Creating the Connector Server
This sections outline how to create the Connector servers on RHEL/Rocky Linux and other system requirements that are required to install and run the Connector.
Minimum Requirements¶
The following section outlines the minimum requirements for installing the Connector on Rocky Linux and RHEL. You need an operating system with the following specifications:
- Operating System: RHEL/Rocky Linux 8.x.
- Minimum 4GB RAM.
- 4 CPU
- Minimum 30 GB Storage
- If you are using LVM and /var is mounted on a separate volume, that volume must have 30 GB or more. This is to ensure that the installation process succeeds and Anyware Connector can function at an optimum level.
Network Requirements¶
Once you have setup a dedicated Virtual Machine(VM) for the Connector, please ensure the following environment conditions are met:
- You must have access to the internet for an online installation. For Darksite installation see, Installing the Connector on RHEL/Rocky Linux- Darksite Installation
-
The virtual machine needs the following port configuration:
- Port 4172 configured for inbound/outbound TCP/UDP traffic
- Port 443 configured for outbound TCP traffic
- Port 443 configured for inbound TCP traffic if the connector will be accepting connections from PCoIP clients external to the network. For additional port and firewall information, see Firewall Load Balancing Considerations.
-
You must have console access to the virtual machine using SSH.
- The server must be able to resolve the AD domain.
- You must have superuser (sudo) privileges on the virtual machine.
- The networking configuration of the server (including the IP address) must not change while the Connector is operational.
Firewall Configuration¶
Before you configure firewall, please ensure the following conditions are met:
- The Virtual Machine must have port TCP 443 and TCP/UDP 4172 enabled in its firewall rules
- Within virtual network in the VM, the Firewalld is configured properly for Anyware Connector to run within the Virtual Machine.
- You can confirm it by running the following command:
If the firewalld status is 'active', make sure you execute the following commands to configure firewall correctly. If the firewalld status is 'inactive' and your organization does not require firewall on the Anyware Connector VM, then please skip the step below.
sudo systemctl status firewalld
- You can confirm it by running the following command:
Commands to configure firewall:
sudo firewall-cmd --permanent --add-port=6443/tcp # virtual network flannel
sudo firewall-cmd --permanent --add-port=4172/tcp # PCoIP SG port
sudo firewall-cmd --permanent --add-port=4172/udp # PCoIP SG port
sudo firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 # This subnet is for the pods
sudo firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 # This subnet is for the services
sudo firewall-cmd --reload
Disable Swap¶
Connector is built on K3s, and it's strongly recommended to disable swap on a Linux system to avoid memory issue in a production environment. It is recommended to disable swap on a Linux system to avoid memory issue.
You can do the following to disable swap:
- If this is a new install and you want to disable swap permanently on the Connector server:
- Edit the
/etc/fstab
file and add '#' in front of any line that contains the word 'swap'.
- Edit the
- If you have an existing Connector and is running into memory issue, run the following command to disable swap immediately. (This is not retained after a system reboot):
sudo swapoff -a
If Swap is required for any reason, it should be greater or equal to the size of the RAM. There is no guarantee that it works, so it is strongly recommended to disable it.
Enabling Connections over WAN¶
When the Connector server is accessed outside the domain, it should be configured for external access (this step is only required if you want to enable remote access to the workstations without requiring a VPN):
To enable external PCoIP connections:
- The remote server should have a public IP address. This can be done via bi-directional NAT mapping. During the installation, you should use the
--external-pcoip-ip
flag to set the IPv4 address for the Connector for external connections. - By default
--enable-security-gateway
is set to true forcing all sessions to go through security gateway to allow external users to connect to their workstations, if your environment consists of internal users, the Security Gateway can be disabled by passing--enable-security-gateway=false
.
Verifying the Connector Server¶
To verify your Connector server network configuration, SSH into the machine and ping the domain and a remote workstation in the domain. You should get a successful response from both attempts:
ping <domain FQDN>
ping <remote workstation FQDN>
DNS and Name Resolution
You must ensure that you can resolve your AD domain and controller. For information on how to install and edit resolve.conf, and configure DNS name resolution, see Configuring DNS Name Resolution.