • in the conf folder
      • rename
        • _techseals_co.crt to  server.crt
          • and
        • private.key to server.key
  1. In the File Explorer window
    • conf folder
      1. select nginx.conf
        • right-click
          • select Open with
      2. In the Windows can't open this type of file (.conf) window
        • select Try an app on this PC
      3. in the How do you want to open this file? window
        • select Notepad
          • select OK
  1. In the nginx.conf file
    • scroll down to ssl_certificate
      • rename   appvol_self_vmware.com.crt to server.crt
    • next to ssl_certificate_key
      • rename appvol_self_vmware.com.key to server.key
  1. In the nginx.conf file
    • select File
      • select Save
    • Close the Notepad window
  1. On the AppVol-01a server
    • select the START button
      • right click
        • select Run
    • In the Run window
      • next to Open:
        • enter services.msc
      • select OK
  1. In the Services window
    • select App Volumes Manager
      • right-click
        • select Restart
  1. On your ControlCenter server
    • open your Site 1 Browser
      • in the Favourites bar
        • select the App Volumes shortcut
      • Note your App Volumes address now has a trusted CA signed certificate

Note:

  • It will take a few minutes for the App Volumes Manager Admin Console to show, refresh your browser to validate.
  • Wait until it shows before starting Part 2
Part 2. Securing Active Directory Domain with secure LDAPS
  1. On your Controlcenter server
    • open the Site1 - Bangalore Chrome Browser
  1. On your ControlCenter server
    • Chrome browser
      • in the address bar
        • enter http://localhost/certsrv
      • In the Welcome page
        • below Select a task
          • select Download a CA certificate, certificate chain or CRL
  1. In the Download a CA certificate, certificate chain or CRL window
    • below Encoding method
      • next to Base 64
        • select the radio button
      • select Download CA certificate
  1. On the Chrome browser
    • to the right of the address bar
      • select the Download icon
    • in the Recent download history window
      • to the right of certnew.cer
        • select the Show in folder icon
  1. In the File Explorer window
    • select certnew.cer
      • right-click certnew.cer
        • In the dropdown menu
          • select Rename
  1. In the File Explorer window
    • rename certnew.cer
      • to adCA.pem
    • In the Rename window
      • select Yes

Note, there is a case sensitive requirement when renaming the cert to adCA.pem

  1. In the File Explorer window
    1. select adCA.pem
      • right-click adCA.pem
      • In the dropdown menu
        • select Copy
    2. In the Quick access menu
      • select Desktop
  1. In the File Explorer window
    • Desktop area
      • select the Software shortcut
        • In the Software folder
          • browse and open App Volumes
        • within the App Volumes folder
          • select and Paste adCA.pem
  1. On your ControlCenter server desktop
    • open the Remote Desktops > Site 1 folder
    • launch the Appvol-01a.RDP shortcut
  1. On your Appvol-01a RDP session
    1. select the Software shortcut
    2. In the Software area
      • browse and open the App Volumes folder
      • In the App Volumes folder
        • select and right click adCA.pem
      • in the dropdown menu
        • select Copy
    3. In the File Explorer window
      • Quick access bar
      • select This PC
  1. In the File Explorer folder
    • This PC area
      • browse to Local Disk (C:)
        • in Local Disk (C):
          • Browse to > Program Files (x86) > CloudVolumes > Manager > config
        • in the config folder
          • paste adCA.pem
  1. On the ControlCenter server
    • on your Site 1 Browser
      • from the Favourites bar
        • launch the App Volumes shortcut
    • in the App Volumes admin console
      • under Username
        • enter Administrator
      • under Password
        • enter Pa$$w0rd
      • select LOGIN
  1. In the App Volumes Manager admin Console
    • select the CONFIGURATION tab
  1. In the App Volumes Manager admin Console
    • In the CONFIGURATION area
      • select the Domains tab
  1. In the Active Directory Domains area
    • under Domains
      • in front of techseals.co
        • select the expand button
      • to the right of  techseals.co
        • select EDIT
  1. In the Edit Active Directory Domain area
    • enter and validate the following:
      • next to Domain Controller Hosts
        • validate that 192.168.110.10 is the IP address
      • next to Password
        • enter Pa$$w0rd
      • next to Security
        • from the dropdown
          • select Secure LDAP (LDAPS)
      • in the bottom left-corner
        • select UPDATE
  1. In the  Directory Services Domains area
    • note your  Active Directory Domain is now secured with LDAPS
  1. On the AppVol-01a server
    • select and right-click the START button
      • select Run
      • In the Run window
        • next to Open
          • enter services.msc
            • select OK
  1. In the Services window
    • select and right - click the App Volumes Manager service
    • from the dropdown select Restart

Wait for about 2 minutes for the services to come back online

Part 3. Registering all AppVolumes Agents with App Volumes Manager

The reason we have to do Part 3 is we our App Volumes Manager had a self-signed certificate prior to deploying App Volumes agents. In a Production environment. App Volumes Manager would be deployed first, configured with CA signed Certificates and then one would deploy the Agents

  1. On your ControlCenter server
    • on your Site 1 browser
      • select your vcenter-01a shortcut
  1. In the VMware vSphere page
    • in the username area
    • in the password area
      • enter Pa$$w0rd
    • select LOGIN
  1. In the vSphere client
    • select esxi-01a.techseals.co
      • select the VMs tab
        • in the VMs tab area
        • select the State column
          • next to :-
            • APPVolprov-01a
            • RDSHPROV-01a
            • W11INST-1
            • W11INST-2
            • RDSBLR -01-1
            • RDSBLR -01-2
            • W11EXT-01a
            • W11FullClone-1
            • select the checkboxes
              • right click
              • from the dropdown menu
              • select Power > Restart Guest OS
      • when prompted to Confirm Guest Restart window
        • select YES
  1. In the VMware vSphere Client
    • next to :-
      • appVolprov-01a
      • W11INST-1
      • W11INST-2
      • RDSBLR -01-1
      • RDSBLR -01-2
    • uncheck the checkboxes
  1. In the VMware vSphere Client
    • next to RDSHProv-01a
      • select the checkbox
        • right click
          • from the dropdown menu
            • select Power > Power On
Part 4. Configuring Dynamic Environment Manager in NOAD mode for Archive Backups

The default NOAD.xml file comes with default Export paths to archive the User Profile and an archive for the Logs, but there is no Archive Backups configuration by default.
If Archive Backups are configured , Users are able to use Self-Support and Administrators are able to use the Help Desk Support tool.
In the next part we will configure the NOAD.xml file and enable Archive Backups

  1. On the ControlCenter server
    • from the Taskbar
    • select the File Explorer folder
  1. In the File Explorer folder
    • Quick Access bar
    • select and expand This PC
      • select and expand Local Disk (C:)
        • select the DEMConfig folder
  1. In the File Explorer folder
    • DEMConfig folder
      • open the General > FlexRepository > NoAD folders
    • In the NoAD folder
      • select and right-click NoAD.xml
    • from the Dropdown
      • select Edit with Notepad++
  1. In the NoAD.xml file
    • append the following information after EventLogUEMRefresh="1" 
BackupPath="\\controlcenter.techseals.co\demprofiles$\%username%\Backups"
		BackupCount="4"
		BackupDaily="1"
  1. In the NoAD.xml file
    • select File > Save
    • close the NoAD.xml file

We have put in Steps for Arhive backups to work , we will look at Self-Support and Help Desk support with regard to Dynamic Environment Manager later in the labs

This Concludes this Lab Module

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.