VMware Mirage 4.4 was released in March 2014! This latest release of Mirage introduces several new features. Mirage Edge Server is one of the most exciting ones. With Mirage Edge Server, remote end users can securely connect their devices back to the corporate network, where Horizon Mirage is centrally located, without going through a VPN. Saving this extra step creates a non-disruptive experience for those remote end users.
In this blog, we would like to share some guidelines and best practices for deploying and using the Mirage Edge Server. We will cover the following topics:
- Topology for Mirage with Mirage Edge Server and remote clients
- Mirage Edge Server installation steps and best practices, for administrators
- Mirage Client installation, and troubleshooting on remote devices, for remote end users
- Centralizing remote endpoints, for remote end users
Topology
Figure 1 shows the topology of Mirage with Mirage Edge Server and remote clients.
Figure 1: Topology of Mirage
Here are the components, shown from right to left:
- Mirage in the datacenter – Mirage Server, Mirage Management Server, Active Directory, Storage, Mirage Management Console
- Mirage Edge Server
- Remote Clients
Mirage Edge Server Installation Steps and Best Practices
There are four steps to install and configure Mirage Edge Server:
1. Install Mirage Server, Mirage Management Server, and Mirage Management Console. (Refer to the VMware Horizon Mirage Installation Guide.)
2. Prepare and import an SSL certificate for Mirage Edge Server.
3. Install and configure Mirage Edge Server.
4. Add Mirage Edge Server in the Mirage Management Console.
We will cover steps 2, 3, and 4 in this blog.
Prepare and Import an SSL Certificate for Mirage Edge Server
You can use either a public CA or an internal CA to sign your certificate. You can even use a self-signed certificate for test purposes. You can use any tool to create a certificate.
Note: If you use an internal CA-signed certificate or a self-signed certificate, make sure that you import the certificate to your Trusted Root Certification Authorities in the certificate manager.
Install and Configure Mirage Edge Server
1. Before installation of the Mirage Edge Server, open ports 8000, 1000, and 1001 in the firewall for both inbound and outbound traffic through the firewall to make sure that the Mirage Edge Server can reach the LDAP and Mirage Server. Follow these steps:
a. Open Windows Firewall with Advanced Security from the Windows Control Panel, right-click Inbound Rules and select New Rule to open the New Inbound Rule Wizard.
b. Click Rule Type from the left pane, and select Port.
c. Click Protocol and Ports from the left pane, and select TCP for what the rule applies to.
d. For Specific local ports, enter 8000, 1001, and 1000.
e. Click Action from the left pane, and select Allow the connection.
f. Click Profile from the left pane, and select all of the check boxes: Domain, Private, and Public.
g. Click Name from the left pane, and enter a Name for the rule.
h. Repeat the same steps after right-clicking Outbound Rules from the Windows Firewall with Advanced Security.
2. Double-click MirageEdgeServer.buildnumber.msi Mirage Edge Server installation file and click Next to start the wizard. The buildnumber for Mirage 4.4 is 35175.
3. Click Next twice, through accepting the End-User License Agreement and providing the installation location.
Now you see the Mirage Edge Server Configuration window:
4. Enter the appropriate information. The field Token expiration time the time period after which remote end users are requested to log in to the Mirage Edge Server again, in hours.
Here are some errors you might run into after entering values in the Configuration window, and their resolutions:
- If the error reports “Invalid LDAP server configuration,” as in Figure 2, check your LDAP server IP address/FQDN and port.
Figure 2: Invalid LDAP Server Configuration Error
- If the error says “Invalid Mirage Server address and port,” as in Figure 3, check your Mirage Server IP address/FQDN and port. Furthermore, make sure that the Mirage Server port (the default port is 8000) is opened in your server. It is closed by default.
Figure 3: Invalid Mirage Server Address and Port Error
- If the error reports “No certificate found,” as in Figure 4, refer to the section Prepare and Import an SSL Certificate for Mirage Edge Server.
Figure 4: No Certificate Found Error
5. If there are no further errors, you can follow the wizard to finish the installation.
Add Mirage Edge Server in the Mirage Management Console
After the installation completes, go to the Mirage Management Console to add the Mirage Edge Server.
1. In the Mirage Management Console, go to System Configuration > Edge Servers in the left pane and click the Add (+) button.
2. Enter the required information.
3. The added Edge Server is now listed in the left pane.
Mirage Client Installation and Troubleshooting on Remote Devices
Now that the administrator has Mirage Edge Server installed and configured successfully, it is time for remote end users to install the Mirage Client on their remote devices.
Installation
For installation of the Mirage Client, use the installation file MirageClient.x86.buildnumber.msi or MirageClient.x64.buildnumber.msi. During the installation of the Mirage Client, the check box Use SSL to connect to the server must be selected. Enter the fully qualified domain name instead of the IP address of the Mirage Edge Server in the Horizon Mirage Server location field, as shown in Figure 5.
Figure 5: Horizon Mirage Client Configuration
Troubleshooting
After the Mirage Client installation finishes, the client takes a few seconds to connect to the Mirage Edge Server. When the client connects to the Mirage Edge Server successfully, the status on the Mirage Client window looks like this:
If the client does not connect, here are some common problems you might have, and their solutions:
- Make sure that you have the proper CA certificate installed. If you are using an internal CA-signed or self-signed certificate, import it to Trusted Root Certification Authorities in the certificate manager.
- Press Ctrl+Alt+S from the Mirage Client window to expose the VMware Horizon Mirage Configuration Utility.
From the VMware Horizon Mirage Configuration Utility window, click the Service tab, and select Detailed Log > Open to open the log. If you see the following log entry, it is most likely that the fully qualified domain name of the Mirage Edge Server you provided during installation cannot be resolved. Check your DNS configurations.
INFO Wanova.Common.NetUtils Unable to resolve server [ServerName:8000]: No such host is known
If you find the following line in the log, it is probably that either the certificate on your client or the certificate on your Mirage Edge Server is invalid. Check the certificates on your device, and ask your administrator to check these on the Mirage Edge Server.
ERROR Wanova.Net.Transport.GenericSocketWrapper Exception caught during socket creation: The remote certificate is invalid according to the validation procedure
Centralizing Remote Endpoints
If you are a remote end user and have Mirage Client installed on an endpoint device that connects to the Mirage Edge Server successfully, here are the steps to centralize, or back up, your device.
1. After the Mirage Client connects to the Mirage Edge Server successfully, the Current Action of the Mirage Client changes to Pending Logon, and you are prompted to provide login credentials.
In case you close the login dialog box accidentally, you can open it from the contextual menu of the Mirage icon on the system tool bar.
Enter your information to log in.
Note: Because the endpoint connects to the Mirage Edge Server rather than to the Mirage Server, the Mirage Server is not aware of the existence of the endpoint, and the administrator cannot see the endpoint in Pending Devices in the Mirage Management Console before you log in. As a result, the centralization process can be started only after the user logs in to the Mirage Edge Server.
2. Upon providing correct login information, the Current Action of the Mirage Client changes to Pending Assignment. If Enable automatic CVD Creation is enabled in the Mirage Management Console, the device is assigned automatically, and centralization starts accordingly. If Enable automatic CVD Creation is disabled, you need your administrator to help you to complete assignment. Before that, the endpoint stays in Pending Assignment state.
We will write again in the future when we have further improvements and enhancements to report. You can provide feedback or send questions about Horizon Mirage Edge Server using the Leave a Reply feature at the bottom of this blog.
References
VMware Horizon Mirage Documentation
Downloads
By Judy Wu, senior solution engineer for VMware End-User Computing (EUC), and Sheng Lu, staff engineer for VMware EUC
