Installing Application Manager Application Manager 1.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Installing Application Manager You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2012 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents 1 Installing and Configuring Application Manager 5 Application Manager Deployment Checklists 9 2 Introduction to Application Manager 11 3 Security Considerations and System Requirements for Application Manager 19 Application Manager Recommendations and Requirements 19 4 Preparing to Install Application Manager 23 Prepare to Install Application Manager 23 Convert the Virtual Appliance File Format 24 5 Installing Application Manager 27 Start the Application Manager Virtual Appliance 27 Use the V
Installing Application Manager 4 VMware, Inc.
Installing and Configuring Application Manager 1 This information describes how to install Application Manager, the on-premise appliance as opposed to the hosted version of Application Manager. When you host Application Manager, you control the operator and administrator pages that allow you to manage end-user access to your Windows, SaaS, and Web applications. The Connector is a required software piece that you must install separately.
Installing Application Manager Figure 1-1.
Chapter 1 Installing and Configuring Application Manager 2 n Create DNS records for Application Manager and the Connector. n Ensure hardware and software requirements are met. n Prepare the optional features that apply. For example, create the ThinApp repository for ThinApp integration and configure KDC for Kerberos authentication. n Prepare vSphere for Connector Authentication mode.
Installing Application Manager SSL connectivity, load balancing, and high availability add layers of complexity to your deployment that can be avoided during the proof-of-concept phase. By default, secure ports are disabled for the Connector and Application Manager. For the proof-of-concept phase, you can install the Connector and Application Manager using the default insecure ports. This frees you during this phase from managing SSL certificates.
Chapter 1 Installing and Configuring Application Manager Application Manager Deployment Checklists You can use the Application Manager Deployment Checklist to gather the necessary information to install Application Manager on premise. Network Information for Application Manager Table 1-2. Application Manager Network Checklist Information to Gather List the Information IP Address Subnet Mask Gateway DNS Server Network Information for the Connector Table 1-3.
Installing Application Manager Active Directory Domain Controller Table 1-6. Active Directory Domain Controller Checklist Information to Gather List the Information Active Directory IP Address Active Directory FQDN 10 VMware, Inc.
Introduction to Application Manager 2 Application Manager is an identity and access management service or virtual appliance that unifies your software as a service (SaaS) applications and Windows applications (captured as ThinApp packages) into a single catalog for entitlement. Table 2-1.
Installing Application Manager Table 2-1. Application Manager Component Terminology (Continued) Application Manager Component Other Terms Used Application Manager Administrator Web interface n Administrator Web interface The browser-based interface of Application Manager that you, as an administrator of a specific organization, use to manage user access and entitlements to SaaS and ThinApppackaged applications. This interface provides an overview of a single organization.
Chapter 2 Introduction to Application Manager Table 2-1. Application Manager Component Terminology (Continued) Application Manager Component Other Terms Used Description Connector Web interface n None The browser-based interface you use to configure and manage the Connector after using the Connector virtual appliance to make the initial Connector configurations.
Installing Application Manager Figure 2-1.
Chapter 2 Introduction to Application Manager Application Manager User Authentication Connector Authentication mode refers to access to Application Manager where the Connector is the starting point for user authentication. Table 2-2. Providing User Access to Application Manager in Connector Authentication Mode User Access From Inside the Enterprise Network n Configure Kerberos authentication or username/password authentication.
Installing Application Manager Table 2-3. Connector Authentication Mode: URL Examples (Continued) Target Specific Applications URL Example Information https://ConnectorHost.MyDomain/authenticate/ Use this URL for troubleshooting and testing purposes if Kerberos is configured. Replace ConnectorHost and MyDomain with the appropriate values. https:// MyOrg.MyDomain.com/SAAS/API/1.
Chapter 2 Introduction to Application Manager IdP Discovery You configure the IdP Discovery feature using the Application Manager Administrator Web interface. See Application Manager Administration Help. The IdP Discovery feature works in conjunction with Connector Authentication mode. IdP Discovery refers to the discovery of identity providers. The Connector acts as an identity provider. Therefore, even though users access a URL directly to Application Manager, such as https://MyOrg.MyDomain.
Installing Application Manager ThinApp Packages ThinApp package access requires Connector Authentication mode. See Installing and Configuring the Connector for information about integrating the Connector with ThinApp. Evaluation and Quick Access to Application Manager For evaluation purposes, you can access the User Portal as an administrative user with minimum configuration. This quick-access configuration works in Connector Authentication mode only.
Security Considerations and System Requirements for Application Manager 3 When you install and configure Application Manager, you install the Application Manager virtual appliance and use both the Application Manager virtual appliance interface and the Application Manager Web interface for configuration purposes. You must manage the Web interface with care to avoid security issues.
Installing Application Manager Hardware Requirements for the Application Manager Virtual Appliance Host Ensure that the environment for the host, the vSphere instance, to run the Application Manager virtual appliance meets the minimum hardware requirements. Table 3-1. Minimum Application Manager Hardware Requirements Component Minimum Requirement Processor One Intel Xeon Dual Core, 3.
Chapter 3 Security Considerations and System Requirements for Application Manager System Requirements for User Systems Running the Horizon Agent This requirement applies when Application Manager provides ThinApp Package access. If users run the Horizon Agent from their systems, ensure that users' systems meet the minimum requirements. Table 3-4. User System Requirements Component Required Random-access memory 1GB VMware, Inc.
Installing Application Manager 22 VMware, Inc.
Preparing to Install Application Manager 4 Preparing to install the Application Manager involves creating the DNS name; obtaining the Application Manager virtual appliance; and configuring the hardware, resource, and network settings of the Application Manager host. Other preinstallation tasks might be required depending on the specifics of your deployment.
Installing Application Manager The DNS name must be available in your DNS server for the Application Manager hostname to be recognized. Depending on your organization, creating the DNS record might take several days. Provide enough time to ensure that the DNS name is available when required. The hostname has at least three parts, a.b.c. For example, Org1.MyDomain.com. IMPORTANT When you are prompted for a hostname in the Application Manager virtual appliance, be aware that the name you enter, such as Temp.
Chapter 4 Preparing to Install Application Manager Disk progress: 36% … Disk Transfer Completed Completed successfully Example: File Conversion Output Two items appear in your current directory as a result of this task: a .vmdk disk image file and a .VMX virtual machine configuration file, as the following example shows: -rw------- 1 root root 1.6G 2011-05-17 14:46 central-virtualappliance-disk1.vmdk -rw-r--r-- 1 root root 1.1K 2011-05-17 14:46 central-virtualappliance.
Installing Application Manager 26 VMware, Inc.
Installing Application Manager 5 After you install Application Manager virtual appliance, you can access the Application Manager Operator Web interface to run the Operator setup wizard. Installing Application Manager includes the following tasks: n Use vSphere Client to install the Application Manager virtual appliance. n Start and configure the virtual appliance.
Installing Application Manager Use the Virtual Appliance Interface for the Initial Application Manager Configuration Use the Application Manager virtual appliance interface to make the initial configurations to Application Manager, such as network and time-related configurations. When you install the Application Manager virtual appliance, the Application Manager virtual appliance interface first prompts you for the root and sshuser passwords.
Chapter 5 Installing Application Manager 3 Respond to the wizard prompts with information specific to your deployment. Option Action Respond to the IPv6 prompt. Type y if you have an IPv6 network. If you do not have an IPv6 network, accept the default response of n. Respond to the DHCPv4 prompt. NOTE The recommended practice is to use a static IP address. If you have a static IP address, type n. Continue responding to the subprompts related to a static IP address.
Installing Application Manager n As a troubleshooting option when users experience an access issue. See the troubleshooting section for information about the possible messages on this screen. 6 7 Set the time zone for Application Manager. a Select Set Timezone. b Continue selecting location options to select your specific time zone. In the Application Manager virtual appliance interface, select Configure to view or set available configuration options.
Chapter 5 Installing Application Manager Application Manager is ready for further configuration. What to do next Use a browser to access the Operator Web interface. VMware, Inc.
Installing Application Manager 32 VMware, Inc.
Configuring Application Manager with the Operator Setup Wizard 6 Use the Operator setup wizard for the initial configuration of Application Manager, including the creation of the first organization. You can then configure the Connector or return to the Operator Web interface for further configuration. The setup wizard leads you through a quick and simple configuration process.
Installing Application Manager 2 Run the Operator setup wizard to create your initial organization. During the setup, you must decide to generate an activation token or to create a temporary administrator. IMPORTANT Whichever option you choose, to generate a Connector activation token or to create a temporary administrator, be aware that to reach Application Manager with a browser before you configure the Connector, you must use a specific URL, such as: http://MyOrg.MyDomain.com/SAAS/login/0.
Making Additional Application Manager Configurations 7 Key Application Manager functionality can be configured with the Application Manager virtual appliance interface or with a combination of interfaces. When you install Application Manager, the virtual appliance leads you through a configuration wizard. After you perform that initial configuration, you can use the virtual appliance interface and other interfaces for further configuration. Perform the configuration tasks that apply to your deployment.
Installing Application Manager Prerequisites Verify that a syslog server is installed, configured, and accessible from Application Manager. Procedure 1 Access the Application Manager virtual appliance interface. 2 Select Login and log in to the SLES operating system. 3 Use the appropriate commands to access and configure the log4j.properties file to send logs to syslog internally. 4 Use the appropriate commands to access and configure the syslog-ng.
Chapter 7 Making Additional Application Manager Configurations 2 Enable Secure Ports for the Connector on page 37 To enable SSL for your Application Manager deployment, after you enable secure ports for Application Manager, you must enable secure ports for the Connector. For the Connector, enabling secure ports requires you to reset and reconfigure the Connector, which requires a new activation code.
Installing Application Manager 3 At the prompt, type the number to Configure Web Server. 4 At the prompt, type the number to port 80. This disables insecure port 80. 5 Exit the Connector virtual appliance interface. 6 Log into Application Manager as either an operator or administrator to create a new activation code for the Connector. u Table 7-2.
Chapter 7 Making Additional Application Manager Configurations 6 Deploy the certificate to each user machine. For production rollout, multiple tools are available to deploy SSL certificates to user machines. For testing with a limited number of users, users can install the SSL certificate themselves from an accessible location.
Installing Application Manager The self-signed Application Manager certificate has been copied to the Connector, allowing Application Manager and Connector to communicate using SSL. What to do next Use the Application Manager deployment to verify that SSL is functioning between Application Manager and the Connector.
Chapter 7 Making Additional Application Manager Configurations What to do next Use the Application Manager deployment to verify that SSL is functioning between Application Manager and the Connector. If an SSL problem exists, when you use the Connector Web interface and provide the activation code, the Connector displays an error message indicating that the Connector cannot connect to a specified URL.
Installing Application Manager If you choose to configure an additional Application Manager instance instead of cloning it, you must configure the additional instance and fetch the master keystore from a previously configured Application Manager instance. Prerequisites Have a plan for your Application Manager deployment that includes how you will handle load balancing and high availability.
Chapter 7 Making Additional Application Manager Configurations c At the respective prompts, provide the IP address, root username, and root password of the Application Manager instance from which the master keystore is to be copied. d Exit the Database Connection Configuration page. What to do next Log in to Application Manager as an operator to manage Application Manager clusters. Also, you can generate a new master key for an Application Manager cluster at any time.
Installing Application Manager Update Application Manager You can check for updates in the Operator Web interface or the Application Manager virtual appliance interface. However, in most cases, using the Operator Web interface is more convenient. To install the update, you must use the virtual appliance interface. Prerequisites n Verify that Application Manager is installed and properly configured. n Take a snapshot of the Application Manager virtual appliance as a backup.
Chapter 7 Making Additional Application Manager Configurations What to do next Log in to the Application Manager Operator Web interface to verify that the build number located at the bottom of each page has increased to the appropriate build. VMware, Inc.
Installing Application Manager 46 VMware, Inc.
Troubleshooting Application Manager 8 You can troubleshoot some problems with Application Manager directly from the Application Manager Web interface, while some troubleshooting involves other aspects of your Application Manager deployment.
Installing Application Manager Solution 1 In the Application Manager virtual appliance interface, select Configure. 2 If necessary, access the next page of options, at the prompt, type the number to NTP Status, and press Enter. A new screen appears that provides information about the NTP configuration. The NTP status is listed at the top of the page.
Chapter 8 Troubleshooting Application Manager 3 Run the following command: hznAdminTool setOperatorPassword -pass newpassword. You must replace the placeholder newpassword with a new password of your choice. A message appears indicating that the operator password has been successfully set. Connector Issue Prevents Administrator Access to Application Manager An IdP Discovery configuration issue might make Application Manager inaccessible.
Installing Application Manager Using a Static IP Address for Application Manager with vCenter Server Can Result in an Access Issue If you use vCenter Server to deploy Application Manager Appliance using a static IP address and an access issue occurs, a specific misconfiguration might exist.
Index A H activation code 33 Apache Tomcat 48 Application Catalog 11 Application Manager description 11 operating system 28 supported browsers 33 Application Manager virtual appliance interface 28 audience 5 Horizon Connector virtual appliance interface, description 11 Horizon Connector Web interface, description 11 Horizon deployment, description 11 Hybrid mode 11 hypervisor 23 B browser, support for Application Manager 33 C CA certificate 40 CLI interface 27 clustering, Application Manager 41 comman
Installing Application Manager P U password, the Application Manager Web interface 48 port 123 19 389 19 443 19 80 19 8080 19 8443 19 88 19 ports Application Manager 37 Connector 37 insecure 19 secure 19 preinstallation 23 update 44 User Portal 11 username-password verification 11 V vCenter Server 50 virtual appliance, file format 24 virtual appliance interface 35 VMX file format 24 vSphere 19 W Web server 48 Windows system administrator 5 R requirements hardware 19 network 19 resource 19 S SaaS 11
