6.3
Table Of Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Introducing vRealize Operations for Published Applications
- System Requirements for vRealize Operations for Published Applications
- Installing and Configuring vRealize Operations for Published Applications
- Install and Configure vRealize Operations for Published Applications
- Downloading the vRealize Operations for Published Applications Installation Files
- Install the vRealize Operations for Published Applications Solution
- Open the Ports Used by vRealize Operations for Published Applications
- Adding a vRealize Operations for Published Applications License Key
- Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
- Create an Instance of the vRealize Operations for Published Applications 6.3 Adapter
- Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
- Install the vRealize Operations for Published Applications Broker Agent
- Configure the vRealize Operations for Published Applications Broker Agent
- Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
- Install a vRealize Operations for Published Applications Desktop Agent
- Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
- Install and Configure vRealize Operations for Published Applications
- Enable PowerShell Remoting on the Server
- Enable HTTP Protocol for PowerShell Remoting
- Enable HTTPS Protocol for PowerShell Remoting
- Configure Firewall
- Update the etc/host file for DNS Resolution
- Install the Certificate on the Client
- Test Connection from Client Machine
- Flow of Commands for SSL cert Using makecert
- Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
- Managing RMI Communication in vRealize Operations for Published Applications
- Changing the Default TLS Configuration in vRealize Operations for Published Applications
- Managing Authentication in vRealize Operations for Published Applications
- Certificate and Trust Store Files
- Replacing the Default Certificates
- Certificate Pairing
- SSL/TLS and Authentication-Related Log Messages
- Upgrade vRealize Operations for Published Applications
- Create a vRealize Operations Manager Support Bundle
- Download vRealize Operations for Published Applications Broker Agent Log Files
- Download vRealize Operations for Published Applications Desktop Agent Log Files
- View Collector and vRealize Operations for Published Applications Adapter Log Files
- Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files
- Index
3 Generate a self-signed certificate with a new private key.
openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout HOSTNAME.key -out HOSTNAME.cer -
subj "/CN=HOSTNAME"
4 Convert the certificate and the private key to a .pfx file.
openssl pkcs12 -export -out HOSTNAME.pfx -inkey HOSTNAME.key -in HOSTNAME.cer -name
"HOSTNAME" -passout pass:
5 Deploy the generated SSL certificate (HOSTNAME.PFX file in the bin folder) to the remote server and
import it there .
Import SSL Certificate on Remote Machine
Upload the certificate PFX file to the remote server. You can do so by attaching your local disk drive to the
Remote Desktop session and copying the file in Explorer.
Procedure
u
Import the certificate into the Local Machine certificate store by pasting the following script in the
PowerShell console:
Replace path-to-pfx-file with the path to the PFX file. For example, C:\OpenSSL-Win64\bin\.
function Install-Certificate ($certPath, [string]$storeLocation = "LocalMachine", [string]
$storeName = "My")
{
$cert = New-Object
System.Security.Cryptography.X509Certificates.X509Certificate2($certPath,"",
"MachineKeySet,PersistKeySet")
$store = New-Object
System.Security.Cryptography.X509Certificates.X509Store($storeName, $storeLocation)
$store.Open("ReadWrite")
$store.Add($cert)
$store.Close()
"Thumbprint: $($cert.Thumbprint)"
}
Install-Certificate path-to-pfx-file\xenapp-dc.vcops.local.pfx
The output of this script is a certificate thumbprint, which is required when setting up HTTPS listener
for the WinRM service. If you generated SSL certificate in the IIS Manager, you can get its thumbprint
using the following PowerShell command:
Get-ChildItem cert:\LocalMachine\My | Where-Object { $_.Subject -eq "CN=HOSTNAME" }
Configure Configure WinRM HTTPS Listener
All the queries go through WinRM. Therefore, configure the WinRM HTTPS listener on the machine where
the broker agent is installed.
Procedure
u
To configure WinRM HTTPS listener on the remote server, run the following command on the
PowerShell prompt:
winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="xenapp-
dc.vcops.local";CertificateThumbprint= " 4D9157F66867A73A55A0B9F6DAC045EB52D4BF9A"}
Chapter 7 Enable HTTPS Protocol for PowerShell Remoting
VMware, Inc. 35