Download

Installation and Configuration Guide

Introduction

The purpose of this document is to describe how the different server roles of OVD Enterprise can be installed on all the supported operating systems. The OVD server roles can be installed on separate servers. This is recommended with an OVD farm in production

Note

To install any component, first follow the steps in the Pre-Requisites section. To perform an OVD Session Manager installation, follow steps in the OVD Session Manager (OSM) Installation and Configuration section. To perform an OVD Application Server installation, follow steps in the OVD Application Server (OAS) Installation and Configuration section. To perform an OVD File Server installation, follow the steps in the OVD File Server (OFS) Installation and Configuration section. To perform an OVD Web Access installation, follow the steps in the OVD Web Access (OWA) Installation and Configuration section.

Pre-requisites

When installing a Linux distribution on your server, please ensure that the Server version is installed and not the Desktop version. Any required software packages will be installed when the OVD component is installed. Do not manually install a Graphical User Interface for desktop use or an X window environment. Failing to follow these recommendations may lead to poor system performance.

Each server you plan to install will require internet access.

Important

In this document, we are using sm.test.demo for the OSM resource name, aps.test.demo for the OAS and web.test.demo for the OVD Web Access.

You need to use the resource name that is configured for your own environment. The resource name can be the FQDN or hostname. It cannot be a URI context, protocol or port.

Version code

Throughout this document, download links will use a version code specific to the version of OVD you are using.

You will find the version code on the Inuvika OVD supported versions page. You may also contact Inuvika to request the code.

Ubuntu LTS

sudo

On an Ubuntu system, we do not use the super user (root) to install packages. It is recommended to use sudo before each command you enter.

Of course, you can choose to log in as root if you wish using:

$ sudo -s

Repository

You need to add the Inuvika Ubuntu repository to each server you plan to install.

Important

To run these commands, replace any instance of {VERSION_CODE} with the version code as described in the Version code section.

  • Install the apt-transport-https package:

    # apt install apt-transport-https gnupg
    
  • Edit the /etc/apt/sources.list.d/ovd.list file to add the following line:

    • For Ubuntu 18.04 LTS (Bionic Beaver) (not available for OVD versions prior to 2.7):

      deb https://archive.inuvika.com/ovd/{VERSION_CODE}/ubuntu bionic main
      
    • For Ubuntu 16.04 LTS (Xenial Xerus):

      deb https://archive.inuvika.com/ovd/{VERSION_CODE}/ubuntu xenial main
      
    • For ForUbuntu 14.04 LTS (TrustyTahr) (for OVD versions prior to 2.7):

      deb https://archive.inuvika.com/ovd/{VERSION_CODE}/ubuntu trusty main
      
  • Install the keyring package to validate the repository using gpg:

    # wget -O- "https://archive.inuvika.com/ovd/{VERSION_CODE}/keyring" | apt-key add -
    
  • Update the package database:

    # apt update
    

RHEL 7 and CentOS 7

SELinux

OVD is not compatible with SELinux. So, if you have SELinux installed and enabled on your system, you will have to disable it.

To disable SELinux:

  • Edit the /etc/selinux/config file and set the SELINUX variable to disabled.

    SELINUX=disabled
    
  • Reboot your system

    # reboot
    
  • Check SELinux is now disabled

    # sestatus
    SELinux status:              disabled
    

Repository

You need to add the Inuvika RHEL/CentOS repository to each server you plan to install.

Important

To run these commands, replace any instance of {VERSION_CODE} with the version code as described in the Version code section.

  • Edit the /etc/yum.repos.d/ovd.repo file to add the following content:

    [Inuvika-ovd]
    name=Inuvika OVD
    baseurl=https://archive.inuvika.com/ovd/{VERSION_CODE}/rhel/7/
    enabled=1
    gpgcheck=1
    gpgkey=https://archive.inuvika.com/ovd/{VERSION_CODE}/keyring
    
  • For RHEL 7 only, you also need to enable the Server Optional repository:

    # subscription-manager repos --enable=rhel-7-server-optional-rpms
    
  • Clean the repositories cache to force an update of the package database:

    # yum clean all
    

Firewall and ports

OVD requires the following ports to be open for different servers roles. Firewall rules need to be added for the incoming and outgoing traffic.

OVD Session Manager:

  • 80 (HTTP): for communication with a browser for the OVD Administration Console
  • 443 (HTTPS): for communication with a browser for the OVD Administration Console
  • 1111 (HTTP): for communication with an OVD Application Server

OVD Web Access:

  • 80 (HTTP): for communication with an end user's browser
  • 443 (HTTPS): for communication with an end user's browser

OVD Application Server:

  • 1112 (HTTP): for communication with the OVD Session Manager
  • 3389 (RDP): for communication with the OVD Enterprise Client or the OVD Mobile Client

OVD File Server:

  • 1112 (HTTP): for communication with the OVD Session Manager
  • 1113 (HTTP): for communication with an OVD Application Server
  • 445 (CIFS): for communication with an OVD Application Server

Inuvika Enterprise Secure Gateway:

  • 1112 (HTTP): for communication with the OVD Session Manager
  • 443 (HTTPS): for communication with an end user's browser
  • 3389 (RDP): for communication with an OVD Application Server

OVD Session Manager (OSM) Installation and Configuration

This server is the central piece of an OVD server farm and is always required. It manages the session establishment from a client, hosts the administration console and provides centralized management of all the OVD server resources. The OSM should be installed prior to any other server.

Inuvika provides various Linux packages for installing the OSM on a Linux server. Inuvika does not provide a Windows installer version of OSM.

Requirements

All of the following Operating Systems are supported:

  • RHEL 7.x / Centos 7.x 64 bits
  • Ubuntu 18.04 LTS server (Bionic Beaver) 64 bits (not available for OVD versions prior to 2.7)
  • Ubuntu 16.04 LTS server (Xenial Xerus) 64 bits
  • Ubuntu 14.04 LTS server (Trusty Tahr) 64 bits (for OVD versions prior to 2.7)

Minimum hardware configuration:

  • CPU: 2 Cores recommended as a minimum
  • Memory: 4 GB recommended as a minimum
  • Storage: 20 GB
  • Network: 1 GB NIC (2 for failover)

Installing on Ubuntu LTS

Installing MySQL

The OSM needs access to a MySQL database. We advise you to setup the MySQL server on the same machine as the OSM to minimize network access time.

  • Install the mysql-server package:

    # apt install mysql-server
    

    A password for root will be requested.

  • Define the mysql root password if using Ubuntu 18.04 LTS (Bionic Beaver) (not available for OVD versions prior to 2.7):

    # mysqladmin -u root password
    
  • Now login to mysql and create a database:

    # mysql -u root -p -e 'create database ovd'
    
  • Create a non root mysql user and give them access to the database:

    # mysql -u root -p -e '
        CREATE USER "ovd"@"localhost" IDENTIFIED BY "[ovd_password]";
        GRANT ALL PRIVILEGES ON ovd.* TO "ovd"@"localhost";
        FLUSH PRIVILEGES;
    '
    

    Important

    Before running the command, replace [ovd_password] with a secure password.

Package Installation

  • Install the following OVD packages:

    # apt install inuvika-ovd-session-manager inuvika-ovd-administration-console
    
  • The installer will require the resource name of the OVD Session Manager (ie. sm.test.demo)

  • The installer will prompt whether to enable HTTPS access to the Administration Console if it detects that HTTPS access is not already enabled on the system. If HTTPS access is enabled, after completing the installation, both HTTP and HTTPS access to the Administration Console will be available.

  • The installer will prompt for an admin login and a password, and for confirmation of the password.

The server is now installed but not configured. To configure the SM, open http://sm.test.demo/ovd/admin in a web browser.

Configuration

The first step is to go to http://sm.test.demo/ovd/admin and authenticate yourself with the admin login and password you provided during installation.

The first time you log in, the system detects that it is not configured so you are redirected to a basic setup page which will save a default configuration.

On this page, you setup the MySQL configuration. For example, if you installed MySQL on the same host as described above, you would use the following configuration:

  • Database Type: MySQL
  • Database host address: 127.0.0.1
  • Database username: ovd
  • Database password: [ovd_password] (replace with the actual password you set)
  • Database name: ovd
  • Table prefix: ovd_

The OSM is now configured for basic use.

Installing on RHEL 7 and CentOS 7

Installing MySQL

The OSM needs access to a MySQL database. On RHEL 7 and CentOS 7, the mysql database package is provided by mariadb. We advise you to setup the MySQL server on the same machine as the OSM to minimize network access time.

  • Install the mysql package:

    # yum install mariadb mariadb-server
    
  • To automatically start MySQL when the system boots up

    # chkconfig mariadb on
    
  • Start the service

    # service mariadb start
    
  • Define the mysql root password

    # mysqladmin -u root password 'mysql_root_password'
    
  • Now login to mysql and create a database:

    # mysql -u root -p -e 'create database ovd'
    
  • Create a non root mysql user and give them access to the database:

    # mysql -u root -p -e '
        CREATE USER "ovd"@"localhost" IDENTIFIED BY "[ovd_password]";
        GRANT ALL PRIVILEGES ON ovd.* TO "ovd"@"localhost";
        FLUSH PRIVILEGES;
    '
    

    Important

    Before running the command, replace [ovd_password] with a secure password.

Package Installation

  • As prequisites, install the php-mbstring package:

    # yum install php-mbstring
    
  • Install the following OVD packages:

    # yum install inuvika-ovd-session-manager inuvika-ovd-administration-console
    
  • Launch the configuration tool

    # ovd-session-manager-config
    Admin login: admin
    Password:
    Retype password:
    
    Is this correct? [Y/n]
    
  • Launch the Administration Console configuration tool

    # ovd-administration-console-config
    Session Manager address [127.0.0.1]:
    
  • Select whether to enable HTTPS access to the Administration Console. This message is displayed only if HTTPS access is not already enabled on the system. If HTTPS access is enabled, after completing the configuration, both HTTP and HTTPS access to the Administration Console will be available.

    Enable HTTPS support [yes] (yes or no):
    
  • Configure and start apache service

    # chkconfig httpd on
    # service httpd restart
    

Configuration

The first step is to go to http://sm.test.demo/ovd/admin and authenticate yourself with the admin login and password you provided during installation.

The first time you log in, the system detects that it is not configured so you are redirected to a basic setup page which will save a default configuration.

On this page, you setup the MySQL configuration. For example, if you installed MySQL on the same host as described above, you would use the following configuration:

  • Database Type: MySQL
  • Database host address: 127.0.0.1
  • Database username: ovd
  • Database password: [ovd_password] (replace with the actual password you set)
  • Database name: ovd
  • Table prefix: ovd_

The OSM is now configured for basic use.

OVD Application Server (OAS) Installation and Configuration

OVD Enterprise is an application and desktop delivery solution. The OAS in the OVD solution is the server that hosts and serves the end user applications and desktops. It is accessed from an OVD client using an enhanced Remote Display Protocol.

An Application Server can be either a Linux system or a Windows system depending on the type of applications and desktops you want to deliver. Of course, you can mix Linux and Windows machines in an OVD farm to deliver applications seamlessly to the end user from different application servers. The user load will be load-balanced by the OSM among the available application servers to provide a better distribution of server resources.

Without a valid subscription key installed, Inuvika OVD Enterprise limits the number of OAS servers that can be registered in an OVD farm to one application server (either Linux or Windows). In order to register more than one application server, a valid subscription key needs to be installed on the Session Manager.

Requirements

Windows

All of the following Operating Systems are supported:

  • Windows 2008 R2 SP1 with Remote Desktop Services
  • Windows 2012 R2 with Remote Desktop Services
  • Windows 2016 with Remote Desktop Services

Minimum hardware configuration:

  • CPU: 4 cores recommended as a minimum
  • Memory: 8 GB recommended as a minimum
  • Storage: 50+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).
  • Network: 1 GB NIC

Important

Inuvika does not recommend you use Windows Server Essentials for Windows Server 2012 R2 and Windows Server 2016 because the Remote Desktop Session Host role may not be installed. The connection limit is set to only two concurrent users in this case.

Linux

All of the following Operating Systems are supported:

  • RHEL 7.x / Centos 7.x 64 bits
  • Ubuntu 18.04 LTS server (Bionic Beaver) 64 bits (not available for OVD versions prior to 2.7)
  • Ubuntu 16.04 LTS server (Xenial Xerus) 64 bits
  • Ubuntu 14.04 LTS server (Trusty Tahr) 64 bits (for OVD versions prior to 2.7)

Minimum hardware configuration:

  • CPU: 4 cores recommended as a minimum
  • Memory: 8 GB recommended as a minimum
  • Storage: 50+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).
  • Network: 1 GB NIC

Installing on Microsoft Windows

Microsoft Remote Desktop Services (2008 R2, 2012 R2, and 2016) role must be deployed, configured and properly licensed (See Microsoft RDS licensing for more information).

Important

The Windows server may run in a workgroup or be a member of an Active Directory domain but must not run as a domain controller.

Enabling Network Level Authentication (NLA) on Microsoft RDS is optional but strongly recommended.

Before installing the OAS, the Inuvika OVD Session Manager (OSM) must be installed and running. Furthermore if the RDS role has been installed, the server must be rebooted before installing the OAS.

Download the OAS installer from this location: https://archive.inuvika.com/ovd/{VERSION_CODE}/

Important

Replace {VERSION_CODE} with the version code as described in the Version code section.

Copy the OAS installer to the Windows Server machine you wish to install it on and run it.

The only installation data required is resource name of the OVD Session Manager. (We use sm.test.demo here as an example, but of course, you have to specify your own domain name).

When the installation is complete, the Windows OVD service should be configured and running. To check go to the Windows Services, browse to OVD agent and look at the status.

The server should appear in the list of Unregistered Servers in the OVD Administration Console.

If your server does not show up in the list, you might have a DNS configuration issue.

Note

Ensure that the firewall is correctly configured for the ports (Refer to the Firewalls and Ports section) required by OVD.

Installing on Ubuntu LTS

Some cloud based environments do not provide an Ubuntu system with all the required packages. The OVD Application Server requires the relevant linux-image-extra package to be installed on Ubuntu for it to work correctly.

  • Check if the package is installed and if not install it using the following command:

    • For Ubuntu 18.04 LTS server (Bionic Beaver) 64 bits (not available for OVD versions prior to 2.7)

      # apt install linux-modules-extra-$(uname -r)
      
    • For Ubuntu 16.04 LTS server (Xenial Xerus)

      # apt install linux-image-extra-$(uname -r)
      
    • For Ubuntu 14.04 LTS server (Trusty Tahr) (for OVD versions prior to 2.7)

      # apt install linux-image-extra-$(uname -r)
      
  • Install the OAS packages:

    # apt install inuvika-ovd-slaveserver-role-aps inuvika-ovd-desktop
    
  • The only information required is the resource name where the OSM can be accessed (we use sm.test.demo in this example, but of course, you have to use your own resource name).

    Important

    If you choose to install OAS on the same machine as OSM, enter 127.0.0.1 for the resource name.

  • The server must be rebooted if using Ubuntu 14.04 LTS (Trusty Tahr) (for OVD versions prior to 2.7).

    # reboot
    

The server should appear in the list of Unregistered Servers in the OVD Administration Console.

If your server does not show up in the list, you might have a DNS configuration issue.

Note

Ensure that the firewall is correctly configured for the ports (Refer to the Firewalls and Ports section) required by OVD

Installing on RHEL 7 and CentOS 7

  • Add the repository which provides Xfce support on RHEL/CentOS:

    # yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    
  • If the system has been installed by using the minimal installation, the firewall is enabled by default. You can flush the policy chain or turn off the firewall.

    Flush the policy chain:

    # iptables -F
    

    Stop the firewall:

    # systemctl stop firewalld
    
  • Install the cups package:

    # yum install cups
    
  • Configure and start the cups service:

    # chkconfig cups on
    # service cups restart
    
  • Install the OAS packages:

    # yum install inuvika-ovd-slaveserver-role-aps inuvika-ovd-desktop
    
  • Launch the configuration tool and configure the Session Manager address

    # ovd-slaveserver-config --sm-address sm.test.demo
    

    Important

    If you choose to install OAS on the same machine as OSM, enter 127.0.0.1 for the resource name.

  • Enable the ovd-slaveserver service

    # chkconfig ovd-slaveserver on
    
  • The server must be rebooted

    # reboot
    

The server should appear in the list of Unregistered Servers in the OVD Administration Console.

If your server does not show up in the list, you might have a DNS configuration issue.

Note

Ensure that the firewall is correctly configured for the ports (Refer to the Firewalls and Ports section) required by OVD.

Registering the Server and Publishing Applications

In the Administration Console, click register to register your application server and switch it from "maintenance" to "production" mode.

Any applications that were available on the server should now be listed in the Administration Console.

You can enter the desired Display name of the server which is the field used in the Administration Console to identify the server.

The next step is to create the required publications so that authorized users can access the applications they require. A publication links an application group to a user group so that users in the user group have access to the applications in the application group. You should plan how best to allocate your publications but to get started try adding some applications to an existing Application Group so that users will be authorized to run those applications. If you do not have any existing Application Groups, please refer to the Inuvika OVD Administration Guide first.

Launching a Session

If you launch a session, you should be able to access to your applications from the application menu and from desktop icons if you did not disable that option in the Administration Console.

Internal System

Examining the Windows Agent Log

In a default Windows installation, the log file can be found at:

C:\ProgramData\OVD\slaveserver\log.

It's also possible to read view messages in the Windows Event Viewer (in the Application section).

User Isolation (Optional)

By giving access to the same Application Server to different user sessions, connected users may find several ways to be aware of each other. Users should not have any rights to view or alter another user’s data but the default Operating System rules can allow users to list existing user accounts and access this data.

Our recommendation, as part of our OVD Best Practices, is to change the Operating System’s default access rules for the home directory base folders.

  • Windows: C:\Users

    # icacls C:\Users /deny OVDUsers:(NP)(RD)
    

    Additionally, you can also apply the following rule which will prevent OVD Users from creating content in C:\.

    # icacls C:\ /deny OVDUsers:(NP)(W)
    
  • Linux: /home

    # chmod o-rw /home/
    

OVD File Server (OFS) Installation and Configuration

Within OVD, the OFS provides a centralized file management system that enables users to access the same files independently of which application server is used to provide the application. OFS provides a network file system that the OAS Servers are able to access when users are running sessions. It is used to provide access to both user profiles, and data folders and files.

The OFS is available for Linux based servers only. In a small OVD server farm, the OFS may reside on the same physical machine as the OAS. In larger installations, the OFS would typically be installed on dedicated hardware.

Requirements

All of the following Operating Systems are supported:

  • RHEL 7.x / Centos 7.x 64 bits
  • Ubuntu 18.04 LTS server (Bionic Beaver) 64 bits (not available for OVD versions prior to 2.7)
  • Ubuntu 16.04 LTS server (Xenial Xerus) 64 bits
  • Ubuntu 14.04 LTS server (Trusty Tahr) 64 bits (for OVD versions prior to 2.7)

Minimum hardware configuration:

  • CPU: 2 cores (4 cores recommended)
  • Memory: 2 GB (4 GB recommended)
  • Storage: 100+ GB. High speed disks with RAID-1 (15krpm, SSDs or SAN disks).
  • Network: 1 GB NIC

Installing on Ubuntu LTS

  • Install the OFS package:

    # apt install inuvika-ovd-slaveserver-role-fs
    
  • The only information required is the resource name where the OSM can be accessed (we use sm.test.demo here for the example, but of course, you have to set your own domain name).

Important

If you choose to install OFS on the same machine as OSM, enter 127.0.0.1 for the resource name.

The server should appear in the list of Unregistered Servers in the OVD Administration Console.

If your server does not show up in the list, you might have a DNS configuration issue.

Note

Ensure that the firewall is correctly configured for the ports (Refer to the Firewalls and Ports section) required by OVD.

Installing on RHEL 7 and CentOS 7

Important

The current version of Samba provided by the official repository for RHEL up to 7.2 contains a bug that causes an issue with hidden files created by Microsoft Excel.

As this issue prevents Microsoft Excel hidden files from being properly cleaned we recommend to:

  • upgrade to RHEL 7.3 if OFS is installed on RHEL 7.X
  • upgrade to CentOS 7.3 if OFS is installed on CentOS 7.X
  • Install the samba package:

    # yum install samba
    
  • Configure and start the samba service:

    # chkconfig smb on
    # service smb restart
    
  • Install the OFS package:

    # yum install inuvika-ovd-slaveserver-role-fs
    
  • Launch the configuration tool and configure the Session Manager address:

    # ovd-slaveserver-config --sm-address sm.test.demo
    

    Important

    If you choose to install OFS on the same machine as OSM, enter 127.0.0.1 for the resource name.

  • Enable the ovd-slaveserver service:

    # chkconfig ovd-slaveserver on
    
  • The server must be rebooted:

    # reboot
    

The server should appear in the list of Unregistered Servers in the OVD Administration Console.

If your server does not show up in the list, you might have a DNS configuration issue.

Note

Ensure that the firewall is correctly configured for the ports (Refer to the Firewalls and Ports section) required by OVD.

OVD Web Access (OWA) Installation and Configuration

The OWA server is responsible for managing browser-based client sessions. This requires an HTML5 compliant browser on the client machine but no software needs to be installed on the client machine. The OVD session can be tunneled over an SSL session for secure data transmission.

For small installations, it is possible to install OWA on the same machine as the OSM. For larger installations it is recommended to install one or more OWA systems on their OWA server and to load-balance the servers for optimal performance.

In this example, we are using web.test.demo as the OWA resource name.

Requirements

All of the following Operating Systems are supported:

  • RHEL 7.x / Centos 7.x 64 bits
  • Ubuntu 18.04 LTS server (Bionic Beaver) 64 bits (not available for OVD versions prior to 2.7)
  • Ubuntu 16.04 LTS server (Xenial Xerus) 64 bits
  • Ubuntu 14.04 LTS server (Trusty Tahr) 64 bits (for OVD versions prior to 2.7)

Minimum hardware configuration:

  • CPU: 2 cores recommended as a minimum
  • Memory: 4 GB recommended as a minimum
  • Storage: 20 GB
  • Network: 1 GB NIC (2 for failover)

Installing on Ubuntu LTS

  • Install the OWA package:

    # apt install inuvika-ovd-web-access
    
  • During the installation, you will be asked if you want to connect the OWA to an existing OSM.

  • If you answered "yes" for the previous question, you will be prompted to enter the resource name of the OSM. In our example: sm.test.demo.

  • The installer will prompt whether to enable HTTPS access to the OWA if it detects that HTTPS access is not already enabled on the system. If HTTPS access is enabled, after completing the installation, both HTTP and HTTPS access to the OWA will be available.

To test whether the system is running, enter the OWA resource name (prefixed by HTTP or HTTPS) in your browser and you should see the OVD login page

Installing on RHEL 7 and CentOS 7

  • Install the EPEL repository. The EPEL repository is a separate repository which provides many additional software packages not provided by the default CentOS repositories.

    # yum install https://download.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    
  • Install the OWA package:

    # yum install inuvika-ovd-web-access
    

    Note

    The HTML5 client is enabled by default and is configured to use a Tomcat server

  • Launch the configuration tool and set the IP for the OSM

    # ovd-web-access-config
    Session Manager address [127.0.0.1]:
    
  • Select whether to enable HTTPS access to the OWA. This message is displayed only if HTTPS access is not already enabled on the system. If HTTPS access is enabled, after completing the installation, both HTTP and HTTPS access to the OWA will be available.

    Enable HTTPS support [yes] (yes or no):
    
  • Configure and then start the Tomcat service

    # chkconfig tomcat on
    # service tomcat restart
    
  • Configure and then start the guacd service

    # chkconfig guacd on
    # service guacd restart
    
  • Configure and start apache service

    # chkconfig httpd on
    # service httpd restart
    

To test whether the system is running, enter the OWA resource name (prefixed by HTTP or HTTPS) in your browser and you should see the OVD login page

Advanced Settings Description

In the login window, the user can set advanced parameters by clicking the "Advanced settings" button.

  • Mode: This option allows you to pick which session mode you want to use.

    • Desktop: The OWA will display a full desktop with OVD applications integrated within it.

    • Portal: The OWA will display a window with a list of available OVD applications. This mode will provide a seamless user experience in which the user can interact with the applications as though they were installed and running locally subject to the security limitations imposed by HTML5.

  • Language: This option allows you to pick which language your OVD session will use.