- Published on
Thin Client Management
- Authors
- Name
- Jackson Chen
Citrix Virtual Apps and Desktops
https://www.citrix.com/en-au/products/citrix-virtual-apps-and-desktops/
VMware Horizon View VDI
https://www.vmware.com/au/products/horizon.html
Thin client Usage
Horizon View VDI and Citrix Virtual Apps and Desktops (formerly XenApp & XenDesktop) supports thin client and zero clients.
PCoIP Management Console - Teradici
https://www.teradici.com/products/management-console
How to Active Teradici License Offline
https://www.teradici.com/web-help/pcoip_management_console/20.07/managing_licenses_offline/
All scripts are located in the PCoIP Management Console virtual machine console’s /opt/teradici/licensing directory and require you to connect to your PCoIP Management Console virtual machine console
To activate your PCoIP Management Console Enterprise license when the PCoIP Management Console is located on a site without Internet access (sometimes referred to as a dark site), you will need to create a ticket for Offline License Activation. A support site account will be required to create this ticket. The ticket must include your license activation code that was provided by email when you requested a trial license or when your Enterprise license was purchased. Once the ticket is created, you will be provided with an offline activation .asr file allowing you to produce an offline activation short code to return to support. Support will in turn provide you with a response text file which you will use to activate PCoIP Management Console Enterprise.
Producing an Offline Activation Short Code
The ticket will first be updated by Teradici support with an ASR file which you have to upload to your PCoIP Management Console. Once you have the ASR file, perform the following steps from your PCoIP Management Console virtual machine console.
Enable SSH if using PCoIP Management Console in OVA format. See: Temporarily Enabling SSH Access
Connect a Secure Copy Protocol (SCP) client such as Putty or WinSCP to the PCoIP Management Console virtual machine using the PCoIP Management Console virtual machine administrative credentials.
Upload the ASR file provided in your ticket to the administrative home directory (/home/admin/).
Connect a Secure Shell (SSH) client to to the PCoIP Management Console virtual machine using the PCoIP Management Console virtual machine administrative credentials.
Change directories to the licensing directory.
[admin@localhost ~]$ cd /opt/teradici/licensing/
- Set the LD_LIBRARY_PATH variable.
[admin@localhost licensing]$ export LD_LIBRARY_PATH=/opt/teradici/licensing
- Process offline_activation.asr with appactutil.
[admin@localhost licensing]$ ./appactutil -shortcode ~/offline_activation.asr
Activation short code output example:
Activation short code: 216360-082292-891921-316997-475492-227533-740186-228152
- Copy your Activation short code into a text file and enter it into your ticket. Wait for the response code text file to be returned from support.
Completing the Offline Activation
Once the support ticket has been updated with a response code text file, you can then follow these steps to activate your PCoIP Management Console Enterprise with the response code file.
From the PCoIP Management Console virtual machine console enable SSH. See: Temporarily Enabling SSH Access Connect a Secure Copy Protocol (SCP) client such as Putty or WinSCP to the PCoIP Management Console virtual machine using the PCoIP Management Console virtual machine administrative credentials.
Upload the response text file provided in your ticket to the administrative home directory (/home/admin).
Change directories to the licensing directory.
[admin@localhost ~]$ cd /opt/teradici/licensing/
- Set the LD_LIBRARY_PATH variable.
[admin@localhost licensing]$ export LD_LIBRARY_PATH=/opt/teradici/licensing
- Process response.txt with appactutil.
[admin@localhost licensing]$ ./appactutil -process ~/response.txt
Reading response from /home/admin/response.txt
SUCCESSFULLY PROCESSED RESPONSE
ProductID MC, FulfillmentID FID-CUSTNAME-2016-1
Migrate PCoIP Management Console to a Newer Release
https://www.teradici.com/web-help/pcoip_management_console/19.11.1/migrating_mc_to_newer_release/
Configuring DNS for Endpoints that use Autodiscovery
Configure the DNS server to provision endpoints with Endpoint Bootstrap Manager information, as part of the endpoint autodiscovery process.
The following diagram explains the DNS discovery process
If an endpoint has already retrieved a DNS record before the DNS server is configured with PCoIP Management Console information, it does not poll the DNS server again until the record’s Time-To-Live expires (or the endpoint is rebooted). If the DHCP server does provide an option for the PCoIP Management Console address but the endpoint fails to connect for any reason (for example, because of a certificate verification failure or the PCoIP Management Console address is not reachable), DNS record lookup will not occur.
Do not configure DHCP options when you are using DNS record discovery
Do not configure DHCP options if you want to use DNS record discovery. Endpoints always prefer the PCoIP Management Console address or fingerprint that is specified in the DHCP options over that specified in the DNS record. If you provide the PCoIP Management Console address both as DHCP option and also as the DNS record, the endpoint will only use the PCoIP Management Console address found in the DHCP option
DNS service record discovery requires you to have a DNS server in your network that is configured with the following DNS records:
An address record (A record): Specifies the FQDN and IP address of the PCoIP Management Console. This record may be automatically created by the DHCP server.
A service location record (SRV record): Associates information such as the PCoIP Management Console’s TCP/IP service and the port the PCoIP Management Console listens on with the PCoIP Management Console’s domain and host name. The PCoIP Management Console’s TCP/IP service is called _pcoip-bootstrap, as shown in Adding the DNS SRV Record.
A DNS TXT record: Contains the PCoIP Management Console certificate SHA-256 fingerprint is also required if you have not installed the PCoIP Management Console’s trusted root CA certificate (the PCoIP Management Console chain certificate) in the endpoint’s certificate store and you want to use automatic discovery. The record’s name must be the host name of the PCoIP Management Console offering the service. In the following example, this record is called pcoip-mc38719. The domain is appended automatically.
Endpoint only picks up DNS TXT fingerprint if the PCoIP Management Console address is specified in a DNS SRV record
The endpoint only picks up the fingerprint from the DNS TXT record if the PCoIP Management Console address is specified in a DNS SRV record. For example, if the PCoIP Management Console address is specified as a DHCP option but the fingerprint is provided as a DNS TXT record, the endpoint will not retrieve the fingerprint information in the DNS server. Configure your PCoIP Management Console information using either DHCP options or DNS records, but not both.
The PCoIP Management Console’s certificate fingerprint (that is, the certificate’s digital signature). If provided, this fingerprint is only used when the endpoint’s security level is set to Low Security Environment and certificate verification has failed. It is ignored when the security level is set to Medium Security Environment or High Security Environment.
How To locate the PCoIP Management Console’s fingerprint:
Use Mozilla Firefox to log in to the PCoIP Management Console web interface.
Click the padlock icon in the browser’s address bar.
Click More Information.
Click View Certificate.
In the Fingerprints section, copy and paste the SHA-256 fingerprint into a text editor.
Troubleshooting DNS Entries
https://teradici.com/web-help/pcoip_management_console/21.03/troubleshooting_dns/
Migrate Teradici Management Server to New Server
The migration has mutilple steps as outline below
- Document existing Teradici System Network Configuration
Login into PCoIP Management Console appliance via SSH and login using admin account and perform the following steps to record the IP address, netmask, and default gateway.
a. Type sudo nmtui to launch NetworkManager TUI
b. From the main menu, select Edit a connection.
c. In the next screen, select eth0, and press Enter
d. Make a note of network information
e. Select Cancel and press Enter
f. Select Back to return to the main screen
g. Select Quit
- Generate new custom certificates and push it to all zero clients from Teradici Management console
a. Create schedule or manual push upgrade
b. Deploy to the required client profiles or site
- Document the existing licensing information
a. SSH into the appliance
b. Change directory by running cd /opt/teradici/licensing
c. Set the LD_LIBRARY_PATH variable by running export LD_LIBRARY_PATH=/opt/teradici/licensing
d. View the installed licenses and note the Fullfillment ID of the license to return by running ./appactutil –view command
e. Submit request to Teradici support and provide the licensing information
f. After receiving the licensing .asr file, save to network location. It will be used to license the new Teradici server.
Power off the existing Teradic server The migration and activiate of the new Teradici server take time, sometimes few days. The existing Teradici server would need to be powered on after deploy the new Teradici server.
Download Teradici ova file from Teradici support website, then deploy the OVA of new appliance using vSphere and network information recorded in step 1.
There are multiple methods to deploy the OVA files, pending the situations
a. Navigate to the required ESXi host, and deploy the OVA to the specific ESXi host (Prefer method)
b. If deployment failed, may need to try to use differnt browser and try again
c. If still failed, deploy the OVA file by login to ESXi host URL directly
Note: Deploy directly from ESXi host does not support distributed port group (dp-port group is vCenter feature)
After successful deployment, it will be able to be managed from vCenter
- Power on the new VM, and configure the new Teradici server
a. Login to https://<TeradicServer>/ using default credentials
b. Username: admin
c. Password: ManagementConsole2015 (default login credential)
d. Change the password
d. User the same network settings recorded in Step 1d.
e. Restart <Teradic Sever>
- Activate the licensing When waiting for the licensing file from Teradici support, the new Teradici server will be powered off. The existing Teradici server will be powered on to provide continuation of support.
a. Login to the new Teradic server via SSH
b. Import the the asr licensing file, and generate the licensing code, then submit to Teradici support and wait for the response.txt file.
c. After receiving the response.txt file, finalise the activation.
- Upload the Teradici SSL certificate
a. Login to https://<TeradicServer>/
b. Navigate to Settings -> Security -> Certificates
c. Upload the Teradic server certificate (.pem file)
d. Upload the private key
e. Upload the chain SSL certificate
- Update the DNS TXT record
a. Login to DNS managment console
b. Navigate and expand the DNS forward lookup zone
c. Select the Teradici TXT record
Note:
The TXT record is the Teradici SSL certificate SHA 256 Hash
i. Record name: <TeradicServerName>
ii. Text: pcoip-bootstrap-cert= xx:xx:xx......
- Backup and download the current PCoIP Management Console database archive file to external location
a. Log in to the https://<TeradiciServer>/console web interface
b. From SETTINGS > DATABASE, select BACK UP.
d. When the backup completes, select the file in the database table, click DOWNLOAD, and then save the archive file. You will need to retrieve this file later
- Upload the database archive file and restore the database
a. Log in to https://<Teradici>/
b. Go to SETTINGS > DTABASE > RESTORE
c. Follow the prompts to restore the database.
d. From the ENDPOINTS page, click REFRESH to see endpoints begin contacting the new PCoIP Management Console.
- Decommission the existing Teradici server after successfully migrate to the new server.