Skip to content

Basic HyWorks Configuration

Basic HyWorks configuration is for the organizations with Single Organization structure in which logical separation of resources is not required. It also includes configuration of authentication mode.

Refer configuration steps in Multi-Organization Deployment in case logical separation of resources is required.

HyWorks Deployment in Single Organization

Flowchart depicts entire configuration but this section describes steps of the basic configuration only.

Step#1: Install HyWorks Controller service and Management console

HyWorks Controller supports two types of deployments:

  1. Standalone (HyWorks without High Availability)

    HyWorks Controller must be installed with SQL Servers. Refer HyWork Controller Installation for details.

  2. Cluster

    HyWorks Controllers must be installed with SQL Server with some additional prerequisites. Refer HyWorks Controller Installation For Cluster for details.

Use Installation Wizard to install HyWorks Controller and Management console. Refer HyWorks v3.3 Installation for the entire flow of installation.

Step#2 Add Authentication server and Authentication Domain configuration

Once the installation is complete, next step is to add the authentication server and configure the authentication domain to specify authorization and authentication servers.

HyWorks supports following authentication servers:

  1. Microsoft Active Directory
  2. Novell Directory/Open LDAP
  3. Built-in (available by default)

Configure Authentication Server:

  1. Go to Configuration -> Server -> Authentication and click Add

  2. In Authentication Server window, select Server Type e.g. Microsoft Active Directory, Novell Directory/Open LDAP and specify following information:

    1. Enter display name for the authentication server. This is to uniquely identify the server.

    2. Provide server address e.g. 192.168.1.1 or Accops.com

    3. Provide appropriate Domain name which could be NetBIOS Name for domain (this domain name information will be used for signing into remote sessions).

    4. Port Number to be used to communicate with authentication server (default is 389)

    5. Enable SSL: Check this checkbox if configured Active directory supports secure communication, default port for SSL communication is 636)

    6. Provide Base DN information (Mandatory for LDAP type authentication server and for Active directory configurations, when Active directory options in System -> Advance Config is set as 6, which uses LDAP search method to communicate with AD )

      1. All users, groups and OUs will be fetched if Base DN information is not provided

      2. On providing specific Base DN information users, groups or OUs will be fetched accordingly.

    7. User DN (Mandatory for LDAP type authentication server and for Active directory configurations, when Active directory options in System -> Advance Config is set as 6, which uses LDAP search method to communicate with AD )

      1. Distinguish name of user, to be used to communicate with active directory server, user should have privileges to fetch user, group, OU information under specified base DN

    8. Username: Username of user from authentication to be used to communicate with active directory server, user should have privileges to fetch user, group, OU information. This field is available for only active directory type authentication server configuration.

    9. Valid Password for user configured in step# 7-8

    10. Select appropriate Login Attribute: User Id, User Principal Name, Mail Id, Phone number. The selected attribute will be used to authenticate user on logon.

      1. User Id: Map username entered by the user with the User Id field of HyWorks

      2. User Principal Name: Map username entered by the user with the User Principal Name field of HyWorks. HyWorks will form User Principal Name using following methods

        1. User logon using only username without domain name: HyWorks will generate UPN using domain name configured in authentication server configuration. E.g. user logs-in using john.test => john.test@domain.com

        2. User logon using with domain name\ username: HyWorks will generate UPN using domain name and username provided by user. E.g. user logs-in using domain.com\john.test => john.test@domain.com

        3. User logon using full UPN in format username@domain-name: HyWorks will use credentials as provided. E.g. user logs-in using john.test@domain.com => john.test@domain.com

      3. Mail Id: Map username entered by the user with the Mail Id field of HyWorks

      4. Phone Number: Map username entered by the user with the Phone Number field of HyWorks

      !!! note

       -  Default login attribute for configuring Active directory is SAMAccountName and for configuring LDAP is CN. These attributes (SAMAccountName with AD and CN with LDAP server) are most commonly user login attribute.

    11. Log Attributes in Login: Optional, specify the AD attributes that will be logged in logs along with each user login event. This field can be used to create additional information in log file to generate customer report.

    12. Skip Login Attribute Verification: Default enabled, when unchecked, all the four underlying attribute will is checked on the AD, whether it is present or not while configuring AD. If checked and any attribute is missing in AD, then error will be reported in user login. For e.g. if "Phone Number" attribute is specified as "telephoneNumber" AD attribute and this attribute is not exist in AD, error will be reported during login.

    13. Add secondary authentication server: Default unchecked, select and provide details of secondary authentication server for Active directory failover conditions. The provided secondary authentication server must be in sync with primary active directory server.

  3. Click Test Connection.

  4. If the connection is established successfully, click Add.

This completes Authentication Server configuration. For detailed information refer Authentication Server Configuration Section in Admin Guide

Configure Authentication Domain: HyWorks v3.3 requires the authentication domain to be configured from Organization wizard.

  • Authentication domain defines, server to be used for authentication and server to be used for authorization (entitlements).
  • Authentication and authorization server can be same or different based on the requirement.
  • Domain name to be used for connections etc.

To configure Authentication domain, follow the below given steps:

  1. Go to Configuration -> Workspace -> Organizations

  2. Select default or child organization and click Edit.

  3. In Edit Organization wizard, go to Authentication Domain section and specify

    1. Authentication Server: this server will authenticate user at the time logging in.

    2. Authorization Server: all assignments and entitlements will be done from this server.

    3. Domain Name will be fetched from:

      • Authentication Server
      • Authorization Server
      • Custom Domain

    4. If you are using Built-in Authorization server, provide following information:

      1. User creation on RDS: Choose Manual synchronization to synchronize manually, set as Automatically on logon or Do not create.

      2. User credentials for RDS: Select Built-in directory credential if you want to connect HyWorks connect using built-in credentials. If you do not select this, connection will be made using logged-in user credentials (User provided credential).

      3. Populate users into built-in directory : This option defines how users will be populated in Built-in directory.

        1. Create Users in Built-in Directory - If you choose this option Administrator will have to add users manually or by importing from CSV files.
        2. Import Users from Authentication Server - If you choose this option you will be able to import of users from other authentication server into Built-in directory.

      Note

      Authentication and authorization servers are using different search attribute. It may result in logon failure or authorization issues.

  4. Go to the Desktop Client Settings and click Save.

This completes configuration of Authentication domain.

The subsequent steps will depend on the kind of session delivery mechanism.

Resource configurations in Shared VDI

HyWorks supports delivery of applications and shared hosted desktops from following platforms:

  • Windows Server 2019/2016/2012R2/2008R2-SP1,
    Windows Server 2003 (limited),
    Windows 10 Multi-Session (Azure), installed with Accops Session Host Server module

  • Linux SHD Server (xUbuntu 20.04,
    xUbuntu 18.04,
    xUbuntu 16.04.4) image with required packages

Add Session Providers

  1. Go to Configuration -> Server -> Session Provider Section and click Add.

  2. In Add Session Provider wizard,

    1. Select Category as Shared Session Host, Type as Microsoft RDS Server or Linux RDS Server.

    2. Provide appropriate Name for session provider, enter IP address or Hostname of the RDS server in Host Address field.

      Note

      The Windows Remote Desktop Session Host role must be installed with Accops HyWorks Session Host Server module.

    3. Enter RDP Port number to connect from client.

    4. Select Session Team. Session Teams is created for load balancing among the session host servers. By default, two session teams - one for windows and one for linux in configuration; are created that cannot be deleted. Linux SHD Servers and Windows SHD Servers should be created in Linux Session teams and Windows Session teams respectively.

      1. As per session team selection, Weight field can be enabled, which represents respective weightage of server and should be set as per server capabilities comparing to other server in team.

    5. Set Max Session Count above 0 to restrict maximum number of sessions to be given from this session host server

      1. Zero represents unlimited sessions

    6. Select Active checkbox to enable session host server for the session delivery. Inactive session host servers are not used for giving sessions.

    7. Set Advance Configuration as per requirement

      • Enable Diagnostics
      • Enable Remote Control
      • Enable Virtual-IP

    8. Select Assign Applications to display options to associate already published applications in HyWorks with session host servers. Ignore if session host server is added for shared hosted desktop delivery only or applications have to be published later.

    9. Click Add.

    10. Session Host server is now configured and is ready for shared hosted desktop or application deliveries.