Lab 25: Install a second Connection Server into the Horizon pod

Objective and Tasks

You add additional Horizon Connection Servers to an existing pod to both add resiliency, and to provide scale. In this lab, you will install a second Connection Server to a pod that currently only has a single Connection Server.

  1. Run the Connection Server installer on horizon-01b.
  2. Add the signed TLS certificate to the Connection Server.
  3. Configure the gateway services.
  4. Validate system health and add server to load balancer pool.
Expand or collapse content Task 1: Install the Connection Server

Open the console of horizon-01b and run the Connection Server installer, When prompted, select the replica option to add this server to an existing Horizon 8 pod.

  1. Use RDP to connect to horizon-01b
    • On your ControlCenter desktop open the RDP folder.
    • Click the RDP shortcut to horizon-01b
    • This will automatically log you into the horizon-01b VM.
  2. Run the Connection Server installer executable on horizon-01b
    • Open File Explorer on the task bar at the bottom.
    • Select the Resources (S:) drive.
    • Browse to S:\Software\Horizon_2512
    • Run Omnissa‑Horizon‑Connection‑Server‑x86_64‑2512‑8.17.0‑20302007542.exe
  3. Proceed through the initial installation screens
    • The installer will first display a Licensing confirmation message. Click Yes.
    • When the Installer Introduction screen appears, click Next.
    • Leave the default installation path: C:\Program Files\Omnissa\Horizon\Server, and click Next.
  4. On the Installation Options screen:
    • Select Horizon Replica Server for the type of Connection Server instance.
    • Ensure Install Web Client is checked.
    • Confirm IPv4 is selected.
    • Click Next.
  5. On the Source Server screen:
    • Enter the fully qualified domain name for an existing Connection Server in the pod you want to add this server to.
    • Server: horizon-01a.omnissatraining.com
    • Click Next.
  6. On the Firewall Configuration screen:
    • Ensure Configure Windows Firewall automatically is selected.
    • Click Next.
  7. On the Ready to Install the Program screen:
    • Click Install
    • The installer will now deploy the Connection Server services and a AD LDS instance replicated from the existing Connection Server.
  8. When the installation completes, uncheck the Show Documentation check box and click Finish.

Once installed the AD LDS database is replicated from an existing Connection Server in the pod. When operational, all Connection Servers in the pod are peers and functionally the same.

Expand or collapse content Task 2: Add the signed TLS certificate to the Connection Server

Add the signed TLS certificate to the Connection Server to replace the default self-signed certificate.

  1. Open the Microsoft Management Console (MMC) on horizon-01b, so that you can work with certificates.
    • In Windows > Start > Run > MMC
    • Use the File menu and select Add/Remove Snap-in.
    • Select Certificates and Add.
    • Select Computer account and click Next.
    • Leave the default selection of Local computer and click Finish.
    • Click OK.
  2. Update the self-signed certificate so that it is no longer used.
    • Navigate to the Certificates > Personal > Certificates folder.
    • Right-click and view the Properties of the default self-signed certificate Horizon-01b.omnissatraining.com
    • Change the Friendly name to vdm-selfsigned
    • Click OK.
  3. Start the import certificate wizard and select the certificate file.
    • Right-click on the Certificates folder, select All Tasks, and Import.
    • On the Welcome screen, click Next.
    • Browse to and select the signed certificate file at S:\SSL\omnissatraining\PFX\omnissatraining_with_pwd.pfx, and click Open.
    • Click Next.

By default the dialog only shows .cer and .crt file types. Change the file type selection to All Files (*.*) to see the pfx certificate file.

  1. On the Private key protection screen:
    • Password: Pa$$w0rd
    • Select the tick box next to Mark this key as exportable.
    • Click Next.
  2. On the Certificate Store screen:
    • Leave the default selection of Place all certificates in the following store of Personal.
    • Click Next.
  3. Complete the import certificate wizard.
    • Click Finish.
    • Click OK on the import status message the is displayed.

The Horizon Connection Server services use the certificate with the friendly name of vdm as the active certificate.

  1. Check that the imported signed certificate is the one that will be used by Horizon.
    • Right-click and view the Properties of the imported certificate *.omnissatraining.com
    • Ensure that the Friendly name is vdm
    • Click OK.
  2. Restart the Connection Server service.
    • Use the Windows Search bar and type services.
    • Launch the Services console.
    • Locate and select the entry for Omnissa Horizon Connection Server.
    • Right-click on the service and select Restart.

You might need to wait a few minutes for the services to restart before you can progress to the next task.

Expand or collapse content Task 3: Configure the gateway services

The edge gateway services are enabled by default on a new Connection Server installation. Follow the steps to logon to the Horizon admin console to disable and configure these.

  1. Open the Horizon admin console for horizon-01b.
    • On your ControlCenter desktop, open the Google Chrome browser.
    • Click the bookmark on the bookmark bar for Horizon-01b
    • This will connect you to the Horizon administrator console at https://horizon-01b.omnissatraining.com/admin

If the admin console does not display, wait for the services to restart and click Reload.

  1. Login to the Horizon admin console.
    • Username: administrator
    • Password: Pa$$w0rd
    • Domain: OmnissaTraining
  2. Edit the settings for Connection Server horizon-01b
    • Navigate to Settings > Servers.
    • Select the Connection Servers tab.
    • Select the entry for HORIZON-01B and click Edit.
  3. Configure the HTTP(s) Tunnel service.
    • Deselect the tick box next to Use Secure Tunnel connection to machine.
  4. Configure the PCoIP Security Gateway service.
    • Deselect the tick box next to Use PCoIP Security Gateway for PCoIP connections to machine.

Use PCoIP Security Gateway should already be deselected in the version of Horizon 8 being used in the lab.

  1. Configure the Blast Secure Gateway service.
  2. Click OK to save the configuration.
Expand or collapse content Task 4: Validate system health and add server to load balancer pool

Check everything is healthy on the new Connection Server, and add it to the appropriate third-party load balancer pool.

  1. Open the Horizon admin console for horizon-01b.
    • You should already have this open from a previous task.
  2. View the status of the Connection Server
    • Navigate to Monitor > Infrastructure.
    • Click View next to the entry for HORIZON-01B.
    • Review the status of the server, services, and connected services.

Once you are satisfied with that all configuration has been completed, and the new server is healthy, you would normally add this new Connection Server to the appropriate load balancer pool. This lab environment does not contain a third-party load balancer, and this information is only included for general guidance.

This concludes this lab.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.