Skip to content

Configuration of HySecure Gateway for HyLabs Delivery

High-level workflow of the HySecure Gateway configuration:

Steps to configure HySecure:

  1. Initial Configurations

    1. Install HySecure Servers and a cluster.

    2. Add Active Directory and auth-domain configuration.

    3. HySecure domain configuration to use the auth-domain and have the same name as the HyWorks organization code.

    4. Apply appropriate licenses to the HySecure Gateway.

  2. Publish HyWorks Applications

    1. Configure Controller Application.

    2. Publish Network Application for reserved VMs Access.

    3. Create HyLabs HTTPS Application.

  3. Provide Application Access

    1. Create Application Group

    2. Create ACL to Provide Access to HyLabs Users

  4. Enable HyLabs Mode and Configure HyLabs Servers

Important

Refer to the HySecure Knowledge Center for available types of HySecure configurations.

HySecure Installation and Basic Configuration

  • Installation: An appropriate HySecure cluster sized correctly according to user load should be installed.

  • Initial Configuration:

  • Pre-boot and SO configuration.

    1. HA and cluster configuration.

    2. Add Active Directory and auth-domain configuration.

    3. HySecure domain configuration to use the auth-domain and have the same name as the HyWorks organization code.

  • Apply appropriate licenses to the HySecure Gateway.

Once the basic configuration is complete, the following configuration must be done for HyLabs delivery.

HyWorks Publishing on HySecure

Create HyWorks Controller Applications

  1. Create an application of type - Primary HyWorks Controller: Using the current primary HyWorks Controller address and port 38866 (default).

  2. Create an application of type - Secondary HyWorks Controller: Using the current secondary HyWorks Controller address and port 38866 (default).

Publish VDI

Create an application with the entire network range to be used by the deployed reserved VMs. This is required to access reserved VMs. You can also use specific IPs or a shorter range if known.

Create an HTTPS-type of Application for HyLabs OAuth

In HyLabs delivery, HySecure and HyWorks use the OAuth mechanism to manage the logged user’s identity. Follow the steps below to create an HTTPS-type application:

  1. Log in as an SO user in HySecure MMC.

  2. Depending on the HySecure version, the menu may differ. We are using v5.4 for explanatory purposes:

    1. Navigate to Apps and click Add (For older HySecure versions, navigate to Access Management > Applications).

    2. Under Basic Options

      Field name Value
      Type HTTPS
      Name Logical name, e.g., HyLabs OAuth
      Application Server Address IP of Primary HyLabs server. Provide the address of the HyWorks server when the HyLabs server and the HyWorks server are installed on the same machine. Refer to the screenshot below.
      Description Logical description of the application
      Tunnel Type App tunnel
      Application Port 443
      Protocol TCP
      Traffic Routing Allow
      Web URL IP of Primary HyLabs server in the format as https://, e.g., https://192.168.1.96. Provide the address of the HyWorks server when the HyLabs server and the HyWorks server are installed on the same machine. Refer to the screenshot below.
      Use Web VPN (in v5.4 or later) or Use Reverse Proxy (in older versions) Keep it Unchecked
      Hidden Application Keep it Unchecked
      Hide Application Access Pop-up Keep it Unchecked

    3. Under the Advanced Options section, keep all the options unchecked.

    4. The following are the fields available under the User Options section:

      Field name Value
      Enable Single Sign-On Option Enable
      Authentication Type OAuth based
      Pre-configured Service provider HyLabs (for v5.4 or above), RMS for older versions
      Authorization URL https://rms.com/oauth_consumer
      Consumer Key The key, obtained at the time of configuring the authorization server
      Consumer Secret The secret, obtained at the time of configuring the authorization server
      Request Token URL Keep it blank
      Access Token URL Keep it blank

  3. Click Add Application to Application Group to add an application to the application group. You can also do this later.

    • Select the application group, click Add > Submit (Select the group in which the controllers and network range have already been added).

  4. The application page lists the created application.

Create an Application group

Create an application group, e.g., HyLabs-Apps, and move all the applications listed below into this group:

  1. HyWorks Controllers

  2. VDI Network Range

  3. HyLabs OAuth

Detailed information about creating an application group can be found on the HySecure Knowledge Center.

Provide Application Access

To provide access to all users, create an ACL to allow the user group to have access to these applications.

Refer to the HySecure Knowledge Center to know more about the ACL creation process.

Now the controller and possible network IPs to be delivered using reservations are published for AD users.

RMS or HyLabs Mode configuration

From HySecure MMC (HySecure v5.4 or later)

The following configurations are required to be done on the HySecure Gateway server to access HyLabs:

  1. Log in to the HySecure Server Management Console as the SO user.

  2. Navigate to Settings > Global > Client.

  3. Under General Settings section, enable the HyLabs mode (by default, it is disabled). In older versions, it could be enable RMS Mode or Primary RMS Host.

  4. Enter the Primary and Secondary HyLabs Host addresses and click Submit. The changes should now be reflected in the HySecure Management Console.

Note

  • Do not submit again if the HyLabs addresses do not appear on screen after submitting. The addresses are already configured and not visible due to a known problem.

Using SSH to Gateway (Older version of HySecure)

The following configurations are required to be done on the HySecure Gateway server to access RMS:

  1. Log in to the HySecure Gateway Management Console as the SO user.

  2. Navigate to Client Settings and enable the RMS mode configuration. By default, it is disabled.

  3. Navigate to HyLite Configuration and set the RDP client as HyLite.

  4. Use the Putty client to access the HySecure server with the vpnsadmin user credentials and modify the file: /etc/httpd/conf/httpd.conf.

    1. Run the command vi /etc/httpd/conf/httpd.conf

    2. Locate the line Header, add Set-Cookie, and enter the Primary and Secondary RMS/HyLabs Servers IPs. (If HyLabs and HyWorks server are installed on the same server, provide IPs of HyWorks Primary and Secondary Server)

    3. Save the file and restart the Apache service by executing the command: systemctl restart httpd

  5. The HySecure Gateway is now ready for HyLabs delivery using AD.