Download

Administration Guide

Preface

This document describes the system administration functionality that can be performed to manage an OVD farm using the OVD Administration Console.

History

Version Date Comments
1.9 2017-11-03 Upgrades for OVD 2.5
1.8 2017-07-18 Updates for OVD 2.4, including information about new Data Management settings; Reformatting
1.7 2017-01-19 Updates for OVD 2.3
1.6 2016-10-26 Updates regarding the multi-monitor setting with OVD 2.2
1.5 2016-08-09 Updates to server settings and the user profiles page.
1.4 2016-05-27 Updates and corrections. Added information about configuring OVD components.
1.3 2015-12-01 Updates for OVD 1.4
1.2 2015-11-04 Added information about FS High Availability for Invuika OVD 1.3. Minor corrections and updates.
1.1 2015-08-11 Added details for External Data Storage
1.0.2 2015-07-03 Updates for OVD 1.1
1.0.1 2015-03-13 Updates and corrections for OVD 1.0.1
1.0 2015-03-05 First version

Introduction

Inuvika OVD provides a software platform for Microsoft Windows and Linux application and desktop virtualization functionality. The software supports most server virtualization environments as well as brand named enterprise-level servers. The product delivers Linux and/or Windows hosted resources over any network to any device that is HTML5 capable.

This document describes how to configure and administer an OVD farm and focuses on the OVD Administration Console.

The documentation is available for download from the same location the software can be downloaded at https://archive.inuvika.com/ovd/latest.

  • Architecture Overview and System Requirements
  • Overview of Open Virtual Desktop
  • Installation and Configuration Guide
  • Session Manager API Guide

The following OVD Enterprise documentation is available:

Inuvika OVD architecture and components

An overview of the OVD system architecture is provided in the Architecture Overview and System Requirements document.

OVD Administration Console Overview

Inuvika OVD provides an OVD Administration Console (OAC) component that should be installed on one of the OVD Linux farm servers. The component is normally deployed with the OSM on the OSM server. The OVD Administration Console component provides a web-based administration console to configure the OVD farm. An API is also provided that can be used to automate all or part of the OVD administration process. For further details, please refer to the Session Manager API Guide. The credentials required to access the OVD Administration Console or use the API are created during the installation process. The Administration Console presents a number of different top level sections identified by icons in a ribbon at the top of the page. Each section groups related administrative tasks together that will be described in the following chapters.

Accessing the OVD Administration Console

The OVD Administration Console can be accessed using a web browser and entering the URL containing the domain of server hosting the administration console followed by the path /ovd/admin. The protocol used to access the administration console may be either HTTP or HTTPS depending on how the component was configured. The user will be required to authenticate himself using the credentials that were created during the installation process. http(s)://admin_console_domain/ovd/admin

OAC home page

After successful authentication, the user is presented with the OAC home page. This page displays a snapshot summary of the status of the whole OVD farm, shortcut links to many of the other areas of the administration console and a set of icons at the top of the page that group related administrative actions. The actions presented on this page in the System area impact the entire OVD farm, not just the server hosting the console. Here the administrator can Switch the system to maintenance mode or Switch the system to production mode to change the operating mode of the OVD farm. If the OVD farm is in maintenance mode, new sessions are prevented from starting but existing sessions will continue to work. Any major maintenance work should not be undertaken until all user sessions have terminated.

Servers

The Servers section is used to manage the servers in the OVD farm. The first tab shows the list of all registered servers within the OVD server farm. It also shows information about the server:

  • Server name (by hostname, FQDN or IP).
  • Type, can be Windows or Linux.
  • Version, provides version information about the operating system running on that server.
  • Roles can be Application Server, File Server or Gateway together with an indication that the role is either Enabled or Disabled.
  • Status, can be Online, Offline or Broken.
  • Details, provides some hardware information about the server.

The status of each server may be changed by selecting the action to Switch to maintenance or Switch to production

Important

An OSM server will not be displayed in this list if it is not running the File Server, Application Server, or Gateway role

Server properties

Selecting the server name displays more detailed information about the server.

Monitoring

A snapshot of the server resource usage is displayed

  • CPU usage
  • RAM usage
  • Session usage
  • Disk usage

Configuration

  • Display name: blank by default. If not set, the internal name is used. This field is used to provide a better server visibility
  • Internal name (fqdn): This is a required field. By default, the server IP address is used but may be replaced by the server's FQDN
  • Redirection port (rdp) for this server: By default, TCP 3389. You can change this port to allow direct access from a NAT system. This port must be changed to a different value for each OVD OAS server that users may connect to.
  • Roles available on this server: The current role and status of the server is displayed. The Application Server, Gateway and File Server roles can enabled/disabled or the server can be switched to Maintenance or Production mode. The File Server and Gateway roles will not be available for a Windows server. The Gateway role requires a valid subscription key.

List of Server Groups Including This Server

A server may belong to a server group. A server can be added to one of the available server groups presented in the drop down list. If the server is already in a server group, it may be removed. The server group functionality allows the administrator to allocate a set of servers to one or more user groups so that user sessions for those specific user groups are allocated to specific servers.

Role: Application Server

Clicking the link displays the following information:

  • Number of available sessions on this server: A value is automatically set at installation time depending on the available server resources. This value represents the maximum concurrent user sessions this server can host. Additional user sessions above this limit will be prevented.
  • Applications available on this server: Lists all known applications on the server that are available for publication.
    • Linux OAS servers: Only applications that have a .desktop file associated with it are listed. On the Linux application server this is determined by the set of .desktop files in the folder /usr/share/applications/.
    • Windows OAS servers: Applications that are available in the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs are listed:
    • Clicking on an application icon will display the Applications page for that application

Note

On a Windows Application Server, Internet Explorer is not displayed by default as an application in the OVD Administration Consol. To correct this, simply create a shortcut in the corresponding folder. e.g. for Internet Explorer 11 on a Windows server, create a shortcut in the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs.

Similarly, Windows Explorer is not displayed as an application by default in the OVD Administration Console. To add Windows Explorer, create a shortcut for it in the appropriate folder. e.g. for a Windows server, create a shortcut for it in the folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs and add the default drive as a parameter in the shortcut's target field. Alternatively, specify %userprofile% as a parameter in the target field to open the user's home directory.

Role: File Server

Clicking the link displays the following information:

  • User profiles on the server (displayed if user profiles have been created on this server)
    • Owner: the name of the user associated with the profile.
    • Status: indicates whether the profile is ok or corrupted.
  • Shared Folders on the server (displayed if shared folders have been created on this server)
    • Name: the shared folder name. Clicking the shared folder name redirects the browser to the shared folders page.
    • Used by: the list of user groups for whom the shared folder is published.
  • Action: allows the administrator to create a new shared folder on the server.

Unregistered Servers

All newly installed APS servers will be listed on this page. A server must be registered before it can become part of the operational OVD farm. During this process, various information is transferred from the server to the Session Manager.

Important

If no register button is displayed, verify that there is are no firewall issues preventing communication between the OSM and the server. Please refer to the Architecture Overview and System Requirements document for further details

Server Groups

One or more user groups can be assigned to a server group. User connections will then be prioritized to use one or more of the servers from this server group. If no servers from the group are available then (default behavior), the user session is established to one or more external servers.

A global policy, Bypass server restrictions, is defined in the Session Settings and set to yes by default. The default setting allows users to connect even if no server from the server group is available. If set to no, if no server from the server group is available, users will not be able to connect. The Bypass server restrictions can be specified as a user group policy.

This tab displays the available server groups and allows a new server group to be created. When creating a server group, the group must be first created and then the servers and user groups selected that should be added to the server group. The user group defines which users are assigned to the server group.

To modify the settings for a server group, select the server group using the server group name or the manage button.

File Server Clusters

The file server clusters tab displays the available file server clusters which have been defined to use the high availability configuration for the OVD File Server component. Currently, only one file server cluster can be defined in an OVD Farm. If no cluster has been defined, a new cluster can be added on this page. Once a file server cluster has been added, the settings for the cluster can be modified by clicking on the File Server Cluster name or the Manage button. Further details about the High Availability configuration for the OVD File Server can be found in the File Server High Availability Guide.

File Server Cluster Management

This page displays detailed information about the File Server cluster and allows the administrator to modify the settings for the cluster.

Settings
  • Name: the name given to the File Server Cluster.
  • Description: an optional description for the cluster.
  • Virtual IP: the virtual IP associated with the cluster.
  • Maintenance: a check box indicating whether the cluster is in maintenance mode or not.

The cluster may be deleted by clicking the Delete this cluster button.

List of servers in the cluster

This section displays the OVD File Servers that are part of the File Server Cluster and any servers that may be eligible to be added to the cluster.

List of sessions currently using the cluster

This section displays a list of the user sessions that are currently active on the File Server Cluster.

Shared Folders

The shared folders tab displays a list of all available shared folders. It is possible to create a new shared folder or delete an existing shared folder. A shared folder must first be created and then the settings for that folder can be defined by selecting it. Shared folders are created on the OVD File Server and the access to the folder is controlled by the OVD File Server. The shared folders are mapped into a user session for each application server involved in the user session when the user connects to OVD. For shared folders to be active in an OVD user session, the Enable shared folders setting must be enabled. Further information about integrating external storage systems into Inuvika OVD can be found in the Data Storage Guide.

Clicking a shared folder name displays the properties:

  • Server: the server IP/FQDN where the shared folder is located.
  • Configuration: The shared folder name can be modified and a storage quota assigned.
  • Publications: This section controls which user groups have access to the shared folder and determines the access permissions (read or read/write) for that user group. Existing publications are listed and me ay be removed. If unpublished user groups are available, new publications may be added.

External Data Storage

The external data storage tab displays a list of all folders that are mapped to external data storage devices. On this page it is possible to create a new folder, and delete or modify an existing folder. The folder will be mapped into the user session for each application server involved in the user session when the user connects to OVD. This mechanism does not involve the OVD File Server but creates a connection directly from the application server to the external data storage device. For external data storage folders to be active in an OVD user session, the Enable shared folders setting must be enabled. Further information about integrating external data storage into Inuvika OVD can be found in the Data Storage Guide. The settings reference an existing external data storage folder that you would like to give users access to. When creating a new folder reference, you can specify:

  • OVD Session Folder (required): the name of the data folder as it will appear in the user session.
  • Type (required): the type of external data storage. Select a value from the dropdown list. The possible selections are NFS, CIFS, webDAV, and webDAVS.
  • URI (required): This value should have the format <IP/FQDN>/<sharedfolder> where the IP/FQDN is the address of the data storage server and the sharedfolder is the path to the data folder on that server eg: 192.168.0.10/sharedfolder1. Do not specify the scheme as part of the URI. It is also possible to add a variable to represent the name of the user by entering ${user} as part of the URI eg. 192.168.0.10/sharedfolder1/${user}. The ${user} variable will be replaced at runtime with the value of the userid entered by the user when connecting to the OVD session. This approach can be used to map home drives on an external storage device into the OVD user session. It is also possible to modify the evaluated value since it is treated as a variable by the underlying code. For example:
    • {user}: is the same as ${user}
    • {user}[0]: returns the first character of the userid
    • ${user}[-1]: returns the last character of the userid
    • {user}[1:3]: returns the second and third characters of the userid
  • Authentication (required): the type of authentication. Valid values are OVD User Credentials - use the credentials the user used to start a session, Guest User - no credentials, and Custom Authentication.
    • NOTE: If Custom Authentication is selected, the system will prompt for a login and password that users will use to authenticate against the external storage
    • NOTE: No authentication is required when using NFS and the system will disable the authentication section and set the authentication type to Guest User
  • Parameters (optional - for Linux application server only): specify any additional parameters that should be used using the syntax for options in the Linux mount command.

These settings can be modified by clicking the manage button associated with the folder and then modifying the settings presented.

To give users access to external data storage: first add the specifications for the folder and then go to its manage page. Once on the manage page, add access for a particular user group in the User Group section. Access can also be added for a specific user group by going to the manage page for the user group and adding the data folder as presented in the External Data Storage section.

Login Scripts

A login script is a script that will be executed at user login on each Application Server involved in serving an application for a user. The login script tab lists existing login scripts and provides an interface to create a new script. An existing script may be deleted or modified.

The script can be created using various scripting languages on Windows and Linux such as:

  • Bash (Linux only)
  • Python
  • Vbs (Visual Basic, Windows only)
  • Batch (Windows only)
  • Powershell (Windows only)

It is possible to edit the scripts with the embedded WYSIWYG editor or by importing an existing script.

Once a script has been created it must be assigned to one or more user groups for it to become active. Once active, the script will be executed on the assigned Application Servers when a user in the selected user group performs a login.

Profiles

The profiles tab lists the user profiles that are available in the OVD farm. User profiles are created if the persistent user profiles setting is enabled and an OFS server is operational within the OVD farm. The page displays the name of the user profile and the associated owner (userid). Profiles can be filtered by entering a string which will be used as a wildcard search across the userids in the system. User profiles are identified by a unique id starting with p_XXXXXX. Clicking on the profile will display the following information:

  • OFS server on which the profile is stored
  • User name associated with the profile

The profile can also be deleted if it is no longer required or has become corrupted. Profiles can be stored on an external data storage device such as a NAS or SAN. Please refer to the Data Storage Guide for detailed instructions on connecting an external storage device to the OVD File Server.

Important

All user data/application preferences will be lost when deleting a user profile

Users

By default, OVD uses the internal database to store information about users and user groups as well as for authentication. In this mode, users and user groups are managed within the OVD administration console.

These settings can be changed as described in the Configuration section. If you are using a directory for user authentication, users will be displayed in read only mode. If you are also using a directory to define the user groups, then both users and user groups are displayed in read only mode.

The following information is provided for the case when the internal database is being used for users and user groups.

Users

The first tab displays a list of the users defined in the system. The number of users displayed is limited by the Maximum items per page setting in the Configuration section. When there are more users available than the limit defined, a filter can be used to find the users that you wish to manage.

A new user can be created by entering the user login, display name and password for the user and then clicking the Add button. The system will create the new user and add the user to the default user group. The user properties can then be modified by selecting the user from the list.

The populate function provides a way to create a base set of users in the internal database. This is designed for use in the product evaluation phase as a quick way of creating a test set of users.

User Properties

Selecting a user will display details about the chosen user, some of which can be modified directly on this page:

  • User account details with the option to delete the account. When the system is configured to use a persistent UID and GID (subscription key required), the UID and GID values that are stored in the LDAP directory for this user will be displayed.
  • Modify the password/display name.
  • List of user groups of which the user is a member.
  • List all applications to which the user has access (based on the available publications for the assigned user groups).
  • User session settings that can be overridden for this user - see the Configuration section for details. This can be useful when specific users require individual settings.
  • Displays the OFS server hosting the user profile with the option to delete the user profile if it exists or create one if it doesn't exist

User Groups

A user group is one of the key objects in OVD. It defines a group of users and is used by the system to apply various policy settings to the users defined in the user group. It is important to design and define the user groups with a clear understanding of how they will be used so that user administration can be performed more easily.

The main tab displays a list of the available user groups and the ability to create a new user group or delete an existing user group. A user group can be selected by clicking the user group name and then the user group properties page will be displayed.

Adding a new user group requires entering the user group name and an optional description. After adding the new user group, the user group properties page will be displayed.

Default User Group

If a default user group is defined, then all users in the system will be added to this group. A default user group is not required but may make certain administration tasks simpler. Only one user group can be defined as the default user group. The current default user group if defined, is displayed as an attribute of the user group on the main user group tab. Modifying which user group should be the default user group can be done by first removing the default property from the current default user group and then adding the default property to the required user group.

User Group Properties

On this page, details about the chosen user group will be displayed, some of which can be modified directly on this page:

  • User group details with the option to delete the group
  • The group can be promoted to be the default user group or removed if it is already the default user group.
  • Blocking a group prevents member of the group from accessing published resources.
  • Modify the group name/description.

The section List of users in the group displays the users currently in the user group and provides the ability to add users to and remove user from the user group.

The section List of publications for this group displays the current publications associated with the user group and provides the ability to add/remove a publication.

The section List of published Server Groups for this group displays the server groups currently defined for the user group and provides the ability to add/remove a server group.

The section Policy of this group displays the current policy settings related to OVD administration for the user group and provides the ability to add/remove policy settings. These settings are used for defining delegated administration rights for a set of users.

The section Shared Folders displays the shared folders currently defined and provides the ability to add a shared folder with the selected access rights or to remove a shared folder.

The section Session Settings configuration displays the overridden session settings for the user group and provides the ability to modify a setting, remove a setting or add a new setting.

Publications/Publication Wizard

These tabs redirect to the respective tabs with the Applications section, refer to the Applications section for details.

Applications

The first tab displays a list of all the applications within the OVD farm that are available for publication. An application is displayed only once even if installed on multiple application servers. An application may appear more than once if its installation or configuration data is different between application instances. The available applications on an application server are determined when an application server is registered with the OSM or when a new application is installed after registration. In addition, the administrator may create a static application which will also be displayed in this list. Selecting an application will display the application properties. If the application selected is a static application, the properties page displayed will be the one described in the static application section.

This page also permits orphaned applications to be removed. An orphaned application is an application that is no longer available within the OVD farm on a registered application server. This occurs when an application server is removed from the OVD farm for some reason and not replaced with an equivalent server. In this case the action to remove orphaned applications must be performed.

Application Properties

On this page, details about the chosen application will be displayed, some of which can be modified directly on this page:

  • The application icon can be selected or a new icon uploaded.
  • A copy of the application can be created by cloning it to a static application. The copy will then be listed in the Static Applications tab. These applications can be modified to use specific settings for launching the application as described below in the section Static Applications.

The section Servers with this application displays all the application servers that host the application. In the case of multiple servers, the application server chosen to serve the application will be determined by the load-balancing configuration set in the Configuration section.

The section Groups with this application displays all the application groups that contain the application. The application can be added or removed from an application group.

The section Mime-Types displays a read-only list of the mime-types associated with the application. Mime-types associated with the application can be changed by creating a static application and modifying its configuration.

The section Software Licenses is part of OVD Enterprise and provides a shortcut to create a software license or view existing software licenses for this application. In addition, the software license threshold can be set. This defines the point at which an alert will be generated regarding the number of licenses remaining unallocated. Please refer to the Software License Management Guide for further details.

Web Applications

Inuvika OVD allows external Internet-based applications to be published to a user. The web application can also be configured for single sign on (SSO) using a configuration file. Please refer to the OVD Web Application Connect Guide for details. This feature is provided as a technology preview and is not supported for production environments.

The browser to be used for a Web Application for both Linux and Windows can be defined or modified in this section.

Application Groups

An application group is a collection of applications. The combination of an applications group with a user group is called an application publication. An application publication specifies that the users in the user group will be presented with access to the applications in the application group when the user starts an OVD session. The main tab displays a list of the available application groups and the ability to create a new application group. An existing application group can be selected to display the application group properties page which is also automatically displayed after creating a new application group.

Application Group Properties

On this page, details about the chosen application group will be displayed, some of which can be modified directly on this page:

  • Application group details with the option to delete the group.
  • Blocking the group will prevent users in any associated publication from being able to access the applications in the application group.
  • Modify the group name/description.

The section, List of applications in this group, displays all the applications defined in the application group and provides the ability to add applications to and remove applications from the group

The section, List of publications for this group, displays the current publications associated with the application group and provides the ability to add/remove a publication.

Mime-types

This tab displays all the mime-types defined for all published applications as read-only data. Selecting More Information displays the applications associated with the mime-type.

Static Applications

A static application is created and managed by the OVD administrator. A static application should be created if an application must be customized to configure the command line parameters, mime-types or the application server to serve the application.

The main tab lists the currently available static applications which can be deleted or modified. An application can be selected to display the static application properties page which is also automatically displayed after creating a new static application.

A static application may be created in one of the following ways:

  • On the static applications page by providing the information to add a static application.
  • By cloning an application already listed by OVD in the applications tab.

To create a static application on the static applications main page, choose the type of application, either Linux or Windows, provide a name, description (optional) and the command line parameters for the Linux or Windows application. Once created, the static application properties page will be displayed.

Note: The Web based static application has been deprecated. If a static Web application is required, create a Linux or Windows static application with the platform web browser as the executable and add the required URL as a parameter.

Static Application Properties

On this page, details about the chosen static application will be displayed, some of which can be modified directly on this page:

  • Static application details with the option to delete the static application.
  • Modify the name, description and command line.
  • Modify the icon to be used by uploading a file containing an image of the icon to be used. OVD will convert the image to a 32x32x32 PNG file for use as the icon. Most image formats are supported but the ico file format is not supported.

The section, Servers with this application, displays all the servers that can serve this application. The association with a server can be removed.

The section, Groups with this application, displays all the application groups that contain the application. The application can be added or removed from an application group.

The section, Mime-Types, displays a list of the mime-types associated with the application. A new mime-types association can be added and an existing mime-type association deleted.

Software Licenses

OVD provides a feature for capturing software license data for the applications being served by OVD. For further details about this feature please refer to the Software License Management Guide.

Publications

At least one application group must be published to at least one user group for users to be able to access the OVD farm. Server publications are optional.

The main tab displays a list of the available application and server publications and the ability to create a new application or server publication. Existing publications may be deleted.

Publication Wizard

The publication wizard provides an easy-to-use way to create new application publications.

Reporting

The reporting section provides a number of reports about the system and how users are interacting with it.

Timezone

The reporting pages provide a time selector for filtering by time period. Also, the returned information contains timing information. For instance, the results may include when a session was disconnect or when a specific server was loaded by XX%.

This date and time information is displayed in local time according to the Session Manager and Administration Console configuration (php.ini date.timezone).

For the sake of consistency, make sure you configure the "date.timezone" value in the PHP ini for both the Session Manager and the Administration Console according to your current timezone. Otherwhise, your reporting information may display dates for different timezones, making reports unclear and difficult to understand.

If the Session Manager and Administration Console are not installed on the same system, make sure they are both configured to use the same timezone in their PHP ini configuration.

General

The general reporting page presents a number of different sets of output for a user-selected period of time. The following information is available for the period selected for the system as a whole:

  • Number of launched sessions.
  • Number of active sessions.
  • Session distribution by server.
  • Session end status distribution.

The following information is available for each server:

  • Number of launched sessions for each server.
  • Session end status distribution.
  • CPU usage.
  • RAM usage.

Session Reporting

Session reporting displays a list of archived sessions and provides a means to access a detailed report for every completed session. A filter is available to search on archived sessions by user or by time. The detailed report provides the following data that can be accessed by clicking the Session id link or the Get more information button:

  • General information - user login, session mode, and session start and end times.
  • The servers that were involved in providing data for the user session together with session specific data extracted from the log files.
  • The complete list of published applications available for the user for this session.
  • The list of applications that were accessed during the session, the duration the application was open, and the start and end times.
  • Details about where the user profile is stored and any shared folder or external data folders that were available for the user.

A section called Extra Information presents additional details that can be useful for problem determination. The session states and timing information together with the session settings are captured here.

The Archived Session data can be exported to a PDF file and downloaded. Whenever support is needed for an issue, it is recommended to create a PDF file of the archived session for the user session that has an issue and attach it to the support issue.

An archived session or a selection of archived sessions can also be deleted.

License Reporting

The Licenses Currently Consumed report provides information about the current allocation of software licenses to users. This information can be filtered and exported to a CSV file.

Application Usage Reporting

The Application Usage report provides detailed information about each application that was executed on the OVD farm. The information can be filtered and exported to a CSV file.

Application Usage by User Group Reporting

The Application Usage by User Group report provides aggregate usage information for each application used on a user group basis. The information can be filtered and exported to a CSV file.

Configuration

Summary Page

This page displays a summary of some of the key OVD configuration settings as well as providing links to modify those settings.

Database Settings

This page displays the configuration for the MySQL database. It is recommended to have the MySQL engine running on the same server as the OSM.

System Settings

This section lists the system settings and briefly describes their purpose.

General Configuration

  • System in maintenance mode: by default, this value is no. If set to yes, the whole OVD farm will be set into maintenance mode. Before upgrading the OVD system or software, the system must be put into maintenance mode and the system administrator should ensure that there are no active sessions by checking the system status.
  • Administration Console language: by default, the value is set to autodetect. The autodetect setting uses the language setting of the browser that is being used to access the administration console. The administration console is available in multiple languages. If you would like to add another language, please contact Inuvika.
  • Debug options list: by default, the setting is set to info, warning, error and critical. For more detailed information, Inuvika support may request that the debug setting is also included. This setting determines the level of detail in the log files.
  • Cached logs update interval: by default, the logs are updated every 30 seconds when displayed on the Status / Logs page. Other preset values can be chosen.
  • Cached logs expiry time: by default, this is set to 1 year. Other possible values are 1 day, 1 week or 1 month.
  • Default user group: This is a read-only value. By default, no default user group is set. A default user group must be set before the system can be used.
  • Domain Integration: This setting reflects the Domain Integration setting see 10.5 Domain Integration Settings. The value can be changed here but can affect other settings.
  • Maximum items per page: The display of some items in the Administration Console and also the API is limited to the number specified for this setting. Once the limit has been reached, a filer must be used to view the records required. By default, the value is set to 15.
  • Days to license expiry: Defines the number of days before a software license expires (by default 10) that OVD should generate a license expiry notification and alert.
  • Default browser: Specifies the default browser to be used within an OVD session if more than one exists on the application server. See 8.5 Static Applications for details.
    • Linux: not specified by default.
    • Windows: not specified by default.
  • Maximum number of running sessions: By default, there is no limit to the number of sessions that can be run as indicated by the value 0. All farms can run at least 3 concurrent sessions. The number of concurrent sessions can be increased by purchasing a subscription key. This setting allows you to control how many of the maximum concurrent sessions available in your farm should be able to run at any given time.
  • Module activation: Enables or disables various modules in OVD. Do not change these values unless instructed by Inuvika Support.

Email Settings

These settings are used to configure OVD to send email notifications via an SMTP service. Choosing the Local setting means that an SMTP service must be installed and running on the OSM server machine. The system administrator is responsible for making installing and configuring the SMTP service in this case since OVD does not provide an SMTP. In this configuration, the from email address that should be used when sending an email can be set. If an external SMTP server is selected, then the following information can be provided so that emails can be sent through that service:

  • From: by default, it is set to no-reply@127.0.0.1.
  • Host: the SMTP server IP/FQDN.
  • Port: 25 by default.
  • Use SSL with SMTP: by default, set to no. If set to yes, the Port number must be changed accordingly.
  • Authentication: no by default. If authentication is required, then the username and password must be specified.
  • SMTP username: if authentication is required.
  • SMTP password: if authentication is required.

Warning

In addition, the Notifications tab of the Configuration section must be configured in order for OVD to send the required alerts

Data Management Settings

These settings are used to manage reporting data and cached logs. This section is mainly used to control how often reporting data is deleted to prevent it from growing infinitely and impacting performance of the database, as well as to control how often cached logs are updated:

  • Auto-purge server reports: 2 weeks by default.
  • Auto-purge session reports: 2 weeks by default.
  • Auto-purge application usage: 2 weeks by default.
  • Cached logs update interval: 30 seconds by default.
  • Cached logs expiry time: 1 year by default.

Warning

Reporting data older than the auto-purge time limit set in these settings is deleted daily, so be sure to backup any data you do not want to lose, or set the auto-purge limit to be longer.

Server Settings

This page controls the integration of OVD servers into the OVD farm.

  • Authorized machines (FQDN or IP - the use of wildcards (*.) is allowed): This option allows the access and registration only from servers in the set of authorized servers. By default, the list is empty which means there is no restriction in place.
  • Disable reverse FQDN checking: Removed in OVD 2.0. This option was merged into the Use reverse DSN for server's FQDN setting.
  • Use reverse DNS for server's FQDN: By default, the setting is not enabled (i.e. it is set to 'no'). The FQDN for the server must be an IP address otherwise the system will not work correctly. If using reverse DNS is enabled, then the system checks the server's FQDN by using the reverse DNS record associated with the server address. Using the reverse DNS setting is not fully compatible with the usage of the EDC on MacOS. In this case, make sure the EDC is connecting though an ESG server. This issue is related to the Microsoft DNS resolution mechanism. For further details, please see the KB article "Connection issue with the EDC on MacOS when using a Windows OAS registered with an FQDN on the OSM" on the KB center at https://inuvika.atlassian.net/wiki/x/CADdB.
  • Action when a server status is not ready anymore: This option specifies what the system behavior should be if a server status changes to not ready. By default, this value is set to do nothing in which case the server status has no impact on the system status. An alternative is to set the system into maintenance mode.
  • Auto-recover server: When a server status is either down or broken, the server status can be switched back to ready automatically if this setting is set to yes. Otherwise, manual intervention will be required to bring the server online.
  • Remove orphan applications when an application server is deleted: If an application server is deleted from the OVD farm, the applications served by that server become orphaned. In cases where the server will be replaced by new hardware immediately, the setting no can be selected. Otherwise, it is recommended to either set this value to yes or perform the removal of orphaned applications using the command available in the Applications section. By default, the value is no.
  • Auto register new servers: by default, new servers will not be registered automatically; this process must be performed manually. If you want a new server to be registered automatically, choose yes for this setting.
  • Auto switch new servers to production mode: by default, new servers will not be put in production mode; the process must be performed manually. If you wish new servers to be put into production mode, set this value to yes.
  • When an Application Server has reached its max sessions limit, disable session launch on it: By default, no more sessions can be created on the application server once the specified limit has been reached. If the value is set to no and the number of concurrent sessions running on the application server exceeds the limit specified, the information will be logged and additional sessions can still be created.
  • Load Balancing policy for Application Servers: The load-balancing policy determines how the OSM allocates application server(s) for a new user session. The default values can be edited to suit the needs of your environment. Note: If there is more than one File Server in the OVD server farm, the OSM will allocate the file server for a new user profile based on a random allocation.

Application Server Load Balancing

The default application server load balancing policy is governed by the overall goal of minimizing the number of application servers involved in a user session. This goal applies whether the user session is a desktop or application mode session. For a desktop session there is a secondary goal to maximize the numbers of applications served by the desktop server.

The criteria used by the load balancing policy may be adjusted by the system administrator to place a greater or lesser importance on each criterion by modifying the server settings as described above in section 10.4 Server Settings. Any change should be carefully tested before being used in a production environment to ensure it behaves as expected.

When a new session is created, the load balancing policy computes a load balancing value for each application server based on the set of weighted criteria. The criterion ratio multiplied by the criterion weight for each criterion is summed across all the criteria to calculate the load balancing value for each application server. The load balancing values are then sorted in descending order.

If the session is a desktop session, the server list is filtered to exclude servers that do not match the desktop type or that are not configured to be a desktop server. The server with the highest load balancing value is then selected as the desktop server.

If the session is an application mode session, the first server in the list is selected.

If the server selected cannot serve all the applications required by the user session, then a further iteration is made after first removing the selected server from the list and re-computing the ratio for the application criteria based on the set of applications that still need to be served. In this iteration, the selection is based solely on the highest load balancing value as the desktop type is no longer relevant. This process is repeated until all applications have been assigned to an application server.

Load Balancing Criteria

All the criteria are expressed as a number between 0 and 1.

RAM: this criterion represents the percentage of free RAM available as measured by the average free RAM in the last sampling interval.

CPU: this criterion represents the percentage of CPU resources available as measured by the idle CPU in the last sampling interval.

Number of sessions: this criterion represents the percentage of free sessions available as calculated by using the number of sessions running on the server in the last sampling interval and the maximum number of sessions configured for that server. If no maximum number of sessions have been defined for a server, a theoretical number is calculated based on the server's physical resources.

Number of applications: this criterion represents the percentage of the applications required for the user session that can be served by the application server.

Randomization: this criterion is a random number between 0 and 1.

Domain Integration Settings

The Domain Integration settings specify how users and user groups are to be managed within OVD. Caution: If user profiles have ALREADY been created, changing the type of domain integration will unlink the user profile from the associated user and the set of users will be associated with the new integration target.

Internal Mode

By default, an OVD environment is set to use Internal mode. In this mode, all the user and user group data is stored in the MySQL database defined by the database settings in the configuration section. Users and user groups are managed through the OVD administration console. Data concerning the location of the user profile is also managed within the MySQL database.

This mode will typically be used for evaluations or when no directory integration is required.

In order to provide both Windows and Linux applications, OVD uses a dynamic profile mechanism. The mechanism is implemented as follows for a Windows Application Server:

  • On each Windows OAS server, a local administrator account called OVDAdmin creates the OVD user session.
  • A dynamic profile of the form p_xxxxxxx_APS is created in the user profiles folder.
  • When the user logs off, the user's AppData folder and ntuser.dat file are saved to the OVD File Server (OFS) and the dynamic user profile is deleted from the Windows server.

Microsoft Integration

This mode is selected when Microsoft Active Directory is being used to manage users and user groups. OVD will retrieve data from Active Directory in read-only mode. The settings for Active Directory are described below.

Server
  • Domain: the domain name of the Active Directory server. The domain name must be defined in lowercase.
  • Primary Host: if the Active Directory server is not registered in the DNS system, then specify the IP of the primary Active Directory server.
  • Secondary Host: if the Active Directory server is not registered in the DNS system, then specify the IP of the secondary Active Directory server.
  • Advanced options:
    • LDAP port : 389 is the default TCP port. If another port is being used, enter the port number in this field.
    • Use LDAP encryption (SSL): Not enabled by default. Please refer to the Microsoft Active Directory Integration Guide for further information on enabling SSL access to Active Directory.
    • Specific organization unit: an OU can be specified to filter the directory data. Data defined for other OU's will be ignored.
    • LDAP connection timeout: enter the value in seconds to be used as a timeout value when executing LDAP requests. A default value of 15 seconds is used. The value is common to Active Directory, LDAP and Novell eDirectory.
Authentication
  • Login: enter a domain account that has at least read access to the directory.
  • Password: the associated password.
Users

By default, the user login in OVD is mapped to the Active Directory sAMAccountName. This attribute is limited to 20 bytes by Active Directory but does not include the domain name. If you have user login values that are longer than 20 bytes then select the userPrincipalName mapping which includes the domain name and allows a maximum length of 64 bytes. In this case the user must specify the domain name as part of his user login credentials.

User groups
  • Use Active Directory user groups: OVD retrieves the user group data from Microsoft Active Directory.
  • Use Internal user groups: Microsoft Active Directory user accounts are assigned to OVD user groups within the Administration Console.
Domain users
  • Use Active Directory: in this mode, only Windows applications/desktops are published with OVD. User profiles are stored in Microsoft Active Directory.
  • Use Internal method: in this mode, user profiles are managed within OVD. This mode is compatible with both Windows and Linux desktops and applications.

Warning

The Internal method is not compatible with Microsoft Active Directory GPOs, Login Scripts etc.

A test can be performed to check access to the directory using the configuration settings.

Lightweight Directory Access Protocol (LDAP)

Server
  • Primary Host: the URL or IP of the LDAP server.
  • Secondary Host: optional.
  • LDAP port : 389 is the default TCP port. If another port is being used, enter the port number in this field.
  • Use SSL: Not enabled by default.
  • Base DN: specifies the point in the directory at which to start searching for user data.
  • Connection Timeout: enter the value in seconds to be used as a timeout value when executing LDAP requests. A default value of 15 seconds is used. . The value is common to Active Directory, LDAP and Novell eDirectory.
Authentication

The bind parameters must specify a user with at least read access to the directory.

  • Anonymous bind: enabled by default

If not using anonymous bind, then the following fields must be specified:

  • Bind DN (without suffix): the distinguished name of the user account to use for the bind.
  • Bind password: the associated password.
Users

Specifies how to identify the user login and display name fields. The posixAccount definitions are used by default and the values are:

  • Filter: (objectClass=posixAccount).
  • Specific OU (optional): defines the OU value to be filtered on.
  • Distinguished name field: by default uid.
  • Display name field: by default displayName.
  • Locale field (optional): the locale to be used.
  • Persistent UID/GID (optional): create users using the UID and GID values from your LDAP server.
    • UID: the user attribute that contains the UID.
    • GID: the user attribute that contains the GID.
User Groups

User groups can be managed internally by OVD or within the LDAP server.

  • Use Internal User Groups: LDAP user accounts are assigned to OVD user groups within the Administration Console.
  • Use LDAP User Groups: OVD retrieves the user group data from the LDAP directory. The posixGroup definitions are used by default and the values used are:
    • Filter: (objectClass=posixGroup).
    • Specific OU (optional): defines the OU value to be filtered on.
    • Name field: specifies the name field to be used in the query. The default is cn.
    • Description field (optional): provides an optional description.
    • Use the following field from the user entry: not enabled by default. Can be used to specify a specific field in the user entry (by default member) and map it to either the group name or the group DN to retrieve the user group data.
    • Use the following field from the group entry: enabled by default specifies a specific field in the group entry (by default memberUid) and map it to either the user login or the user DN to retrieve the user group data.

A test can be performed to check access to the directory using the configuration settings.

Novell

Server
  • Primary Host: the URL or IP of the Novell eDirectory server
  • Secondary Host: optional
  • Domain: the domain of the Novell eDirectory to access
  • DSfW: Check this box if using Novell Domain Services for Windows.
  • Zenworks: Check this box if Zenworks is installed on the Application Servers. In this case, it will manage the user itself using the Dynamic Local User policy. OVD will not create a user for the session. This behavior is similar to using Domain Users in Active Directory.
Administrator Account

Specify the administrator user credentials:

  • Login: the administrator user login.
  • Password: the associated password.
  • Default user branch: use the default user branch for users.
  • Specific Organization Unit: the OU to use to search for users.
User Groups

User groups can be managed internally by OVD or within the Novell eDirectory server.

  • Use Novell eDirectory User Groups: OVD retrieves the user group data from Novell eDirectory.
  • Use Internal User Groups: LDAP user accounts are assigned to OVD user groups within the Administration Console.

A test can be performed to check access to the directory using the configuration settings.

Authentication Settings

This section describes the user authentication methods that are available in OVD. Some methods may require additional configuration parameters in the section related to the authentication method on this page. More than one authentication parameter may be selected however care is needed as not all selections are compatible.

Password

This is the default authentication method based on using the MySQL database.

Remote User

OVD provides the standard REMOTE_USER environment variable that can be used for web based single sign-on capabilities provided by a web server. CAS makes use of this variable.

SAML2

OVD provides a feature to allow users to be authenticated using a SAML 2.0 Identification Provider. Please refer to the SAML 2.0 Configuration Guide for further details.

Token

Contact Inuvika for more details about token-based authentication.

Session Settings

Session settings can be set globally for all users on this page or they can be set at the User Group or User level by selecting the relevant User Group or User and setting the specific setting value required. A user specific setting will override the user group setting which will override the global setting.

Session Settings

  • Default language for session: This setting has no impact for the OWA, EDC, and EMC clients because the client specifies the language to be used in the connection request. The setting is reserved for internal use.
  • Session lifetime limit: Limits the session duration time. By default, there is no limit as indicated by none. Otherwise a message will be displayed to the user 3 minutes before the session is scheduled to timeout.
  • Disconnected session limit: When this parameter is set to a value, a disconnected user session will be terminated after the specified interval.
  • Idle session limit: If there is no keyboard or mouse activity for the specified interval, the user's session is disconnected or terminated depending on the session's persistent setting.
  • Time restriction: Access is only allowed during select time slots (no time restriction by default).
  • User can launch a session even if some of his published applications are not available: Set to no by default. To prevent any login failures, it should be set to yes.
  • Use known drives: If set to yes, network shares are directly accessed from the application server and not through x-RDP redirection. Set to no by default.
  • Bypass server restrictions: By default, set to no. If set to yes, then if there is no server available for a session based on the server restrictions that have been applied, the system will try to allocate other servers for the user session.
  • Multimedia: By default, set to yes in which case sound is redirected from the server to the client.
  • Redirect client drives: For the EDC, the user session can be set to no access to any client drive, partial access or full access. Partial access allows access to the user specific folders on the client device such as Desktop, Documents, Pictures etc. in the OVD session, but access to USB drives, Network drives and local drives is not available. Full access allows access to the user specific folders on the client device as well as access to USB drives, Network drives and local drives. In the case of the HTML5 client, the setting can be either no access to any client drive which disables the ability to upload and download files from/to a local drive; or full or partial access in which case the ability to upload files from any drive and downloading files is enabled. For the iOS client, the setting does not apply. For the Android client, access to an SD drive can be controlled though these settings. The default setting is full.
  • Redirect client printers: For the Enterprise Desktop Clients, when the setting is yes (default), all the printers available on the client machine can be redirected.
  • Redirect Smart card readers: OVD provides support for Smart Card readers within a Windows Application for the Enterprise Desktop Client on Windows and Linux. Linux support may vary depending on the specific hardware being used. The HTML5 client and other clients do not support Smart Card redirection. Set to no by default.
  • Clipboard redirection: Enable or disable the Copy/Paste functionality within an OVD session. When activated (default), copy/paste is allowed to/from the client. When not activated, copy/paste is disabled.
  • RDP bpp: OVD provides 16 bit color by default. 24 and 32 bit color depth settings are also available.
  • Enhance user experience: The default setting, enabled, provides a richer graphics experience but does use more bandwidth. Consider disabling for WAN connections to preserve bandwidth. When enabled font smoothing and desktop wallpaper are supported for all clients providing the application server is also configured to support these capabilities.
  • Multi-monitor support: Disabled by default. When this setting is enabled, the client will connect the session across all of the user's available screens when the fullscreen mode is selected.

Otherwise, if the setting is disabled, the session is started on only one screen.

Currently this setting is only supported by the Enterprise Desktop Client when connecting to a Windows desktop session. This setting is disabled automatically if the session defines any external applications. A maximum of four screens are supported.

  • Use local IME integration: Disabled by default. When using an Asian keyboard (eg Japanese, Korean or Chinese), it is recommended to enable this setting. Doing so will offer a better integration with your local Input Method Engine with respect to the candidate list position and input method status.
  • Client will download all application icons in an archive: By default, set to no. If enabled, all the icons associated with OVD applications are downloaded in an archive file. Enabling this option may speed up the time to make applications ready to use.
  • Delay before displaying desktop in application mode: In application mode, this property specifies the delay before displaying the applications as ready to allow other system actions to take place. For example, with an Active Directory, a security policy can ask the user to confirm an action or change his password, in this case, a delay can be defined before displaying the notification.
  • Faster application installation on desktop in external apps: By default, set to no. When external applications are available, the applications are published when the applications are defined as ready to use by the OAS used to run those applications. Setting this value to yes will allow the icon for the application publication to be immediately displayed for the user without waiting for the status to be provided by the OAS server. If the user selects an application that has not been marked as ready to use, a progress bar will be displayed until the application is ready.
  • Sessions are persistent: The default setting, yes, means that sessions are persisted so that a session will remain in a disconnected state on the server when the user disconnects the session or a network/client issue causes the session to become disconnected.
  • Follow me: Set to yes by default. This allows the disconnected session to be re-established on a different device. For this to work, persistent sessions must be enabled.
  • Concurrent licenses availability policy: The default setting No session delivered, will prevent a new user session from starting if as a result, the OVD concurrent user count would be exceeded. In this case the user will be informed via a dialog box on the OVD client. Alternatively, the system can be set to Logoff the oldest disconnected session and allow the new user session to be started.
  • Persistent user profiles: Set to enabled by default. This setting will cause the user profile to be saved on the OVD File Server after the session ends. An external storage system may be integrated into the OVD File Server to store user profile data, please refer to the Date Storage Guide for details.
  • User profiles data storage limitation (quota): The default zero setting means there is no limit on the size of the profile storage. Setting a value defines the maximum amount of data storage to be allocated to a user profile. The quota can be defined as an integer value with or without a storage unit. If the unit is not specified, then bytes are assumed. The storage unit can be specified as Kilobyte, Megabyte and Gigabyte.
  • Auto-create user profiles when non-existent: The default setting yes, will create a default user profile on the first login.
  • Launch a session without a valid profile: The default setting no, does not allow a user session to be launched if a user profile is corrupted.
  • Enable shared folders: The default setting, yes, enables shared folders to be mapped into an OVD user session. This requires the use of an OVD File Server (OFS) to provide storage for the shared folders or for a folder to be mapped using External Data Storage.
  • Launch a session even when a shared folder's fileserver is missing: The default setting, yes, will allow the user session to be launched if the shared folder is not available. If the value is set to no, the session will not be launched if the folder cannot be mapped.
  • Allow user to force shared folders: The default setting, yes, enables the system to use a Shared Folder that is mounted on external data storage. Please refer to the Data Storage Guide for details.
  • Launch a session even when an External Data Storage mapping is not available. The default setting, yes, will allow the user session to be launched if the External Data Storage folder is not available. If the value is set to no, the session will not be launched if the folder cannot be mapped. In both cases, an error message will be logged.

Remote Desktop Settings

  • Enable Remote Desktop: The default setting, yes, allows the Desktop mode to be used with the OWA, EDC and EMC clients. If disabled and the user attempts to start a desktop session, a notification message will be shown to users. (You are not authorized to launch a session. Please contact your administrator for more information).
  • Show icons on user desktop: Applications icon shortcuts are published on the user's virtual desktop by default.
  • Allow external applications in Desktop: When starting a desktop session, if not all published applications can be run on the same server (for instance: Linux + Windows), this setting defines if the session will include external applications in the desktop or not. When disabled, the resulting action also depends on the "User can launch a session even if some of his published applications are not available" parameter to determine whether or not to allow the session to run.
  • Desktop type: The desktop type can be selected to be Windows, Linux or Any (the default). If the default is set, then the desktop type selected will depend on the load-balancing algorithm in use for the application servers.
  • Servers which are allowed to start desktop: Specifies the set of servers that can be dedicated to provide desktops for users. If no servers are specified, then the first server available for providing a desktop will be used. Enter the display name or the Internal Name (FQDN) of the servers that are allocated to provide desktop sessions. This information is found in the Configuration section for the server and can be displayed by clicking the Servers main tab and then selecting the individual server.
  • Authorize to launch a desktop session without desktop process: Internal use only, do not modify.

Remote Application Settings

  • Enable Remote Applications: When enabled, allows the user to start a session in Application/Portal mode. If disabled and a session is started in Application/Portal mode, then a notification message is shown to users. (You are not authorized to launch a session. Please contact your administrator for more information).
  • Enable access to the File Server data folders from the Web Access component: The default, yes, allows the Ajaxplorer component provided by the OVD Web Access server to use credential sent using the WebDAV protocol to access the data stored on the OVD File Server. If this option is disabled, the Ajaxplorer component will be disabled as it cannot access files on the File Server.

Notifications

These settings define the set of administrator email addresses to be notified by email when specific events occur.

Recipients

  • mail to: add one or more email addresses which should receive the notification emails.

Events

Choose which events should generate an email notification:

  • License breach: the number of licenses to be allocated has exceeded the number of licenses available. See the Software License Management Guide for details.
  • License expiry: a software license has expired or is about to expire. See the Software License Management Guide for details.
  • License threshold reached: the number of licenses remaining has reached the threshold set for this application. See the Software License Management Guide for details.
  • Server status changed: the status of a server has changed
  • Session startup: a user session has started.
  • SQL failure: an SQL error has occurred.

Web Interface Settings

  • Public Webservices access: Disabled by default. Useful when integrating OVD with an existing Portal. For further information, please contact Inuvika.

Change Administrator Password

  • Current password: enter the current password.
  • New password: enter the new password.
  • Retype password: enter the new password once again for confirmation.

Subscription Plan

A subscription key is required to unlock additional features of Inuvika OVD Enterprise. This page lists the existing subscription keys and provides an interface to upload a new key or delete an existing key.

Status

Displays information about currently running user sessions and log file information as well as a summary view of the configuration for a user.

Sessions

Displays a list of the currently running user sessions. Selecting a session displays further details for that session. The information displayed here is a subset of the Session Details described below.

The possible Session states are:

  • Logged: indicates that a user is connected to the session
  • Ready: indicates that a user session is starting. If the user session stays in the ready state for some time, the session might be stalled and investigation is required to confirm the problem.
  • Disconnected: indicates that the user has been disconnected from the virtual session that is still running on the server. The user may reconnect to the session and continue where he left off if the follow me session setting is enabled.
  • Destroyed: indicates that the session has been deleted
  • Destroying: indicates that the session is closing. If user profiles are enabled, user data will be saved to the FS server

Session Details

  • The Information section displays the following information:
    • User: displays the OVD user ID.
    • Mode: The session mode, either Desktop or Application.
    • Start date for this session.
    • Status of the user session.
  • The Servers section displays the following information:
    • Application Server: lists all applications servers used to host the user session. Also indicates which Application Server is acting as the Desktop server.
    • File Server: if user profiles are enabled, displays the OFS server hosting the user profile. If shared folders are enabled, any shared folders available to the user will be listed.
  • The list of currently running applications within the OVD session.
  • The list of published applications available for the user.
  • The Storage section displays information about related storage units for the user profile, shared folders and external data provided by an external data storage system.
  • Kill the session: Forces the termination of the session.
  • Disconnect this session: Forces the disconnection of the user session.

Logs

Log information from all the OVD servers. Only a partial log (the latest) is displayed on this page. It is possible to show all log information by clicking the magnifying glass or save log files by clicking the disk icon.

The following log files are available:

  • Session Manager: the main.log and api.log which are located in /var/log/ovd/session-manager/. The main.log is used throughout the Session Manager. The api.log is used by the Session Manager API to log error messages.
  • Slave Servers: the slaveserver.log file is used by all OVD slave servers which are the Linux application servers, Windows application servers and the SSL Gateway servers. On Linux systems, the log is located in /var/log/ovd/. On a Windows machine the log is located in the C:\ProgramData\OVD\slaveserver\log folder.

Timezone

The log lines are always prefixed by a a date and time to indicate when the log message occurred.

This date and time information is displayed in local time. The local time translation is not using the same configuration for all roles.

For the Session Manager, the information must be configured in the date.timezone in the PHP ini.

For the Application Server, File Server, and Enterprise Secure Gateway, the date and time are resolved according to the Operating System defined timezone.

For the sake of consistency and clarity, please ensure all your servers are correctly configured to use the same timezone.

Administration Actions Log

All administrator actions are logged in order to provide an audit trail of changes.

Summary

This page is very important as a first step when troubleshooting a situation where a user has problems connecting to an OVD user session. The summary displays whether the user has access and if so, which applications, application groups, shared folders and external data storage folders are available.

A search filter is available to enable filtering when using large user directories.

Advanced configuration

This section describes the advanced configuration options that are available in OVD. These options are available by manually editing the respective configuration file for each OVD component. Advanced configuration files are available for the OAS, OFS and OWA.

In normal use it should not be necessary to modify these files and the information is provided for advanced configuration purposes only.

Linux SlaveServer Configuration

On a Linux OVD Application Server and OVD File Server, the advanced configuration file is called slaveserver.conf and is stored in the /etc/ovd/slaveserver/ directory. The configuration file may be used by different components if installed on the same Linux server and it contains specific sections for each component. The components that use this file are the OFS, OAS and Enterprise Secure Gateway (ESG) components. The common sections of the configuration file are first described and then the specific sections for each component. Any changes to the slaveserver.conf configuration file will only become active after the OVD component has been restarted.

The main section contains the following settings:

  • session_manager: defines the FQDN or IP address of the Session Manager. The value will be set when installing the respective OVD component and must be manually edited if the IP or FQDN changes.
  • stop_timeout: defines the amount of time allowed for the OVD component to stop when requested. The default is 600 seconds and should not be modified in normal use.
  • roles: this parameter defines the OVD roles that are active on the server. Each role has a further section for further configuration parameters. The possible roles are FileServer, ApplicationServer and Gateway. This parameter should not be modified in normal use.
  • server_allow_reuse_address: reserved for internal use, do not modify.

The log section contains the following settings:

  • level: defines the logging level to be used. In normal use, the logging is set to use error, warn and info. Sometimes, Inuvika support may request that the debug logging level is also activated.
  • file: reserved for internal use, do not modify.
  • thread: reserved for internal use, do not modify.

Linux OVD Application Server

The configuration settings for the Linux OAS are defined in the ApplicationServer section and described below:

  • thread_count: defines the number of OVD processes to be used by the Application Server. The value can be a specific number or the string auto which is the default setting. Increasing the number of processes may decrease the time to create new OVD sessions when a heavy load is placed on the system. In the case of auto, OVD will calculate how many processes to start based on the CPU and available memory.
  • checkShell: reserved for internal use.
  • linux_icon_theme: specifies the theme to be used for the application icons, the default theme used is CrystalGnome. If you wish to use a different icon theme, it can be specified by modifying this setting.
  • linux_skel_directory: specifies the directory to be used as the skeleton when creating the user's home directory. The default is /dev/null which turns off the creation of a default user profile. In order to define the default user profile for users that have not used the OVD system before, specify the value as /etc/skel and then configure the folder to contain the required default user profile files and folders.
  • linux_fuse_group: reserved for internal use.
  • override_password_method: reserved for internal use.
  • override_password_repository: reserved for internal use.
  • disable_autostart: Normally, the Linux desktop environment manager will automatically start applications that are defined in the /etc/xdg/autostart directory. If some of the applications should not be autostarted, then add a list of the names of those applications separated by a comma (the applications can be listed in the /etc/xdg/autostart/ directory). The default value is imesettings-start, which means that the IME manager is not started during the session startup.

OFS Server Configuration

Inuvika recommends that the default configuration for the OFS contained in the FileServer section in the slaveserver.conf file is not modified.

The file server also has a configuration file /etc/ovd/rufs/FSBackend.conf that defines define configuration parameters for the process that handles the user profile data. The configuration file is reserved for internal use and should not be modified.

Windows OAS Server Configuration

The configuration data related to the Windows OAS server is stored in the Windows registry under HKEY_LOCAL_MACHINE\SOFTWARE\OVD. Inuvika recommends not to modify any of these settings.

OVD User Profiles

A large portion of the advanced configuration possibilities pertain to user profile data synchronization between the OAS and OFS. When an OVD user session is started with an active user profile, most of the user profile that is stored on the OVD File Server (OFS) is mapped into the user session running on the OAS. In the case of a Windows profile, the registry will be transferred to the OAS as it required to be on the local machine. If the user session requires multiple application servers, then the user profile is mapped to each application server. In the case of a Windows application server, the saved user profile registry files are transferred to the application server. Likewise, when the OVD user session terminates, changes to the registry data will be saved to the user profile on the OFS. If multiple Windows application servers are required for scalability reasons, it is recommended to arrange the configuration so that only one Windows server is available in a user session to avoid any potential registry conflicts.

The management of user profile data is based on a set of pre-defined rules. The rules control which data is saved and which data is not saved. The rules are defined in a configuration file located on each application server. There are three possible groupings of profile data:

  • volatile: defines the files and directories that won't be saved in the user profile. This data will be discarded by the OAS at the end of an OVD user session.
  • configuration: defines the files and directories that will be saved as configuration data in an Operating System specific directory in the user profile. These files and folders are mapped into the user session on the application servers and are made accessible via direct access from a network share.
  • data: defines the files and directories located in the user's home directory that will be saved in the user profile. These files and folders are mapped into the user session on the application servers and are made accessible via direct access from a network share.

A profiles_filter.conf configuration file is provided with a pre-defined set of filters for the user profile which will suit most cases. This configuration file defines which files in the user profile will be synchronized. If required, these settings can be changed to accommodate a particular application or desired behavior. The filter definitions can be changed by adding directions to include (+) or exclude (-) particular files and directories.

Linux OAS User Profile configuration

The configuration files related to user profile data are located in the /etc/ovd/rufs/ directory on the Linux OAS. These files are used to configure the interaction between the Linux OAS and the OFS for managing the user profile data.

The default.conf configuration file contains the settings which will be used to manage data for the user profile. Within this file the following sections are defined:

  • The main section contains the names of the sections in the file whose settings should be consumed. Typically, there are sections for configuration, volatile and data.
  • The translation section is reserved for internal use and should not be modified.
  • The log section contains the settings for logging. In normal operation the logging is disabled and should only be enabled if specifically requested.
  • The rules section defines the directories and files to consider as volatile, configuration or data. The specific settings for each group should not be modified in normal use.

The profiles_filter.conf file on the Linux OAS is located in the same directory location.

Windows OAS User Profile configuration

The configuration files on the Windows OAS are used to configure the interaction between the windows OAS and the OFS for managing the user profile data.

The C:\ProgramData\OVD\slaveserver\profile\default.conf configuration file contains the settings which will be used to manage data for the user profile and follows the same basic format as for the Linux OAS described above. This file should not be modified in normal use.

The profiles_filter.conf file is located in the C:\ProgramData\OVD\slaveserver.directory on the Windows OAS.

OWA Configuration

User Interface configuration

The OVD Web Access can be configured by editing the /etc/ovd/web-access/config.inc.php file. It contains settings to control the behavior of the OVD Web Access component.

  • SESSIONMANGER_HOST: defines the FQDN or IP address of the OSM. This is a required value. This value is set at install time but can be modified if the Session Manager IP address changes.
  • OPTION_FORCE_SESSION_MODE: If set, the session mode will be selected irrespective of the user selection. The values can be either desktop or application. There is no default value if the option is not set which allows the user to select the mode.
  • OPTION_FORCE_FULLSCREEN: if set to true, it will start a session in fullscreen mode. The value can be true or false. There is no default value if the option is not set which allows the user to select the screen resolution.
  • OPTION_LANGUAGE_DEFAULT: if set, the language will be set as the default for the user session. The default value is en-us. Any allowable language string can be set.
  • OPTION_LANGUAGE_AUTO_DETECT: if true, the automatic detection of the language from the browser settings will be enabled. The detection can be enabled by setting the value to false. The default value is true.
  • OPTION_FORCE_LANGUAGE: if true, the default language will be selected for the user session and the user cannot override it. There is no default value if the option is not set which allows the user to select the language.
  • OPTION_KEYMAP_DEFAULT: sets the default keyboard layout map if the scancode method is being used (see RDP_INPUT_METHOD). The valid options are the language codes. The default value is en-us.
  • OPTION_KEYMAP_AUTO_DETECT: if true, the keyboard layout will be automatically detected from the client environment or the session language. The default value is true and the option can be disabled by setting the value to false.
  • OPTION_FORCE_KEYMAP: if true, the keyboard layout will be set to the default keyboard layout map for the user session and the user cannot override it. The default setting is false.
  • OPTION_FORCE_SSO: if true, then the OWA will attempt to use the basic authentication mechanism to authenticate the user. It checks the contents of the REMOTE_USER variable and will make the login id read-only and hide the password field if found. This setting is used for example when Kerberos authentication is being used. The Session Manage configuration also needs to be modified to activate RemoteUser authentication.
  • OPTION_FORCE_SAML2: if true, then SAML 2.0 authentication is enabled and the login id and password cannot be entered by the user. The user will be redirected to the configured Identity Provider URL for authentication. For more details, refer to the SAML 2.0 Configuration Guide.
  • SAML2_REDIRECT_URI: sets the URI to be used for the Assertion Consumer Service (ACS) when SAML 2.0 authentication is used. For more details, refer to the SAML 2.0 Configuration Guide.
  • DEBUG_MODE: if true, then debug mode is enabled. The default is false.
  • RDP_INPUT_METHOD: defines the RDP input method. The value can be scancode, unicode, unicode_local_ime. The default value is unicode.
  • OPTION_SHOW_INPUT_METHOD: if true, then the input method is displayed for selection by the user. The default is false.
  • OPTION_FORCE_INPUT_METHOD: if true, the input method set will be used for the user session and the user will not be able to override the value. A value must be set for the RDP_INPUT_METHOD. The default is false.
  • GATEWAY_FORCE_PORT: defines the TCP port to be uses for communicating with the Inuvika Enterprise Secure Gateway. The default value is 443.
  • OPTION_CONFIRM_LOGOUT: defines the settings for a popup confirmation dialog when the user logs out. The value can be one of always, apps_only (only for portal mode) or never (the default)
  • OPTION_USE_PROXY: if enabled, the proxy mode will be enabled between the OWA and OSM. The default value is false.
  • RDP_PROVIDER_HTML5_INSTALLED: if true, the HTML5 mode is enabled. The default value is true.
  • SESSION_COOKIE_NAME: defines the name for the session cookie to be used. If not set, the default PHP session cookie name will be used.