Virtual Desktop Resource Profiles

Virtual Desktop Resource Profile Overview

In addition to standard resource profiles and resource profile templates, you can configure virtual desktops as resource profiles.

As with the other resource profiles, a virtual desktop profile contains all of the role assignments and end-user bookmarks required to provide access to an individual resource. Unlike other resource profile types, there is no resource policy to configure for virtual desktops due to the dynamic nature of virtual desktops. The IP address and port of the system is not known until the end user launches a session so dynamic ACLs are used.

Icons in the Virtual Desktops section on the end user's home page represent desktops defined by the administrator. Clicking the icon launches the session using the Virtual Desktop Infrastructure (VDI) architecture.

A few of the main features of virtual desktop resource profiles are:

•SSO so that the user can sign on without having to enter their credentials

•Dynamic ACLs

•Client delivery mechanism for end users who do not have the client already installed on their system

•Connection logging

Configuring a Citrix XenDesktop Resource Policy

The Citrix XenDesktop manages a pool of virtual desktops hosted on virtual machines and provides the connection management to those desktops. A list of XenDesktops is displayed to the end user as bookmarks. When a desktop is selected, the Citrix client is launched and the user can access that desktop.

To configure a Citrix XenDesktop profile:

1.Select Users > Resource Profiles > Virtual Desktops.

2.Click New Profile.

3.Select Citrix XenDesktop from the Type drop-down list.

4.Enter a name and description (optional) to identify this profile.

5.Enter the name or IP address and port of the connection broker using the format ip:port. For example,

10.10.1.10:80

xml.example.com:80

You can enter more than one IP address. Place each address on a separate line.

6.Select the Use SSL for connecting to the Server check box if SSL is required to connect to the server.

7.Enter the username to connect to the connection broker or use the <USERNAME> session variable.

8.Enter the password:

•To use a variable password to connect to the connection broker, select Variable Password and enter the variable in the form of <PASSWORD> or <PASSWORD@SEcAuthServer>.

•Select Password to use a static password to connect to the connection broker and enter the user credential's password.

9.Enter the domain where the connection broker is located.

10.Select Enable Java support to specify a Java applet to use to associate with the resource profile. The system uses this applet to intermediate traffic or falls back to this applet when ActiveX is not available on the user's system.

11.Click Save and Continue.

12.Select the roles to which this profile applies and click Add.

13.The Enabled Settings table under Users > User Roles also displays which roles have virtual desktops enabled.

14.Click Save Changes.

15.(Optional.) In the Bookmarks tab, modify the default bookmark created by the system and/or create new ones.

Configuring a VMware View Manager Resource Profile

VMware View Manager, formerly VMware VDI, lets you run virtual desktops in a data center that provide end users a single view of all their applications and data in a personalized environment regardless of the device or location they log in from.

To configure a VMware View Manager profile:

1.Select Users > Resource Profiles > Virtual Desktops.

2.Click New Profile.

3.Select VMware View Manager from the Type drop-down list.

4.Enter a name and description (optional) to identify this profile.

5.Enter the name or IP address and port of the connection broker using the format ip:port. For example,

10.10.1.10:80

xml.example.com:80

You can enter more than one IP address. Place each address on a separate line.

6.Select the Use SSL for connecting to the Server check box if SSL is required to connect to the server.

7.Enter the username to connect to the connection broker or use the <USERNAME> session variable.

8.Enter the password:

•To use a variable password to connect to the connection broker, select Variable Password and enter the variable in the form of <PASSWORD> or <PASSWORD@SEcAuthServer>.

•Select Password to use a static password to connect to the connection broker and enter the user credential's password.

9.Enter the domain where the View Manager server is located.

10.Click Save and Continue.

11.Select the roles to which this profile applies and click Add.

12.The Enabled Settings table under Users > User Roles also displays which roles have virtual desktops enabled.

13.Click Save Changes.

14.(Optional.) In the Bookmarks tab, modify the default bookmark created by the system and/or create new ones.

Defining Bookmarks for a Virtual Desktop Profile

When you create a virtual desktop resource profile, the system automatically creates a bookmark that links to the server that you specified in the resource profile. The system allows you to modify this bookmark as well as create additional bookmarks to the same server.

These bookmarks are listed in the role bookmark pages (Users > User Roles > Role_Name > Virtual Desktop > Sessions) but you cannot add, modify or delete the bookmarks from the role bookmarks page. Bookmarks can only be added as part of the resource file.

To configure resource profile bookmarks for virtual desktop profiles:

1.Select Users > Resource Profiles > Virtual Desktop.

2.Click the name of the virtual desktop profile.

3.Click the Bookmark tab to modify an existing session bookmark. Or, click New Bookmark to create an additional session bookmark.

4.(Optional.) Change the name and description of the session bookmark. (By default, the system populates and names the session bookmark using the resource profile name.)

5.Specify whether all desktops or to a selected subset of desktops are available to the user.

The desktop list is retrieved from the connection broker using the credentials defined in the profile resource page.

6.Enter the credentials used to log in to the actual VMware or XenDesktop machine. The system passes these credentials to the server so that users can sign on without having to manually enter their credentials.

7.Specify how the window should appear to the user during a session by configuring options in the Settings area of the bookmark configuration page.

(XenDesktop) Under Preferred Client, you can select Automatic Detection, Citrix Client or Java. If you select Automatic Detection, the system checks to see if Citrix Client is present. If it is not present, the end user is given the choice to download the Citrix Client or to use the alternate client, Java ICA Client.

8.Allow users to access local resources such as printers and drives through the terminal session by configuring options in the Connect Devices area of the bookmark configuration page.

(VMware) Enable MMR - Redirect certain multimedia codecs running on the remote desktop to the local client for rendering of full-motion video and audio.

(VMware) Allow Desktop Reset - Allow users to reset their desktop without administrative assistance. For example, if the desktop hangs, there is currently no way for the user to perform a hard reboot of the desktop. This option allows the users to restart their own virtual desktops thereby reducing the dependency on the administrator or helpdesk.

9.Specify how the terminal emulation window should appear to the user during a terminal session by configuring options in the Desktop Settings area.

10.Specify the roles to which you want to display the session bookmarks if you are configuring the session bookmark through the resource profile pages, under Roles:

•ALL selected roles - Displays the session bookmark to all of the roles associated with the resource profile.

•Subset of selected roles - Displays the session bookmark to a subset of the roles associated with the resource profile. Then select roles from the ALL Selected Roles list and click Add to move them to the Subset of selected roles list.

11.Click Save Changes.

Configuring the Client Delivery

You can use the Virtual Desktop Configuration page to define the client delivery mechanism for end-users who do not have the client. The process is similar for both Citrix XenDesktop and VMware View Manager.

1.Choose System > Configuration> Virtual Desktops. For Citrix XenDesktop, select Citrix.

2.Select Download from Ivanti Connect Secure to download the client file from the system. Click Browse to locate the client file (.msi, .exe or .cab) and enter the version number.

3.Select Download from a URL to download the client file from the Internet. If desired, enter a new URL to override the default.

4.Check the Access the URL through the Ivanti Connect Secure check box if end users cannot directly access the specified Web page. Selecting this option allows users to use the secure gateway to access the URL.

5.Under Server Connection Timeout, enter the number of seconds to wait for the server to respond before timing out.

Connecting to the Servers

When an end user clicks a desktop icon, the system passes credentials to the server based on the desktop profile.

For XenDesktop, the system authenticates to the Citrix DDC server using credentials defined in the desktop profile. If successful, the list of available desktops is returned by the DDC server and is represented as bookmarks to the end user. When an end user clicks a XenDesktop icon, the system retrieves the ICA from the XenDesktop server and presents a desktop session to the user.

When an end user clicks a VMware View Manager icon, the system authenticates to the View Manager using credentials defined in the desktop profile. If authentication is successful, a JSESSIONID cookie is returned by the View Manager, the system creates a tunnel using the cookie for the duration of the session.

If the desktop is unavailable, the client will continue to try to connect until the desktop is available or until a predefined timeout period occurs. An error message lets the user know the status, either that the system is retrying the connection or that the desktop is unavailable. Similarly if the desktop is already in use by another enduser, an error message is presented to the user.

User logs are updated to show which VM machines are assigned to each user. Username, realm, VM IP, port, connection type, pool and connection broker are logged with each message.

The Active Virtual Desktops Sessions page (System > Status > Virtual Desktop Sessions) lists the active connections, including the connection broker, the VM machine assigned to the user and the connection type.