Creating the Connector Server
The following sections outline how to create the Connector servers on RHEL/Rocky Linux that are nescessary to run the Connector. It also outlines the environment conditions that must be met for a successful installation.
Minimum Requirements¶
The following section outlines the minimum requirements for installing the Connector on Rocky Linux and RHEL. You need an operating system with the following specifications:
- Operating System: Rocky Linux 8 or RHEL 8.
- Minimum 8 GB RAM
- 4 CPU
- 60 GB Storage
- If you are using LVM and /var is mounted on a separate volume, that volume must have 30 GB or more. This is to ensure that the installation process succeeds and CAS Manager can function at an optimum level.
Network Requirements¶
Once you have setup a dedicated Virtual Machine(VM) for the Connector, please ensure the following environment conditions are met:
- You must have access to the internet for an online installation. For Darksite installation see, Installing the Connector on RHEL/Rocky Linux- Darksite Installation
- The virtual machine must have ports TCP 443, and ports TCP/UDP 4172 enabled, Please check Firewall Load Balancing Considerations for additional port and firewall information.
- You must have console access to the virtual machine.
- The server must be able to resolve the AD domain.
- You must be able to access the server using SSH.
- You must have superuser (sudo) privileges on the server.
- The networking information of the server (including the IP address) must not change while the Connector is operational.
Firewall Configuration¶
Before you configure firewall, please ensure the following conditions are met:
- The Virtual Machine must have port TCP 443 and TCP/UDP 4172 enabled in its firewall rules
- Within virtual network in the VM, the Firewalld is configured properly for Anyware Connector to run within the Virtual Machine.
- You can confirm it by running the following command:
If the firewalld status is 'active', make sure you execute the following commands to configure firewall correctly. If the firewalld status is 'inactive' and your organization does not require firewall on the Anyware Connector VM, then please skip the step below.
sudo systemctl status firewalld
- You can confirm it by running the following command:
Commands to configure firewall:
sudo firewall-cmd --permanent --add-port=6443/tcp # virtual network flannel
sudo firewall-cmd --permanent --add-port=4172/tcp # PCoIP SG port
sudo firewall-cmd --permanent --add-port=4172/udp # PCoIP SG port
sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 # This subnet is for the pods
sudo firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 # This subnet is for the services
sudo firewall-cmd --reload
Enabling Connections over WAN¶
When the Connector server is accessed outside the domain, it should be configured for external access (this step is only required if you want to enable remote access to the workstations without requiring a VPN):
To enable external PCoIP connections:
- The remote server should have a public IP address. This can be done via bi-directional NAT mapping. During the installation, you should use the
--external-pcoip-ip
flag to set the IPv4 address for the Connector for external connections. - Determine whether you want to override the default IP range to differentiate the external and internal connections. By default the Connector identifies connection request from CIDR 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 as internal connections. Any source that does not match these is considered as an external connection. To override this, the
--external-client-cidr
flag should be executed. For example,--external-client-cidr 0.0.0.0/0
interprets all IP addresses as an external connection.
The benefit of differentiating internal and external connection is that the PCoIP sessions for internal connection will not be consuming the session bandwidth of the Connector. For information on the session establishment and session bandwidth limits when working with external connections, see Scaling and PCoIP Session Limits.
Verifying the Connector Server¶
To verify your Connector server network configuration, SSH into the machine and ping the domain and a remote workstation in the domain. You should get a positive response from both attempts:
ping <domain FQDN>
ping <remote workstation FQDN>
DNS and Name Resolution
You must ensure that you can resolve your AD domain and controller. For information on how to install and edit resolve.conf, and configure DNS name resolution, see Configuring DNS Name Resolution.