Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP Open Service Event Manager (OSEM) Software

HP Session Allocation Manager (HP SAM) v.3.0

Summary of content (104 pages)

PAGE 1
Administrator's Guide HP Session Allocation Manager (HP SAM) v.3.
PAGE 2
© Copyright 2007–2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Microsoft and Windows are trademarks of Microsoft Corporation in the U.S. and other countries. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
PAGE 3
About This Book WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life. CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information. NOTE: ENWW Text set off in this manner provides important supplemental information.
PAGE 4
iv About This Book ENWW
PAGE 5
Table of contents 1 Introduction What's New in This Release ................................................................................................................ 2 Resource Reservations (AKA Access Restrictions) ............................................................ 2 Authenticate Before Allocation ............................................................................................. 3 Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar ........
PAGE 6
Change the Firewall ........................................................................................................... 24 Active Directory .................................................................................................................. 24 3 Installation Order of Installation ............................................................................................................................ 25 New Installation ................................................................
PAGE 7
System Settings Tab .......................................................................................................... 69 Reports Tab ....................................................................................................................... 73 Log Tab .............................................................................................................................. 76 Setting Up Smart Card Login on the Access Device ............................................................
PAGE 8
viii ENWW
PAGE 9
1 Introduction HP Remote Client Solutions are designed to support a variety of users’ needs, from the most basic computing tasks to more demanding professional and technical applications, while giving IT greater control over technology resources, simplifying desktop management, increasing agility and, in many cases, reducing total cost of ownership.
PAGE 10
What's New in This Release ● Resource Reservations (AKA Access Restrictions) on page 2 ● Authenticate Before Allocation on page 3 ● Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar on page 4 ● Support for RGS Senders Running on a Non-default Port on page 4 ● Logoff Scheduler on page 4 Resource Reservations (AKA Access Restrictions) This feature allows the administrator to restrict when and from where users may access resources.
PAGE 11
before 4PM to ensure the resources are free in time for the newly added reservation. A manual or scheduled synchronize operation has no effect on resource reservations. NOTE: This feature is only supported on resources running a Windows operating system. Refrain from using resources assigned to multiple roles while using this feature. This can cause the automatic logoff to not occur when the resource is needed for a reservation set on one of the resource’s other roles.
PAGE 12
Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar New functionality has been added to the HP SAM connection bar and can be accessed by right-clicking on a session’s status icon and choosing the following actions from the context menu: ● Switch To—brings the selected session window to the top ● Move—moves the session window around the local desktop ● Minimize—minimizes the session window to the taskbar ● Minimize All—minimizes all session windows to the taskbar for quick a
PAGE 13
Overview HP SAM enables automatic provisioning of remote computing resources to users. Figure 1-1 HP SAM Configuration HP SAM can be configured to enable a user to connect to the desktop session of a particular remote computing resource (identified by its IP address or hostname)—this is known as a static connection. In Figure 1-1 HP SAM Configuration on page 5, HP SAM has been configured to statically connect user Tom to blade PC 1 with an IP address of 15.2.76.100.
PAGE 14
How HP SAM Works 1. When a user on an access device (desktop, notebook, thin client) requests a desktop session, the HP SAM client sends a request to the HP SAM Web server. a. If configured, HP SAM supports server failover. If the HP SAM Web server does not respond, the HP SAM client goes down the list to the next HP SAM Web server. b. The HP SAM client sends the user name and domain information to the HP SAM server. 2.
PAGE 15
ENWW Overview 7
PAGE 16
HP SAM Software Components The following are the primary components of HP SAM. ● HP SAM Client—The HP SAM Client runs on the access device and displays the graphical interface employed by the user to request a connection from a client computer to a computing resource. When the user requests a connection, the HP SAM client communicates this request to the HP SAM Web Server for execution.
PAGE 17
Common Tasks Setting up HP SAM 1. Install HP SAM. See Installation on page 25. 2. Add users. a. Add new users. See Add New Users on page 61. b. Create administrative groups, assign users, and customize permissions. See Manage Administrative Permissions on page 56. 3. Create a policy. See Create or Update a Policy on page 68. 4. Create a role. See Manage Resource Roles on page 54. 5. Assign computing resources or roles to the users. See Manage Users on page 57.
PAGE 18
Setting up a User with Static (Dedicated) Resources Dedicated (static) resource assignment allows one or more specific computing resources to be assigned to a user and it allows one or more computing resources to be assigned as backup. Support for Static roaming allows users to work from other locations. The differing display configurations can be stacked on the client desktop to provide full access with fewer monitors.
PAGE 19
Configuring a Monitor Layout for a User HP SAM allows a user to connect to multiple computing resources, thereby creating simultaneous remote sessions. Resources can be made available either by static assignment to the user or by assignment to roles allocated to the user. Mapping a static user/display ID to computing resource(s) allows a specific combination of user ID and client ID to be mapped to a specific computing resource or a specific group of computing resources.
PAGE 20
Figure 1-5 Monitor Offset Configuration Example 12 Chapter 1 Introduction ENWW
PAGE 21
2 Requirements HP SAM Hardware and Software Requirements Architectural Considerations and Best Practices for Setting up an HP SAM Environment Server Sizing In general, the HP SAM Server can handle a theoretical maximum user and resource population of 40,000. ● This is based on the assumption that no more than 1% of users will attempt to connect within the same 30-second window.
PAGE 22
SQL Database Considerations The HP SAM SQL database can be installed on the same server as the HP SAM Web Server to keep from buying another hardware platform and another Server OS license, however HP recommends separating them onto two different servers for the following reasons: ● Recovery times from hardware failures will be faster. ● As deployments grow in size and number of locations, there will likely be multiple HP SAM Web Servers but only one centralized HP SAM SQL database.
PAGE 23
To optimize the HP SAM database performance, a database administrator should do two things: ● Develop a SQL maintenance plan. This includes backing up HP SAM database and truncating orphaned transaction logs in the LDF file. When backing up, the orphaned transactions are truncated, but the size of the LDF file is not reduced. The database administrator can shrink the LDF file as far as the 100MB default, if desired.
PAGE 24
Multiple SQL Databases Typically, one SQL database should be shared between all HP SAM servers. Only in some situations does it make sense to use more than one distinct SQL database: ● When customers can keep user and resource populations in entirely separate support arenas and users do not need to migrate between them. ● When user populations go beyond 40,000. ● When large user populations log on and off extremely frequently, because this will impact performance for everyone on that SQL database.
PAGE 25
One of the following operating systems must be installed: ● Windows Server 2003 R2, Standard Edition, with Service Pack 2 ● Windows Server 2003 R2, Enterprise Edition, with Service Pack 2 ● Windows Server 2003 R2, Web Edition, with Service Pack 2 ● Windows Server 2008, Standard Edition ● Windows Server 2008, Enterprise Edition ● Windows Server 2008, Web Edition NOTE: A 64-bit operating system is not supported on the HP SAM Server. You must install Microsoft .NET Framework Version 2.
PAGE 26
18 Chapter 2 Requirements ENWW
PAGE 27
ENWW HP SAM Hardware and Software Requirements 19
PAGE 28
20 Chapter 2 Requirements ENWW
PAGE 29
HP SAM SQL Database Server Software Requirements Minimum: One of the following must be installed: ● Microsoft SQL Server 2005 Enterprise, Standard, or Express Edition, with Service Pack 1 or Service Pack 2 ● Microsoft SQL Server 2008 Standard or Enterprise Edition HP recommends using Microsoft SQL Server 2005 or 2008 Standard or Enterprise Edition.
PAGE 30
Access Device Requirements The following sections provide information about the requirements for access devices.
PAGE 31
Install and enable one of the following operating systems: ● Windows XP Professional, 32-bit or 64-bit, with Service Pack 2 or 3 NOTE: The HP SAM Client is unable to connect from access devices running Windows XP 64bit using the preinstalled version of RDP. This is due to the location (\windows\system32) of the preinstalled RDP protocol files. In order to connect via RDP from an access device running Windows XP 64-bit, you need to install RDP 6 into a folder other than \windows.
PAGE 32
Other requirements Create a Service Account The HP SAM Web server must run under a domain user account in which it can execute the HP SAM services on the local server. ● Create the account prior to installation of the HP SAM server application. ● Change this account name and password as infrequently as possible to minimize interruptions to HP SAM. ● Add the account to the local server administrator group on all HP SAM Web servers.
PAGE 33
3 Installation Order of Installation New Installation For new setup, the recommended order of installation is: 1. Install the HP SAM Web Server and SQL Software on page 27 2. Install and Validate the HP SAM Registration Service Software on page 29 3. Install and Validate the HP SAM Client Software on page 33 4. Deploy the HP SAM Registration Service to All HP SAM Computing Resources on page 49 5.
PAGE 34
Truncate Table Auditlog Truncate Table History d. Click Execute. You should see Command(s) completed successfully In the messages section. 2. 3. Shrink the database: a. Open SQL Server Management Studio and expand the Databases folder. b. Right-click on SAM database, and select Tasks > Shrink > Files. c. In the File type list, select Data. d. In the Shrink action section, select Reorganize pages before releasing unused space. e. Set the Shrink file size to the default 100MB. f. Click OK.
PAGE 35
Install the HP SAM Web Server and SQL Software The installation package installs the HP SAM server application and/or HP SAM database (HP SAM-xx ##.EXE where xx is the language code, and ## is the version of the software you want to install. Language codes include: EN for English, JP for Japanese, FR for French, DE for German, KO for Korean, ZH-CN for Simplified Chinese). You must install both the Web server and the SQL components during the installation.
PAGE 36
CAUTION: Do not clear HP SAM Web Site from this list when you perform an upgrade if you want to keep the HP SAM Web site and the SQL database installed on the same server. Clearing the HP SAM Web Site will remove the HP SAM Web Site from the server. 6. Leave the default installation folder as is or click the Browse button to change it. Click Next to continue. 7. Type the SQL server name and either the NT authentication or the SQL authentication User Name, and Password.
PAGE 37
- From Web server (UDP/47777) to blades (UDP/47777—Custom) ● SQL Server (only if not running on the same machine as the Web server) ◦ Incoming: From Web server (TCP/ANY) to SQL_Server (TCP/1433) ◦ Outgoing: None 15. On an HP SAM server, ASP.NET 2.0 is required. If other versions are installed as well, check the Properties of the HP SAM Web site. Click the ASP.NET tab, and then select ASP.NET version 2.0.
PAGE 38
Install the HP SAM Registration Service ● ● Log in to the blade PC using an account with local administrative rights, and then run the bladeservice_xx##.MSI file (## is the software version). Replace xx with ◦ EN = English ◦ JA = Japanese ◦ FR = French ◦ DE = German ◦ KO = Korean ◦ ZH-CN = Simplified Chinese For Red Hat Linux, extract the HP SAM Linux Registration Service tar.gz package onto the system by executing this command: tar xzvf . Next, run ./install.
PAGE 39
Create the HP SAM Registration Service Configuration File The HP SAM registration service configuration file is a simple text file named hpevent.cfg. The HP SAM registration service tries to locate the configuration file in the order of locations listed below.
PAGE 40
To modify the server line, change just the server1.yourdomain string to the appropriate server name (use Web server DNS name or static IP address). For example: ● HP SAMservername ● 10.1.2.3 [RolesList] NOTE: Assigning roles in the .CFG file is optional. The usual method of assigning roles is via the configuration file because this method self-registers the role. If no roles are specified in the .CFG file, roles may be configured using the HP SAM Web Admin console.
PAGE 41
Start/Restart the HP SAM Registration Service You can start or stop the service from the services applet (Control Panel > Administrative Tools > Services) or from the command line. ● Under the services applet, the service displays as HP SAM Registration Service. ● Additionally, you can start or stop the service from the command line using the syntax: C:> net start daesvc and C:> net stop daesvc You can also start or stop the service using tools such as HP Rapid Deployment Pack.
PAGE 42
NOTE: The Linux-based Client does not support versions of rdesktop previous to version 1.3.1. There are differences in features between the various HP SAM clients.
PAGE 43
NOTE: HP recommends that you add the HP SAM Web server to the Trusted Sites list. On the access device, open Internet Explorer and go to Tools > Internet Options > Security tab. If a firewall is installed, you need to make appropriate changes to allow the HP SAM server client through. For example, if HP Sygate Security Agent is installed, add a rule to allow port 3389 for application IEXPLORE.EXE. To use the Web Client on an access device running Windows XP, 64-bit, you must use Internet Explorer, 32-bit.
PAGE 44
Customization Steps (Recommended) 1. Start up the HP SAM client. 2. Type the HP SAM Web server name. 3. Click the Options button. 4. Change appropriate connection settings. 5. Click the Save Settings button. 6. Save the config file (hprdc.sam) to the default location, if possible (this may be locked down on some thin clients). When you launch the HP SAM client, your saved settings will take effect. Additional settings can be set by manually editing the .SAM files (configuration files). 1.
PAGE 45
5. Change appropriate connection settings. 6. Click the Save Settings button. Click OK in the message confirming that the settings were saved. 7. Select \etc. 8. Click Save. 9. Click the Connect button to connect 10. If the HP SAM client is closed, it should start automatically. If it does not start, right-click and select Remote Graphics. Additional settings can be set by manually editing the .SAM files (configuration files). 1. The HP SAM connection client searches first for the user-specific .
PAGE 46
Red Hat Enterprise Linux (RHEL) Client To install the HP SAM Linux Client on a system running RHEL version 4 or 5: 1. Log in to the access device using an account with root permissions. 2. Extract the Linux Client tar.gz package onto the system by executing the following terminal command: tar xzvf . 3. Run the install script by executing: ./install.sh. 4. After the software is installed, verify the program has been installed into /opt/hpsam. Customization Steps (Recommended) 1.
PAGE 47
● DefaultPolicy—string value. This is the policy that should be selected by default in the client’s Load Predefined Settings list on the Other tab of the Options section. It is not related to HP SAM policies set in the HP SAM Web Administrator console. ● Autodial—integer value, 0 or 1. If value is set to 1, the program automatically tries to connect on startup, without waiting for the user to type login information. Default value is 0. ● DefaultUsername—string value.
PAGE 48
40 ● ConnectionBar.EnableDisconnectInstance—integer value, 0 or 1. When set to 1, enables the Disconnect button on the connection bar for each session. The default value is 1. ● ConnectionBar.EnableContextMenu—integer value, 0 or 1. When set to 1, a context menu appears when right-clicking on a session's status icon on the connection bar. This menu allows the user to switch to the selected session, move the selected session, minimize the selected session, or minimize all currently connected sessions.
PAGE 49
NOTE: The options to logoff or reboot from the connection bar are disabled by default in the Global policy. The following requirements must be met for Logoff and Restart: —A certificate from the domain certificate authority must be installed on the HP SAM Web site to allow usernames and passwords to be transmitted to the server. —The HP SAM service account must have local administrator privileges on the resource to be granted permissions to reboot or logoff a user from the blade. ● ConnectionBar.
PAGE 50
● SmartCardUidOid—string value. The OID associated with the entered SmartCardUidType. Not all Types require an OID. An entry is required is SmartCardUidType=8. Default is blank. ● SmartCardAutoDisconnect—integer value, 0 or 1. If set to 1, automatically disconnect the session when the smart card is removed. Note that Active Directory policy settings may affect the actual behavior of this property. Active Directory options include leave as is, password lock, and log off.
PAGE 51
NOTE: The UILanguage specified must either be the same language as the HP SAM client application that you have installed or English. If you installed the English HP SAM client application, do not change the value to any other language. To minimize disk space, the English HP SAM client application does not contain any other HP SAM client language DLL. ● EnableServer—integer value, 0 or 1. If set to 1, the HP SAM Server box on the main application dialog is visible. If set to 0, the field is not displayed.
PAGE 52
Policy Entries You can set policy entries by manually editing the .SAM file. These settings must be located in a policy section of the .SAM file, for example, [Local Area Network] or [saved settings]. These values only specify the default settings in the UI. Values changed by the User in the UI will take effect. 44 ● Protocol—integer value, 0, 1, or 3. Specify which protocol to use for connection. RDP is 1, RGS is 3. A value of 0 (automatic) uses autodetected settings, with a preference of RGS over RDP.
PAGE 53
ENWW ● Animation—0 or 1. If 1, menu animation is shown in the session. This value is only supported for RDP connections. Default is 1. ● Caching—0 or 1. If 1, RDP bitmap caching is enabled. This value is only supported for RDP connections. Default is 0. ● AutoReconnect—0 or 1. If 1, RDP reconnection is enabled. Not recommended for an HP SAM solution. This value is only supported for RDP connections. Default is 0. ● MapDrives—0 or 1. If 1, local drives are made available to the remote session.
PAGE 54
● ComposedUI—integer value, 0 or 1. When set to 1, support for Vista Aero interface is enabled (Desktop Composition). This requires RDP6 and is ignored for RDP5 and RGS. Additionally, various hardware and operating system requirements must be met before the Vista Aero interface can be shown. Set to 0 to disable. Default is 1. ● Autosize—integer value, 0 or 1. When set to 1, an RDP session is automatically resized to fit when its containing window is resized.
PAGE 55
Global and Local Client Configuration Files This feature allows administrators to 'lock down' certain options, while allowing other options to be altered by users. There are three levels of files: ● Global: hprdc_admin.sam ● Local: hprdc_accessdevice.sam ● Personal: hprdc.sam The order of precedence is: ● Personal file is read first. ◦ XPe: Anywhere on file system (double-click hprdc.
PAGE 56
/opt/hpsam/hprdc_admin.sam Legal Banner This allows a legal disclaimer to be displayed before logon. Name the file disclaimer. and copy the file into the appropriate directory (create the folder, if necessary). The following are the default paths: ● ● Access Device Client: Installing the legal banner on an access device causes the banner to be displayed on that access device only. Name the file disclaimer.
PAGE 57
ja_JP.UTF-8 Japanese ko_KR.UTF-8 Korean nb_NO.UTF-8 Norwegian -- Norsk pt_PT.UTF-8 Portuguese -- Português pt_BR.UTF-8 Portuguese-Brazil -- Português do Brasil es_ES.UTF-8 Spanish -- Español es_MX.UTF-8 Spanish, Latin America -- América Latina sv_SE.UTF-8 Swedish -- Svenska de_CH.UTF-8 Swiss-German -- Deutsch (Schweiz) tr_TR.
PAGE 58
NOTE: Use the Web Client Controls installer found in the HP SAM SoftPaq so that you do not need to download and install any controls automatically via the browser. This is useful when the access device is locked down to the point where the user is not allowed to install ActiveX controls automatically from the browser. Various methods can be used to deploy the Windows XPe-based HP SAM client to the access devices. Following are two examples.
PAGE 59
4 Administration Log In In the Internet Explorer address bar, enter in the HP SAM Web server name with “/manage” added to the URL (for example, http://HP SAMservername/manage). Use “https:” if the Web Administrator console has been set to require SSL. If SSL is configured and a certificate-related security pop-up message is displayed, click Yes. Once you get to the log-in page, enter username, password, and click the Sign In button. You have two ways to enter in your username.
PAGE 60
Managing the HP SAM Administrator Access List The Domain Administrator, Domain Users in the Administrators group on the domain controller, and Domain Users in the HP SAM server Local Administrator Group are automatically members of the HP SAM Administrator Group. To add another user to the HP SAM Administrator group, see To Assign Attributes on page 57. Add Individual Users to the HP SAM Administrator Group If you are adding only a few users, add the names directly to the HP SAM Administrator group. 1.
PAGE 61
c. Search for groups by entering characters in the search field. Results are shown as you type. You can highlight one group and use the View button to see the users who are direct members of the group. d. Click Add to add highlighted groups into the list. e. Select the groups in the list that you want to add into HP SAM. f. Click Save. NOTE: After you have clicked Save, you can set SG or OU attributes, including Administrator Group.
PAGE 62
HP SAM Administrator Console Tabs Home Tab When you log in to HP SAM, the Home tab page is the default. HP SAM shows a snapshot of current resource status grouped by roles, as a convenience to the administrator. Users and Roles Tab The Users and Roles tab facilitates the management of roles and user access list. Manage Resource Roles All roles, as created by computing resources when they self-registered or created with the Create button, are shown. ● Role column: A list of all roles.
PAGE 63
● Public column: ◦ If selected, the role is available for all users in Active Directory. ◦ If not selected, then the role is only available to user(s) in that particular role access list. ◦ To change the setting, click the link for the role, select or clear the check box in the dialog box, and then click Save. ● Access Restriction column: Shows a summary of the resource reservations that have been added to the role. ● Create button: Click to create a new role that you can assign to resources.
PAGE 64
Manage Administrative Permissions NOTE: You must have full HP SAM Administrator permissions to: —Create, modify, or delete an Administrator group. —Assign users to an Administrator group. The following have this permission: —HP SAM Server administrators —Domain administrators —Domain users assigned to “Administrator” Administrator group in HP SAM Use this window to customize permissions for differing levels of administrator access.
PAGE 65
Manage Users By default, the search shows all users, security groups, and OUs. ● Search For: Organizations (OU), Security Groups, Users—Select in which group or groups you want to perform the search ● Filter Options: You can narrow the list of users shown by using the filter options. The filter option is based on “AND” combinations, so the more boxes you enter, the narrower the list of users shown. ◦ Name—Type the name to search for. ◦ Role—Select the role to search within.
PAGE 66
8. Double-click roles or use the arrows between the Available and Selected boxes to move the roles. Place all roles you want to assign to the selected user in the Selected box. 9. Click Save to save your changes. To Assign Resources This option allows you to assign a specific resource (such as a blade PC) to a user. You can also assign a backup to a dedicated resource, as well as assign a user-friendly name to the resource.
PAGE 67
The default friendly name is the resource host name. 8. If you want to assign a backup for the dedicated resource, in the Backup column, click either Role or Resource for the user. To select a role: ▲ Select a role to assign as a backup for the user, and then click Save. To select a resource: 9. a. Type the IP address or host name of the backup resource, and then click Search. b. Select the resource to act as the backup, and then click Save.
PAGE 68
To Assign Resources Automatically from Role 1. Click Manage users. 2. Search for user(s). 3. Select the check box next to the appropriate name(s). NOTE: Multiple users may be selected. 4. Select Assign Resources from the Operation list and click Go. 5. Select Assign Resources from Role. 6. Select the role from the list. 7. Click Continue. NOTE: A message will be displayed if the role does not have enough resources.
PAGE 69
3. Click the link in the Monitor Layout ID column. 4. Type the new resolution width and height, the horizontal and vertical offset, common policy, and USB default. 5. Click Save. To Delete a Monitor Layout ID for the User 1. Select the check box next to the appropriate name. 2. From the Operation list, select Assign Monitor Layouts, and then click the Go button to open the Monitor Layouts for window, which shows the monitor layouts, if any, assigned to the selected user. 3.
PAGE 70
NOTE: Results are shown as you type. 5. Click Add to add highlighted users to the list. 6. Select the users in the list that you want to add into HP SAM. 7. Click Save. To Grant Access to Security Groups or Organization Units To add many users, leverage Active Directory services by adding the user names in Active Directory under a security group or organization unit. Then add the security group or organization unit directly to the HP SAM role access list.
PAGE 71
● In-Use—Show resources that have users actively connected. ● Offline—Show resources that are not available for allocation because the registration service is not responding (service is not working properly, the hardware was powered off, etc.). Auto Refresh Feature After performing a search and displaying a list of resources, the following features are available. Auto Refresh (seconds)—This feature allows the Resource tab Web page to automatically refresh.
PAGE 72
● Synchronize—Send a request directly to the resource for it to send back its current status. In normal situations, this is not needed, since the registration service sends back its status whenever there is a change in status (power on, power off, user log-in, user disconnect, and user log-off). This is useful in situations where the network was temporarily interrupted between the resource and HP SAM server in order to get the current status of the resource.
PAGE 73
To Delete an Access Device NOTE: You cannot delete an access device while it is in use. 1. Type one or more parameters and click Search, or click Search to find all registered access devices. 2. Select the check box next to the appropriate access device or devices. 3. Click Delete and OK. Manage Monitor Layout This allows you to create a new layout or to modify or delete an existing layout. To Create a Monitor Layout 1. Click Create. 2. Type the monitor layout ID. 3.
PAGE 74
To Create a Data Center 1. Click Create. 2. Type the data center name and enclosure password. 3. Click Save. To Change a Data Center 1. Click on a link in the Data Center column. 2. Change the Data Center name and/or password. 3. Click Save. To Add Enclosures into a Data Center 1. Select the check box for the appropriate data center. 2. Choose View Enclosures from the Operation list and click Go. 3. Click Add. 4. Enter search terms (optional) then click Search. 5.
PAGE 75
The HP SAM hierarchical policy has 5 levels: ● Global ● Role ● OU (organizational unit) ● Security Group ● User Policy settings assigned to User override policy settings assigned to a Security Group, and so forth up the list. Steps: 1. Create or update the policy in the Policies tab. To update an existing policy, click the policy name hyperlink. 2.
PAGE 76
Table 4-1 Effective Hierarchical Policy Example (continued) Parameter Global Role OU SG1 SG2 User Effective 3 ON OFF ON OFF ON Not Assigned OFF P6 1 The order of policy assignment is User (highest) > Security Group > OU > Role > Global Policy (lowest). Individual parameters assigned at the User level override parameters set at the Group level, and so forth.
PAGE 77
System Settings Tab This tab allows the administrator to set how the HP SAM server behaves. General This page allows the administrator to define the settings for the entire system. Make the appropriate change(s) and click Save to apply. ● New Role Settings—When a new role is created (computing resource self-registers with a role that is brand new to the system), the flags are set accordingly based on the value assigned.
PAGE 78
● ● Multi-Session Autoconnection—When enabled, allows the system to autoconnect users to all resources of the chosen type which are assigned to the user when user is on an access device without a monitor layout ID assigned. Select one or more: ◦ Dedicated Resources ◦ Roles with Public Enabled ◦ Roles with Public Disabled Client-Resource Network—When the access device connects to the computing resource, you can specify which method it uses.
PAGE 79
● Banner text—Select the language and type the appropriate message in the box to change the customizable message that is displayed to the user on the HP SAM Web client page. ● Smart Card ◦ Smart card login—Select the value for the type of login you want. - Disallowed—Select to disable logging in using a smart card. Only the traditional log in information fields are displayed. - Optional—Select to make optional the use of a smart card to login. All log-in fields are displayed.
PAGE 80
Auto Schedules NOTE: These schedules can now be found on the Auto-Schedules page instead of the top menu. Resource Synchronization Scheduler To schedule when to run the synchronize operation task to capture any resources that are offline, set the timer as instructed below and click Create or Update. In general, you do not need to do this if the resources are running under normal operation.
PAGE 81
—Type the file path where you want to store the CSV file. Logoff User from Resource Scheduler To schedule when the system will forcibly log off users from their resources, set the timer as instructed below and click Create or Update. ● Auto-Schedule Event—To turn it on, check the Enabled box. ● Scheduled Start Date—Select the date when the event is to start. ● Scheduled Time—Select the time when the logoff operation is to run. Check as many as appropriate.
PAGE 82
Resource Capacity Consumption Report Select the filter options and display options, and click the Generate Report button. Filters ● Time Frame (From/To)—Narrow the data to show the time period you are interested in ● Role Enabled—Narrow the data to all roles that are enabled only (Yes), disabled only (No), or ignore this flag by selecting Both. ● Role Public—Narrow the data to all roles that have no user access list restriction (Yes), restricted access role (No), or ignore this flag by selecting Both.
PAGE 83
Filters ● Time Frame (From/To)—Narrow the data shown to the time period you are interested in ● Role Enabled—Narrow the data to all roles that are enabled only (Yes), disabled only (No), or ignore this flag by selecting both. ● Role Public—Narrow the data to all roles that have no user access list restriction (Yes), restricted access role (No), or ignore this flag by selecting both. ● Roles—See data for the selected roles only.
PAGE 84
Resource Utilization Report Select the filter options and display options, and click the Generate Report button. Filters ● Total Resources—Physical count is based on unique physical resource (i.e., primary role only). Logical count produces higher numbers because a computing resource is counted multiple times if it was assigned to multiple roles. ● Role Enabled—Narrow the data to all roles that are enabled only (Yes), disabled only (No), or ignore this flag by selecting both.
PAGE 85
● Description—Search for incidents with the Description box containing the text entered. ● Time Frame—Narrow data to the dates entered. ● Asset Groups—Narrow data to asset groups selected. You have four operations you can perform: ● Save selected ● Save entire log ● Delete selected ● Delete entire log Setting Up Smart Card Login on the Access Device NOTE: RGS 5.1.3 or later is required when logging in using RGS with smart cards. Smart Card login does not work if RGS Single Sign-on is enabled.
PAGE 86
7. If you want the system to automatically launch the HP SAM client when a users inserts a smart card, see steps a and b. (NOTE: Step a is the default setting.) a. For the Windows XPe-based client (default setting), edit the ‘scwatch.cfg’ file with the following: [scwatch] Action=c:\Program Files\Hewlett-Packard\HP Session Allocation Client\hprdcw32.exe ActionDir=c:\Program Files\Hewlett-Packard\HP Session Allocation Client\ — or — b. For the Internet Explorer-based client, edit the ‘scwatch.
PAGE 87
Configuring Session Time Limits for Remote Sessions HP CCI Session Timers allow administrators to control automatic disconnection or logoff of remote sessions after specified periods of time. The integrated session timers have the ability to control RGS sessions as well as RDP sessions. You can configure time periods for Active Sessions, Active But Idle Sessions, and Disconnected Sessions and you can further configure CPU monitoring for Active But Idle and Disconnected Sessions.
PAGE 88
Once this administrative template has been imported into the Group Policy Management utility on the domain controller, three new policies will be available: ● Emulate Terminal Services Session Time Limits—This policy controls whether or not to have the HP session timer utilities emulate the Microsoft session timer group policies. This is useful for resources running Windows XP Pro with Service Pack 2 or earlier.
PAGE 89
A Firewall Rules This appendix lists the rules needed for communication between the various components. The values in parenthesis represent ports, with ANY meaning any ports on that component.
PAGE 90
Resources ● Incoming: ◦ From Web server (UDP/47777) to resources (UDP/47777—custom) ◦ From Web server (TCP/ANY) to resources (TCP/139—RPC) ◦ From clients (TCP/ANY) to resources (TCP/3389—RDP) ◦ From clients (TCP/ANY) to resources (TCP/42966)—RGS) NOTE: The default RGS port is TCP/42966; however, RGS 5.3 and later allows this to be changed. Please see the RGS documentation for details.
PAGE 91
B Frequently Asked Questions Question Answer Why do some users on the HP SAM client have to select a role Users who are in more than one role must select the role to or resource to connect and others do not. connect. Those users who are in only one role do not see this screen. A user assigned a single dedicated resource does not have to select a role. Also, when Monitor Layout IDs or MultiSession Autoconnections or Resource Reservations are used, the user is not prompted for a role or resource.
PAGE 92
84 Question Answer How do I enable HP Sygate Security Agent on the Windows XP Embedded-based thin client for the HP SAM client(s)? Go to HP Sygate Security Agent advance rules and create a new rule for HP SAM. Add IEXPLORE.EXE and/or hprdcw32.exe to the Application tab. On the Ports and Protocol tab, set protocol to TCP and type 80,443,3389,42966 on the remote port line if you want both clients to work. Otherwise, make sure port 3389 is set for IEXPLORE.
PAGE 93
Question Answer How can I change both the HP SAM Web server http and https ports to some other value beside the default 80 and 443? After changing the desired value (TCP and/or SSL ports) in Internet Information Services (IIS) Manager, modify the CONNECTION.CONFIG file located on the HP SAM Web server in root of the HP SAM installation directory (usually c: \Program Files\Hewlett-Packard\HP SAM). Use Notepad to edit the file.
PAGE 94
Question Answer Can I use double-byte numbers in the user name? No. HP SAM only supports single-byte numbers. I get warning messages when I am operating in a double-byte character set (DBCS) Asian language on the HP SAM administrator console and I input numeric values in System Settings tab. HP SAM administrator console accepts only single-byte numbers as a value.
PAGE 95
C Registration Service Error Codes The following is a list of possible errors which the registration service writes to the event log file on the computing resource. If you encounter a critical issue on the blade, note the error code and communicate it to the support team. BC0001—Internal error accessing WMI. Contact your HP SAM support team. BC0002—Internal error accessing WMI. Contact your HP SAM support team. BC0003—Internal error failed to spawn threads, usually due to low memory.
PAGE 96
BC0018—Internal program error. Contact your HP SAM support team. BC0020—Memory allocation error. Close other applications or increase memory. BC0021—Memory allocation error. Close other applications or increase memory. BC0022—Memory allocation error. Close other applications or increase memory. BC0023—Internal error. Contact your HP SAM support team. BC0024—Internal error. Contact your HP SAM support team. BC0025—Internal error. Contact your HP SAM support team.
PAGE 97
BC0047—Failed to read Win32_NetworkAdapterConfiguration WMI class. Contact your HP SAM support team. BC0048—Failed to query a specific WMI property. Contact your HP SAM support team. BC0049—Failed to register a WMI event. Contact your HP SAM support team. BC0050—Problem accessing WMI, possibly related to missing QFE documented in MS KB 828653. BC0100—Failed to setup timer. Internal error, possibly due to low memory conditions. Close other applications or increase memory.
PAGE 98
D Glossary Access Device—A device such as a thin client used to access HP SAM to connect to computing resources. Active Directory—A Microsoft Windows directory service that stores an enterprise’s information and settings in a central, organized, accessible database. Active Directory allows administrators to assign policies, deploy programs, and apply critical updates to an entire organization.
PAGE 99
OU—Organizational Unit Policy—The policy defines settings to be forced upon users from the HP SAM server. It controls the appearance of the desktop, taskbar, command access, sound availability, etc. There are five levels of policy: Global, Role, OU, SG, User (User settings override SG, and so forth). Public—A public role is one that is accessible to all users in Active Directory.
PAGE 100
Index A access device adding manually 64 changing 64 deleting 65 requirements 22 access devices, managing 11 access list 52 access restrictions 2 account, service 24 Active Directory 24, 71 ActiveX controls 35 adding access device, manually 64 enclosures into data centers 66 monitor layout 65 organization units to the Administrator role 52 security groups to Administrator role 52 users 9 users to Administrator group 52 Administrative permissions 9 rights required to install 24 Administrator access list 52
PAGE 101
ConnectionBar.Enable 39 ConnectionBar.EnableAddNe w 39 ConnectionBar.EnableCloseAl l 39 ConnectionBar.EnableContextMen u 40 ConnectionBar.EnableDisconnectI nstance 40 ConnectionBar.EnableReconnectA ll 39 ConnectionBar.EnableSave 40 ConnectionBar.FollowMouse 39 ConnectionBar.HideTimingFacto r 40 ConnectionBar.Location 39 ConnectionBar.SessionWindow.En ableIdentify 40 ConnectionBar.ShowDelay 40 ConnectionBar.ShowHardReboo t 41 ConnectionBar.ShowLogoff 40 ConnectionBar.ShowOnDisconnec t 40 ConnectionBar.
PAGE 102
datagram communication port, changing value 85 features 4 installing 9 overview 6 registration service requirements 21 setting up 9 SQL database hardware requirements 17 SQL database software requirements 21 Web server hardware requirements 16 Web server software requirements 16 HP Sygate Security Agent, enabling 84 HP ThinPro GT client 36 http default port value, changing 85 https default port value, changing 85 I ImageQuality 44 installation error 83 new 25 order 25 upgrade 25 installing Administrative ri
PAGE 103
R RDC settings, not working 83 RDP 5, 6 reconnect after network glitch 83 recovery, HP SAM database 84 Referral Search box 71 regionalization of datacenters 15 registration service configuration file 29 configuration file name 31 deploying to all blades 25 error codes 87 hardware requirements 21 installation error 83 installing 29 software requirements 21 software, installing 25 software, validating 25 starting 29 testing 29 Remote Desktop Protocol 5, 6 Remote Graphics Software 5, 6, 8 removing access devic
PAGE 104
support for RGS senders running on a non-default port 2 System Settings tab 29 T tabs Administrator Console 54 Home 54 Log 76 Policies 66 Reports 73 Resources 62 System Settings 29 Users and Roles 29 template user, assigning resources from 59 testing registration service 29 Themes 44 thin client hardware requirements 22 software requirements 22 thin client, mobile hardware requirements 22 software requirements 22 Titlebar Text 42 W Wallpaper 44 Web client 70 Web server firewall rules 81 hardware requiremen