Working with Horizon Mirage Edge Server
VMware Mirage 4.4 was released in March 2014! This latest release of Mirage introduces several new features. Mirage Edge Server is one of the most exciting ones. With Mirage Edge Server, remote end users can securely connect their devices back to the corporate network, where Horizon Mirage is centrally located, without going through a VPN. Saving this extra step creates a non-disruptive experience for those remote end users.
In this blog, we would like to share some guidelines and best practices for deploying and using the Mirage Edge Server. We will cover the following topics:
- Topology for Mirage with Mirage Edge Server and remote clients
- Mirage Edge Server installation steps and best practices, for administrators
- Mirage Client installation, and troubleshooting on remote devices, for remote end users
- Centralizing remote endpoints, for remote end users
Figure 1 shows the topology of Mirage with Mirage Edge Server and remote clients.
Figure 1: Topology of Mirage
Here are the components, shown from right to left:
- Mirage in the datacenter – Mirage Server, Mirage Management Server, Active Directory, Storage, Mirage Management Console
- Mirage Edge Server
- Remote Clients
Mirage Edge Server Installation Steps and Best Practices
There are four steps to install and configure Mirage Edge Server:
1. Install Mirage Server, Mirage Management Server, and Mirage Management Console. (Refer to the VMware Horizon Mirage Installation Guide.)
2. Prepare and import an SSL certificate for Mirage Edge Server.
3. Install and configure Mirage Edge Server.
4. Add Mirage Edge Server in the Mirage Management Console.
Prepare and Import an SSL Certificate for Mirage Edge Server
You can use either a public CA or an internal CA to sign your certificate. You can even use a self-signed certificate for test purposes. You can use any tool to create a certificate.
Note: If you use an internal CA-signed certificate or a self-signed certificate, make sure that you import the certificate to your Trusted Root Certification Authorities in the certificate manager.
Install and Configure Mirage Edge Server
1. Before installation of the Mirage Edge Server, open ports 8000, 1000, and 1001 in the firewall for both inbound and outbound traffic through the firewall to make sure that the Mirage Edge Server can reach the LDAP and Mirage Server. Follow these steps:
c. Click Protocol and Ports from the left pane, and select TCP for what the rule applies to.
2. Double-click MirageEdgeServer.buildnumber.msi Mirage Edge Server installation file and click Next to start the wizard. The buildnumber for Mirage 4.4 is 35175.
3. Click Next twice, through accepting the End-User License Agreement and providing the installation location.
Now you see the Mirage Edge Server Configuration window:
4. Enter the appropriate information. The field Token expiration time the time period after which remote end users are requested to log in to the Mirage Edge Server again, in hours.
Here are some errors you might run into after entering values in the Configuration window, and their resolutions:
- If the error reports “Invalid LDAP server configuration,” as in Figure 2, check your LDAP server IP address/FQDN and port.
- If the error says “Invalid Mirage Server address and port,” as in Figure 3, check your Mirage Server IP address/FQDN and port. Furthermore, make sure that the Mirage Server port (the default port is 8000) is opened in your server. It is closed by default.
- If the error reports “No certificate found,” as in Figure 4, refer to the section Prepare and Import an SSL Certificate for Mirage Edge Server.
5. If there are no further errors, you can follow the wizard to finish the installation.
Add Mirage Edge Server in the Mirage Management Console
After the installation completes, go to the Mirage Management Console to add the Mirage Edge Server.
1. In the Mirage Management Console, go to System Configuration > Edge Servers in the left pane and click the Add (+) button.
2. Enter the required information.
Mirage Client Installation and Troubleshooting on Remote Devices
Now that the administrator has Mirage Edge Server installed and configured successfully, it is time for remote end users to install the Mirage Client on their remote devices.
For installation of the Mirage Client, use the installation file MirageClient.x86.buildnumber.msi or MirageClient.x64.buildnumber.msi. During the installation of the Mirage Client, the check box Use SSL to connect to the server must be selected. Enter the fully qualified domain name instead of the IP address of the Mirage Edge Server in the Horizon Mirage Server location field, as shown in Figure 5.
Figure 5: Horizon Mirage Client Configuration
After the Mirage Client installation finishes, the client takes a few seconds to connect to the Mirage Edge Server. When the client connects to the Mirage Edge Server successfully, the status on the Mirage Client window looks like this:
If the client does not connect, here are some common problems you might have, and their solutions:
- Make sure that you have the proper CA certificate installed. If you are using an internal CA-signed or self-signed certificate, import it to Trusted Root Certification Authorities in the certificate manager.
- Press Ctrl+Alt+S from the Mirage Client window to expose the VMware Horizon Mirage Configuration Utility.
From the VMware Horizon Mirage Configuration Utility window, click the Service tab, and select Detailed Log > Open to open the log. If you see the following log entry, it is most likely that the fully qualified domain name of the Mirage Edge Server you provided during installation cannot be resolved. Check your DNS configurations.
If you find the following line in the log, it is probably that either the certificate on your client or the certificate on your Mirage Edge Server is invalid. Check the certificates on your device, and ask your administrator to check these on the Mirage Edge Server.
Centralizing Remote Endpoints
If you are a remote end user and have Mirage Client installed on an endpoint device that connects to the Mirage Edge Server successfully, here are the steps to centralize, or back up, your device.
1. After the Mirage Client connects to the Mirage Edge Server successfully, the Current Action of the Mirage Client changes to Pending Logon, and you are prompted to provide login credentials.
In case you close the login dialog box accidentally, you can open it from the contextual menu of the Mirage icon on the system tool bar.
Note: Because the endpoint connects to the Mirage Edge Server rather than to the Mirage Server, the Mirage Server is not aware of the existence of the endpoint, and the administrator cannot see the endpoint in Pending Devices in the Mirage Management Console before you log in. As a result, the centralization process can be started only after the user logs in to the Mirage Edge Server.
2. Upon providing correct login information, the Current Action of the Mirage Client changes to Pending Assignment. If Enable automatic CVD Creation is enabled in the Mirage Management Console, the device is assigned automatically, and centralization starts accordingly. If Enable automatic CVD Creation is disabled, you need your administrator to help you to complete assignment. Before that, the endpoint stays in Pending Assignment state.
We will write again in the future when we have further improvements and enhancements to report. You can provide feedback or send questions about Horizon Mirage Edge Server using the Leave a Reply feature at the bottom of this blog.
By Judy Wu, senior solution engineer for VMware End-User Computing (EUC), and Sheng Lu, staff engineer for VMware EUC