Overview and System Requirements¶
Linux Server Version¶
When installing a Linux distribution on your server, please ensure that the Server version is installed and not the Desktop version. Any required software packages will be installed when the OVD component is installed. Do not manually install a Graphical User Interface for desktop use or an X window environment. Failing to follow these recommendations may lead to poor system performance.
OVD Session Manager (OSM)¶
This server is the central piece of an OVD server farm and is always required. It manages the session establishment from a client, hosts the administration console and provides centralized management of all the OVD server resources. The OSM should be installed prior to any other server.
Inuvika provides various Linux packages for installing the OSM on a Linux server. Inuvika does not provide a Windows installer version of OSM.
All of the following Operating Systems are supported:
- RHEL 8 64-bit
- Ubuntu 22.04 LTS server (Jammy Jellyfish) 64-bit
Minimum hardware configuration:
- CPU: 2 Cores recommended as a minimum
- Memory: 4 GB recommended as a minimum
- Storage: 20 GB
- Network: 1 GB NIC (2 for failover)
OVD Administration Console (OAC)¶
This OAC provides a web-based service that allows administrators to configure the OVD farm.
Inuvika provides various Linux packages for installing the OAC on a Linux server. Inuvika does not provide a Windows installer version of OAC.
All of the following Operating Systems are supported:
- RHEL 8 64-bit
- Ubuntu 22.04 LTS server (Jammy Jellyfish) 64-bit
Minimum hardware configuration:
- CPU: 1 Core recommended as a minimum
- Memory: 1 GB recommended as a minimum
- Storage: 20 GB
- Network: 1 GB NIC
OVD Application Server (OAS)¶
OVD Enterprise is an application and desktop delivery solution. The OAS in the OVD solution is the server that hosts and serves the end user applications and desktops. It is accessed from an OVD client using an enhanced Remote Display Protocol.
An Application Server can be either a Linux system or a Windows system depending on the type of applications and desktops you want to deliver. Of course, you can mix Linux and Windows machines in an OVD farm to deliver applications seamlessly to the end user from different application servers. The user load will be load-balanced by the OSM among the available application servers to provide a better distribution of server resources.
Windows¶
All of the following Operating Systems are supported:
- Windows Server 2022 with Remote Desktop Services
- Windows Server 2019 with Remote Desktop Services
- Windows Server 2016 with Remote Desktop Services
- Windows Server 2012 R2 with Remote Desktop Services and extended support
- Windows 10 Enterprise/Pro (limited to one concurent session)
- Windows 11 Enterprise/Pro (limited to one concurent session)
Important
Windows 10/11 support does not include publication of Universal Windows Platform applications. These applications can be installed/removed manually.
Minimum hardware configuration:
- CPU: 4 cores recommended as a minimum
- Memory: 8 GB recommended as a minimum
- Storage: 50+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).
- Network: 1 GB NIC
Important
Inuvika does not recommend you use Windows Server Essentials because the Remote Desktop Session Host role may not be installed. The connection limit is set to only two concurrent users in this case.
Microsoft Remote Desktop Session Host (RDSH)¶
The Microsoft Remote Desktop Session Host (RDSH) role must be deployed, configured, and properly licensed. For more information about Microsoft Remote Desktop licensing, please visit the corresponding section of the official Microsoft documentation: Remote Desktop Licensing.
Important
The Windows server may run in a workgroup or be a member of an Active Directory domain but must not run as a domain controller.
Enabling Network Level Authentication (NLA) on Microsoft RDS is optional but strongly recommended.
Linux¶
All of the following Operating Systems are supported:
- RHEL 8 64-bit
- Ubuntu 22.04 LTS server (Jammy Jellyfish) 64-bit
Minimum hardware configuration:
- CPU: 4 cores recommended as a minimum
- Memory: 8 GB recommended as a minimum
- Storage: 50+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).
- Network: 1 GB NIC
Requirement for the nls_utf8 kernel module¶
The OVD Application Server requires the nls_utf8
kernel module to be installed
on the system.
This module is installed by the distribution’s default Linux kernel. However,
some cloud-based environments may provide their own custom Linux kernel and
these kernels are not guaranteed to include nls_utf8
.
Info
This section is not required when using a default Linux kernel. Typically
linux-image-generic
on Ubuntu.
To verify if the module is installed on the system, run the following command:
If the command returns an error, it means that the module is not installed. In this case, try the following alternatives:
-
Search if the module is provided by a package that can be installed.
For example, when using Ubuntu's default kernels, the module is provided by the
linux-modules-extra
orlinux-image-extra
packages.Check if the kernel provides such extra packages:
-
Contact your Cloud provider to request the support of
nls_utf8
-
Switch to a different kernel, such as the distribution's default kernel
OVD File Server (OFS)¶
Within OVD, the OFS provides a centralized file management system that enables users to access the same files independently of which application server is used to provide the application. OFS provides a network file system that the OAS Servers are able to access when users are running sessions. It is used to provide access to both user profiles, and data folders and files.
The OFS is available for Linux based servers only. In a small OVD server farm, the OFS may reside on the same physical machine as the OAS. In larger installations, the OFS would typically be installed on dedicated hardware.
All of the following Operating Systems are supported:
- RHEL 8 64-bit
- Ubuntu 22.04 LTS server (Jammy Jellyfish) 64-bit
Minimum hardware configuration:
- CPU: 2 cores (4 cores recommended)
- Memory: 2 GB (4 GB recommended)
- Storage: 100+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).
- Network: 1 GB NIC
OVD Web Access (OWA)¶
The OWA server is responsible for managing browser-based client sessions. This requires an HTML5 compliant browser on the client machine but no software needs to be installed on the client machine. The OVD session can be tunneled over an SSL session for secure data transmission.
For small installations, it is possible to install OWA on the same machine as the OSM. For larger installations it is recommended to install one or more OWA roles on separate servers and to load-balance the servers for optimal performance.
In this example, we are using web.test.demo
as the OWA resource name.
All of the following Operating Systems are supported:
- RHEL 8 64-bit
- Ubuntu 22.04 LTS server (Jammy Jellyfish) 64-bit
Minimum hardware configuration:
- CPU: 2 cores recommended as a minimum
- Memory: 4 GB recommended as a minimum
- Storage: 20 GB
- Network: 1 GB NIC (2 for failover)
Enterprise Security Gateway¶
Important
OVD Enterprise Secure Gateway is an optional, albeit recommended component of OVD.
OVD uses several ports during the client session, mainly HTTPS (443) and RDP (3389). But in some cases, for example when the user is remote, a firewall would typically be configured to block access to the RDP port. The ESG tunnels all the OVD connections between the client and itself, over an HTTPS session. So from any location, users that have access to HTTPS (443), will also be able to start an OVD session.
The ESG also can be used to unify access to multiple OVD Application Servers by providing a single point of access to the clients.
Important
The ESG must be installed on a dedicated server.
All of the following Operating Systems are supported:
- RHEL 8 64-bit
- Ubuntu 22.04 LTS server (Jammy Jellyfish) 64-bit
Minimum hardware configuration:
- CPU: 2 cores (4 cores recommended)
- Memory: 4 GB recommended as a minimum
- Storage: 20+ GB
- Network: 1 GB NIC
Firewall and Ports¶
OVD requires several ports to be open in order to support different server roles. Although specific commands are provided for each component (in their corresponding section), IT Administrators should review and verify all necessary firewall rules in order to prevent possible service disruptions.
Important
Instructions on how to configure your firewall for each of OVD roles are provided in Manual Installation Guide.
In case of OVD One Touch installation, rules are applied automatically.
Following diagram describes the communication between different OVD roles and corresponding port numbers.
OVD Session Manager
-
Incoming traffic
TCP 443
(HTTPS): for communication with an end user's browser, OVD Administration Console, OVD Web Access and Enterprise Secure GatewayTCP 1111
(HTTP): for communication with an OVD Application Server, OVD File Server and Enterprise Secure Gateway
-
Outgoing traffic
TCP 1112
(HTTP): for comunication with Enterprise Secure Gateway, OVD File Server and OVD Application Server
OVD Administration Console
-
Incoming traffic
-
TCP 443
(HTTPS) and/orTCP 80
(HTTP): for communication with an administrator's browser and the Enterprise Secure GatewayNote
TCP 443
(HTTPS) will only be available if you chose to enable HTTPS access during Administration Console installation.
-
-
Outgoing traffic
TCP 443
(HTTPS): for communication with an OVD Session Manager
OVD Application Server
-
Incoming traffic
TCP 1112
(HTTP): for communication with the OVD Session ManagerTCP 3389
(RDP): for communication with the OVD Enterprise Secure Gateway, OVD Web Access and end user's browser
-
Outgoing traffic
TCP 1111
(HTTP): for communication with the OVD Session ManagerTCP 445
(CIFS): for communication with the OVD File Server
OVD File Server
-
Incoming traffic
TCP 1112
(HTTP): for communication with the OVD Session ManagerTCP 1113
(HTTP): for communication with an OVD Web AccessTCP 445
(CIFS): for communication with an OVD Application Server
-
Outgoing traffic
TCP 1111
(HTTP): for communication with the OVD Session Manager
OVD Web Access
-
Incoming traffic
TCP 1112
(HTTP): for communication with the OVD Session Manager (for OVD version >= 3.3.0)-
TCP 443
(HTTPS) and/orTCP 80
(HTTP): for communication with an end user's browser and the Enterprise Secure GatewayNote
TCP 443
(HTTPS) will only be available if you chose to enable HTTPS access during OVD Web Access installation.
-
Outgoing traffic
TCP 1111
(HTTP): for communication with the OVD Session Manager (for OVD version >= 3.3.0)TCP 443
(HTTPS): for communication with an OVD Session ManagerTCP 3389
(RDP): for communication with an OVD Application ServerTCP 1113
(HTTP): for communication with an OVD File Server
OVD Enterprise Secure Gateway
-
Incoming traffic
TCP 1112
(HTTP): for communication with the OVD Session ManagerTCP 443
(HTTPS): for communication with an end user's browser
-
Outgoing traffic
TCP 3389
(RDP): for communication with an OVD Application ServerTCP 443
(HTTPS): for communication with an OVD Session Manager-
TCP 443
(HTTPS) and/orTCP 80
(HTTP): for communication with an OVD Web Access and Administration ConsoleNote
TCP 443
(HTTPS) will only be available if you chose to enable HTTPS access during OVD Web Access installation and Administration Console installation. -
TCP 1111
(HTTP): for communication with an OVD Session Manager
Warning
Before installing the ESG, ensure that no service is running on port
TCP 443
(HTTPS).
Note
The above rules apply only to standard configurations. If you plan to use a different configuration (e.g. installing multiple OVD services on a single server), you may not need to apply all the rules described.
Security-Enhanced Linux (RHEL only)¶
Security-Enhanced Linux (SELinux) is a Linux kernel security module that
enhances the security of your system. In RHEL distributions, SELinux
is enabled by default and runs in enforcing
mode.
OVD is fully compatible with SELinux, however every role needs set of SELinux rules to be applied. Instructions on how to configure various OVD roles are described in corresponding sections of Manual Installation Guide. If plan to use OVD One Touch Installation, rules are applied automatically.
To verify the status of SELinux on any node, run the following command:
The expected (and default) SELinux status is enabled
, with current mode set to
enforcing
. If current mode is set topermissive
, SELinux is running, but
mandatory access control is not enforced. In that case, you might want to set
the mode to enforcing
:
- Edit the
/etc/selinux/config
file and set theSELINUX
variable to enforcing
Important
If SELinux is disabled
and you want to enable it, follow the official Red
Hat documentation:
Changing SELinux States and Modes.