HP Anyware Manager 23.08¶
Anyware Manager is a HP management plane enabling users to configure, manage and monitor brokering of remote workstations. Anyware Manager enables highly-scalable and cost-effective Anyware Software deployments by managing cloud compute costs by brokering PCoIP connections to remote workstations, see Anyware Software for supported hosts.
Anyware Manager is offered in 2 variants – as an HP managed Service, and as an installable instance deployed and managed by the users in their on-premises or cloud environments.
This document covers the installable instance variant of Anyware Manager.
For information on Anyware Manager as a Service, see Anyware Manager as a Service.
Where Do I Begin?¶
Anyware Manager is a collection of microservices, and each microservice operates from its own docker container. These container images are deployed on a local lightweight Kubernetes (k3s) cluster, on a virtual machine. This cluster is set up on the virtual machine as part of the installation.
Before you begin installing Anyware Manager, it is important to understand what other components are required to enable end to end brokering:
HP Components:
- HP Anyware Connector
- HP PCoIP Registration Key
- HP PCoIP Client
- HP PCoIP Agent
Third-party Components:
-
MongoDB
- Internal: MongoDB
- External: MongoDB compatible provider
-
Vault
- Internal: Hashicorp Vault
- External: Azure Key Vault
MongoDB is the data store that hosts all Anyware Manager information, configurations and settings.
Hashicorp Vault is the secret storage where Anyware Manager can store and encrypt all the secrets and keys.
Azure Key Vault is the cloud service from Microsoft that enables the secure storage of, and access to, secrets.
Anyware Connector is an access hub that facilitates PCoIP connections to remote desktops and workstations by providing user authentication, entitlement and security gateway services. Later in this document it will be referred to as the "Connector". It is installed on a separate VM that resides in your environment. Based on your requirements, you may need more than a single Connector. Please ensure you have read all the installation guidelines and prerequisites in the Connector section.
Where Do I Install Anyware Manager?¶
The following architectural diagrams depict where Anyware Manager can be installed in multiple infrastructures – be it the Public Cloud, On-Premises or a Hybrid deployemnt.
Please pay close attention to the number of Connectors required based on your setup, and the ports you may need to configure to allow PCoIP traffic (pre-session and in-session). These ports are outlined in the Ports and Connections table.
Public Cloud Deployment
The following diagram illustrates a public cloud deployment with Anyware Manager.
Hybrid Deployment
The following diagram illustrates a hybrid deployment where Anyware Manager is deployed in the Public Cloud.
On-Premises Deployment
The following diagram illustrates an on-premises deployment with Anyware Manager.
Ports and Connections¶
Anyware Manager requires certain ports to be open to enable connections between the other components such as Connector, MongoDB, Vault etc. For detailed breakdown of the ports and connection descriptions for Connector, see Firewall and Load Balancing Considerations.
The following table outlines the required ports and connections for Anyware Manager:
Component | Allow | Port/Protocol | Source/Destination Component | Description |
---|---|---|---|---|
Anyware Manager | Inbound | 443/TCP | From administrative web browsers, HTTP request clients and Connector. | To enable access to Anyware Manager. |
Anyware Manager | Outbound | 443/TCP | To the public license server. | Validates the CAS registration code. |
Anyware Manager | Outbound | 8200/TCP | To external Vault. | Stores Anyware Manager secrets. |
Anyware Manager | Outbound | 27017/TCP | To external MongoDB. | Stores Anyware Manager data. |
Anyware Manager | Outbound | 636/TCP | To Domain Controller. | Authenticates users to Anyware Manager. |
Anyware Manager | Outbound | 53/UDP | To DNS. | Domain name resolution. |
What Deployment Topology Can I Use?¶
In terms of deployment topologies and scenarios, Anyware Manager is flexible and can be deployed in a single host, or with multiple hosts, depending on your organization's network environment and operational requirements. The possible deployment topologies are outlined below. Connector(s) are not included in these diagrams, they will be deployed on additional host(s) separately.
Single Host Deployment¶
This deployment configuration is when Anyware Manager and MongoDB and Vault server are running on a single host, it can be deployed on a virtual machine on any cloud or on-premise. It should be used for getting started with Anyware Manager for initial prototyping or smaller scale production deployments. If you use this configuration for production environment you must ensure there is a backup and restore process in place. This is necessary to minimize the loss of data and to minimize down time.
For information on installing Anyware Manager as part of a single host deployment, see Installing Anyware Manager - Default Configuration.
Two/Three Host Deployment¶
This deployment configuration is when Anyware Manager, MongoDB and Vault server are running on separate hosts. By hosting the database and secret storage on a separate machine, it reduces the risk of data loss in the case of Anyware Manager server failure. This configuration enables high-availability and scalability for Anyware Manager by deploying multiple instances of Anyware Manager. This configuration has the following limitations:
- With only one instance of MongoDB and Vault deployed, high-availability is not available to the data persistence layer, and a backup and restore process must be in place for the server hosting MongoDB and Vault to minimize data loss.
- You can configure this deployment on virtual machines hosted on-premises or on any cloud.
- This configuration requires a certain level of technical knowledge around MongoDB and Vault to properly deploy and operate these external components. For detailed deployment instructions on installing and configuring MongoDB and Vault in a single virtual machine to be used by Anyware Manager, see the following KB article.
For information on installing Anyware Manager as part of a two/three host deployment, see Installing Anyware Manager - External Configuration.
Five or more Hosts Deployment¶
This deployment configuration provides high-availability for both Anyware Manager, and MongoDB and Vault server which are on separate hosts. In this configuration two or more Anyware Manager instances provides high-availability using a load balancer. The hosts that contain the MongoDB and Vault server provide a basic high-availability for data persistence with a failure tolerant of 1. This configuration requires the following working knowledge:
- This is a complex environment and requires you to have working knowledge of installing, configuring and operating the MongoDB and Vault server services in a high-availability setup. Visit MongoDB and Hashicorp Vault official documentation sites for detailed instructions on how to carry out these steps.
For information on installing Anyware Manager as part of a five or more host deployment, see Installing Anyware Manager - External Configuration.
How Do I Install Anyware Manager?¶
You need to setup and install a dedicated virtual machine which will host Anyware Manager. This virtual machine needs to meet certain system requirements which are outlined in the sections below. If you are using an external MongoDB and secret storage you need to prepare these components before installing Anyware Manager, and then configure them afterwards. The available configurations are outlined below.
Connector Installation
Once you have installed Anyware Manager using either of the configurations below, you need to install the Connector. This should take roughly 1 hour to complete.
Using a Default Database and Secret Storage¶
This is the default installation of Anyware Manager where an instance of MongoDB and Vault is deployed as part of the installation. Installation of these components is seamlessly built into the Anyware Manager installer. This configuration does not scale beyond a single Anyware Manager instance and does not support high availability. For more information on this configuration, see Installing Anyware Manager - Default Configuration.
Installation Time
Installing Anyware Manager with the default database and secret storage should take roughly 45 minutes to complete. It should take a further 1 hour to install the Connector.
Using an External Database and Secret Storage¶
With Anyware Manager you can prepare and install your own instances of MongoDB and Vault, or you can use an Azure Key Vault service, on a different virtual machine, by following the guidelines in the installation section. This enables you to upgrade or re-install Anyware Manager, and makes a high-availability service available. For more information on this configuration, see Installing Anyware Manager - External Database and Secret Storage Configuration.
Production Environments
Installing Anyware Manager with an external database and secret storage should take roughly 2 hours to complete. It should take a further 1 hour to install the Connector.