HP xw2x220c User's Guide
Contents
1. ccccescceceeeeteeeeeeeetenseeeeettseees 50 A ROWMRGWONGN sarisin rok nnr annro ao ia k ka n nei 51 log iiaee e e E E E E E E E E E T 51 General Navigation and User Interface Design ccssceesseesseeeseeeeeneeseeeceseeeseaeeesneeeneeeeseeeeaes 51 Display More or Fewer Items Per Page ccccscccccsesceeeeeeeeeeeeeeeeseeeeceeseeeneaeeeenaes 51 Move Columns aoe puraratrol heats teadeeaecieie ure cemnyoedeaaboriesbraronntiaeneusuveaaon eatin 51 Sort Res lt List 5 ccsesvssb vein wrasse ale yielis iene be ay e Vs Sie i EEEE E NE 51 Select More Than One ltem ns svscovedensresasacevesderereedeietetsscuncineiaaversectsesaconmteadipuaneens 51 Managing the HP SAM Administrator Access List sccccseeeeeeesneeeeeeeneeesnnaeeeesenteeesennaeeensnneees 52 Add Individual Users to the HP SAM Administrator Group cscccccesseeeeeseeeeeeeeeeeeeees 52 Add Security Groups or Organizational Units to the HP SAM Administrator Group 53 Remove Users or Groups From the HP SAM Administrator Group ccseeeeeeereeeteeeeenees 53 HP SAM Administrative Console Tabs x scvissinienissccnnspiceansdlvioniellsvnn se niulienlaeitntiinsieva vaielieddie neMowlnibwiedea walesisy 54 Home WN roen e e E E E E eam E 54 Users and Roles Tabs 0 scscodacssvvaseanpvorure teadeatassreeieabiannsenaasvontanatnieeansmmeineacandnd 54 Resources fab seisein i ani ie ei Enea esa aa E a 62 Manage Data Centers cccsceeeeeeeeeeeecceeccc2. Create the account prior to installation of the HP SAM server application Change this account name and password as infrequently as possible to minimize interruptions to HP SAM Add the account to the local server administrator group on all HP SAM Web servers Add the account to the administrator group on all resources to enable logoff and restart operations The account must be trusted in a multi domain environment Use the HP SAM Configuration Utility found on the Start Menu on the HP SAM server to change the service account password for HP SAM if the password of the service account has been updated Obtain Administrative Rights To fully install HP SAM you must have the following administrative rights Administrative rights on all computing resources such as blade PCs SQL administrative level account and password only needed during setup Administrative rights on the HP SAM Web server Change the Firewall If the network environment uses a hardware and or software firewall make appropriate changes to the firewall for HP SAM to work Refer to Firewall Rules on page 85 for more details Active Directory While Active Directory is not part of HP SAM HP SAM requires Active Directory to perform user account management Other requirements 23 NOTE Active Directory running on Windows Server 2000 Domain controllers is not supported Domain functionality levels supported e Windows 2003 e Windows 2008 e
3. c UPN Name Entering a name including an at sign initiates a search by UPN Name i e jane doe NOTE Results are shown as you type 5 Click Add to add highlighted users to the list 6 Select the users in the list that you want to add into HP SAM 7 Click Save r NOTE After you have clicked Save you can set user attributes including Administrator Groups You also have the option of assigning dedicated resources automatically If a user is already in HP SAM his attributes are changed to match what is set here 52 Chapter 4 Administration Add Security Groups or Organizational Units to the HP SAM Administrator Group To add many users 1 Leverage Active Directory services by adding the names in Active Directory under a security group or organizational unit Go to the Add New Users page Add the security group or organizational unit directly to the HP SAM Administrator group a In Search By select Organizations OU or Security Groups b If you want to filter to a specific domain in the Domain name list select the domain or select Global Catalog for all domains in the same Active Directory forest the HP SAM server is in c Search for groups by entering characters in the search field Results are shown as you type You can highlight one group and use the View button to see the users who are direct members of the group d Click Add to add highlighted groups into the list e Select the groups in the l
4. Truncate Table History d Click Execute Order of Installation 25 You should see Command s completed successfully In the messages section 2 Shrink the database a Open SQL Server Management Studio and expand the Databases folder b Right click on SAM database and select Tasks gt Shrink gt Files c In the File type list select Data d Inthe Shrink action section select Reorganize pages before releasing unused space e Set the Shrink file size to the default 100MB f Click OK 3 Verify that you have a 100MB SAM_data mdf file NOTE The default file location is C Program Files Microsoft SQL Server MSSQL 1 MSSQL Data Install the HP SAM Web Server and SQL Software 26 The installation package installs the HP SAM server application and or HP SAM database HP SAM xx EXE where xx is the language code and is the version of the software you want to install Language codes include EN for English JP for Japanese FR for French DE for German KO for Korean ZH CN for Simplified Chinese You must install both the web server and the SQL components during the installation The language selected is meant for the installation wizard only Once the application is installed the web application detects the browser language and the user interface is shown in that same language if the application supports that language If it does not the user interface is in English NOTE HP SAM can have one or more
5. 2 Click Save to change the monitor layout ID To Delete a Monitor Layout 1 Select the check box next to the appropriate monitor layout 2 Click Delete and then click OK Manage Data Centers Data Centers in HP SAM are groupings of enclosures Data centers serve only to save enclosure passwords in order to enable the feature which allows users to power cycle blades from the HP SAM Connection Bar NOTE Version 4 20 or later Integrated Administrator IA software must be used on the HP BladeSystem PC Blade Enclosure s By default the IA software has a disabled SAM account You must enable the SAM account and create a password for the powercyle option to work The IA password for the built in SAM account must be saved in HP SAM on the Manage Data Centers page Blade power management in C class enclosures Blade Workstations is not supported To Create a Data Center 1 Click Create 2 Type the data center name and enclosure password 3 Click Save To Change a Data Center 1 Click on a link in the Data Center column 2 Change the Data Center name and or password 3 Click Save To Add Enclosures into a Data Center Select the check box for the appropriate data center Choose View Enclosures from the Operation list and click Go Click Add yr p p Enter search terms optional then click Search 66 Chapter 4 Administration 5 Select the check boxes for the enclosures to add and then click Save
6. Assign Roles Assign new roles to the resource This setting overrides the configuration file for the resource If you select this option the Resource Role Assignment window opens Use this window to select primary and alternate roles for the resource You can also create new roles from this window amp NOTE Once assigned to roles using the HP SAM administrative console any changes to roles in the configuration file will be ignored To revert back to using the configuration file delete the resource from the database and then restart the computing resource Assign Asset Groups Assign new asset group s to the resource Customize View Use this window to customize the columns that appear for the resources displayed on the Manage Resource window You can use the arrows or you can double click the items in the Available and Selected boxes to move them back and forth The single arrow moves only the selected item while the 64 Chapter 4 Administration double arrows move all items in the list You can display a minimum of three and a maximum of six columns Manage Access Devices To Add an Access Device Manually amp NOTE The Windows based client Blade Workstation Client and Linux Client register access devices automatically upon connection to the HP SAM server The XP Embedded OS image on some thin client access devices lack support needed for this to occur For these systems follow the instructions in the CIMW
7. Operations Select the appropriate resource s Select the task to perform in the Operation list Click the Go button Delete Delete the resource from the system Do this to clean up the database You can delete the computing resource only if its current status is Offline Disable Prevent the resource from further allocation If In use the current user session is unaffected If Disconnected the user is not able to log back into the computing resource Enable Allow the resource to be allocated Logoff User Force logging off the current user on the resource Restart Reboot the resource Send Message Send a text message to the user on the resource a pop up message Not supported with Linux resources Shutdown Power down the resource E NOTE Starting with SAM 3 2 the Logoff Restart and Shutdown operations are now supported with Linux resources To enable this a certificate from the domain certificate authority must be installed on the HP SAM website in IIS Synchronize Send a request directly to the resource for it to send back its current status In normal situations this is not needed since the registration service sends back its status whenever there is a change in status power on power off user logon user disconnect and user logoff This is useful in situations where the network was temporarily interrupted between the resource and HP SAM server in order to get the current status of the resource
8. groups granting access to 62 selecting multiple items 51 selecting role requirement for 87 server sizing 12 servers number 13 service account 23 ServicePort 32 session time limits configuring 80 session timers for Linux 82 setting up dedicated resource 9 dynamic resource 7 HP SAM 7 static resource 9 settings configuring HP SAM 28 smart card 41 user interface 42 web client 71 Show configuration options box 71 Show domain field box 71 Show resolution selection box 71 ShowVersion 42 sizing server 12 smart card logon 79 settings 41 Smart card logon list 72 Smartcard Requires Click 41 SmartCardAlways 41 SmartCardAutoDisconnect 42 SmartcardCSP 41 SmartCardUidOid 42 SmartCardUidType 41 software components 6 deploying client 50 software requirements Blade Workstation client 22 desktop or notebook PC 22 mobile thin client 22 Personal Workstation client 22 registration service 20 SQL 20 thin client 21 web server 16 sorting 51 SoundQuality 44 SoundStereo 44 Span 46 SQL database considerations 12 database hardware requirements 16 database software requirements 20 multiple databases 14 SQP server firewall rules 86 SSL configuring 29 starting registration service 32 static connection 3 static resource setting up 9 System Settings tab 70 T tabs administrative console 54 Home 54 log 78 Policies 68 Reports 75 Resources 62 System Settings 70 Users and Roles 54 template user assign
9. 4 Select the monitor layout to be added from the Monitor Layout ID list 5 Select the check box next to the computing resource s and role s you want to assign to the monitor layout 6 Type the new resolution width and height and the horizontal and vertical offset amp NOTE If you do not specify the resolution and offset configuration the system default parameters are used 7 Select the Common Policy which specifies which session s policy to use when all sessions are connected 60 Chapter 4 Administration 8 9 Select the USB Default which is the session you want RGS to use by default with USB devices connected to the access device Click Save To Change the Monitor Layout Configuration for the User 1 2 5 Select the check box next to the appropriate name From the Operation list select Assign Monitor Layouts and then click the Go button to open the Monitor Layouts for lt username gt window which shows the monitor layouts if any assigned to the selected user Click the link in the Monitor Layout ID column Type the new resolution width and height the horizontal and vertical offset common policy and USB default Click Save To Delete a Monitor Layout ID for the User 1 2 3 Select the check box next to the appropriate name From the Operation list select Assign Monitor Layouts and then click the Go button to open the Monitor Layouts for lt username gt window which
10. Internet Information Services IIS Manager modify the CONNECTION CONFIG file located on the HP SAM web server in root of the HP SAM installation directory usually c Program Files Hewlet Packard HP SAM Use Notepad to edit the file Modify the three lines below lt add key ClientServiceURL value http samservername 80 gt lt add key ResourceServiceURL value http samservername 80 gt lt add key AdministrativeConsoleURL value http samservername 80 gt To lt add key ClientServiceURL value http sam_server_name port_number gt lt add key ResourceServiceURL value http sam_server_name port_number gt lt add key AdministrativeConsoleURL value http sam_server_name port_number gt Where sam_server_name is the name of the HP SAM server and the http port is the port_number value as set in IIS Manager not the SSL Port value If you change only the SSL Port value in IIS Manager you still need to modify the CONNECTION CONBFIG file as described Do not use HTTPS in either of the previous lines If you change the TCP Port you need to update the configuration file on the HP SAM registration service hpevent cfg file on all computing resources to use the new web server http port for example YourHP SAMservername 8080 You also need to update all of the access devices to use the same http port NOTE Be sure to update your firewall exceptions accordi
11. When set to 1 a context menu appears when right clicking on a session s status icon on the connection bar This menu allows the user to switch to the selected session move the selected session minimize the selected session or minimize all currently connected sessions When set to O this menu does not appear Default is 1 ConnectionBar EnableSave integer value O or 1 When set to 1 enables the Save button on the connection bar that allows an Administrator to save the current session configuration to the server as a Monitor Layout ID Disconnected sessions are not saved back to the database The default value is 0 ConnectionBar ShowDelay integer value Specifies delay in milliseconds for connection bar to appear after cursor has been moved to screen edge The default value is 500 milliseconds ConnectionBar ShowOnDisconnect integer value O or 1 When set to 1 enables connection bar to appear automatically when a session closes The default value is 1 ConnectionBar AutoHideTimeout integer value Sets time in seconds for connection bar to stay open when cursor is moved off connection bar O always stays open The default value is 3 ConnectionBar ShowTimingFactor integer value Controls the speed of the animation when the connection bar is appearing on the screen A smaller number means faster animation This can be useful on slow client systems where the connection bar animation is too slow The default value is 5 Co
12. asset groups 55 HP SAM users 57 resource roles 54 MapClipboard 46 MapDrives 45 MapDrivesList 46 MapPorts 45 MapPrinters 45 MapSmartcards 45 MapUSB 44 MatchClientDisplays 46 Maximum Capacity graph 77 MicrophoneEnabled 44 Microsoft Remote Desktop Protocol 3 4 Minimum Capacity graph 77 mobile thin client hardware requirements 22 software requirements 22 modifying monitor layout 66 monitor layout assigning 60 changing configuration 61 configuring 10 creating 65 deleting 66 modifying 66 removing ID 61 moving columns 51 Mute 44 N navigation HP SAM administrative console 51 network glitch reconnect 87 NetworkAuthentication 46 new features access restrictions 82 authenticate before allocation 83 resource reservations 82 New Resource Setting box 70 New Roles Settings box 70 number HP SAM servers 13 0 offline blade 87 operation 63 order of installation 25 organization units granting access to 62 overview HP SAM 4 P password logging in twice 87 Personal Workstation client hardware requirements 22 software requirements 22 Policies 38 Policies tab 68 policy creating or updating 69 effective viewing 69 entries 44 hierarchical table 68 port value 80 and 443 changing 89 practices best 12 Protocol 44 R RDC settings not working 87 RDP 3 4 reconnect after network glitch 87 recovery HP SAM database 92 Referral Search box 72 regionalization of datacenters 14 registration service
13. ANY to blade TCP 42966 RGS NOTE The default RGS port is TCP 42966 however RGS 5 3 and later allows this to be changed Please see the RGS documentation for details Non default RGS ports are supported in HP SAM 3 0 and later o Outgoing From blade TCP ANY to web server TCP 80 HTTP From blade UDP 47777 to web server UDP 47777 NOTE Another way to enable the port is to enable the software service itself Follow the firewall instructions to enable the HP SAM Registration Service software Create the HP SAM Registration Service Configuration File 30 The HP SAM registration service configuration file is a simple text file named hpevent cfg The HP SAM registration service tries to locate the configuration file in the order of locations listed below e In the same directory in which the service resides usually C Program Files Hewlett Packard HP SAM Registration Service e In SystemRoot usually c windows e In SystemDrive usually c e Linux In opt hpsamd Once the service locates the file the service stops the search and extracts the contents Refer to the following sample template You must update the WebServerList section The RolesList section is optional If the RolesList section is not populated it is shown in the HP SAM administrative console with no role Roles can be assigned using the HP SAM administrative console hpEventCfg Gateway WebServerList Role
14. Note that Active Directory policy settings may affect the actual behavior of this property Active Directory options include leave as is password lock and log off Active Directory does not include a disconnect option so you must use SmartCardAutoDisconnect for that functionality Default is 1 User Interface Customization Settings 42 UiMode integer value O 1 or 2 Select the type of user interface to display o O default HP SAM Server User name and Domain fields visible in the user interface 1 show the UPN mode where the Domain field is not shown The user must use the format username domain o 2 show smart card mode where both the User Name and Domain fields are hidden and a message displays asking that the user insert the smart card The Connect button is disabled when no smart card is inserted For the Blade Workstation Client Embedded OS and Linux Client this value 2 is treated as a 1 Banner string value Allows a specified file to load as the banner image on the access device main dialog The image must be in Windows Bitmap BMP format A fully qualified path is required The banner area is 385 x 60 pixels and 24 bit color If you provide a file of different resolution it is resized to fit in the banner area TitlebarText string value Allows overriding the default text in the titlebar with a specified string By default language appropriate text displays ShowVersion integer value O or 1
15. RolesList AssetGroup AssetGroupList ServicePort 47777 Chapter 3 Installation DnsDomain ExampleDomain com WebServerList server yourdomain server2 yourdomain RolesList sample role 1 sample role 2 AssetGroupList sample asset group 1 sample asset group 2 WebServerlList The WebServerList section lists one or more HP SAM web servers Each HP SAM web server primary and failover is listed one per line The service uses this list in the order provided The first HP SAM web server in the list is the one tried first if it fails the service proceeds to try the remaining HP SAM web servers in order If a successful connection is established the remaining HP SAM web servers are not used To modify the server line change just the serverl yourdomain string to the appropriate server name use web server DNS name or static IP address For example e HP SAMservername 10 1 2 3 RolesList NOTE Assigning roles in the CFG file is optional The usual method of assigning roles is via the configuration file because this method self registers the role If no roles are specified in the CFG file roles may be configured using the HP SAM administrative console For more information see Deploy the HP SAM Registration Service to All HP SAM Computing Resources on page 49 The RolesList section lists zero or more roles to which the computing resource can belong A role is a functional collection of computing reso
16. SAM enables automatic provisioning of remote computing resources to users Figure 1 1 HP SAM Configuration bool ot blade workstations User mai RGS or RDP 15 2 76 102 User tom 15 2 76 101 15 2 76 100 HP SAM can be configured to enable a user to connect to the desktop session of a particular remote computing resource identified by its IP address or hostname this is known as a static connection In Figure 1 1 HP SAM Configuration on page 3 HP SAM has been configured to statically connect user Tom to blade PC 1 with an IP address of 15 2 76 100 Regardless of which access device Tom uses he is automatically connected to blade PC 1 at address 15 2 76 100 HP SAM can also be configured to enable a user to connect to any of a pool of computing resources this is known as a dynamic connection HP SAM allows the administrator to define one or more roles for each computing resource A computing resource with a role of abcde for example might be configured with applications to conduct stock transactions or accounting functions In Figure 1 1 HP SAM Configuration on page 3 HP SAM has been configured to allow user Mai to dynamically connect to one of the three blade workstations supporting the role of abcde HP SAM uses HP Remote Graphics Software RGS or Microsoft Remote Desktop Protocol RDP to connect between access devices and computing resources RGS has features which make it particularly s
17. Set your http_proxy environment variable if necessary Run the following command export http_proxy http wveb proxy yourcompany com 8080 substituting your proxy information If you are using Synaptic set the proxy information under Preferences gt Network To install the HP SAM Client run the following command apt get install hptc sam client or use the Synaptic application to obtain the software Additional settings can be set by manually editing the SAM files configuration files 1 2 The HP SAM connection client searches first for the user specific SAM file hprdc sam It then checks the access device file opt hpsam hprdc_accessdevice sam Parameters found in the access device file replace or are added to the merged file Then the connection client checks the file opt hpsam hprdc_admin sam Parameters found in the global file replace or are added to the merged file Refer to Configuration Settings on page 38 for a list of the options available for the HP ThinPro GT Client Install and Validate the HP SAM Client Software 37 Red Hat Enterprise Linux RHEL Client To install the HP SAM Linux Client on a system running RHEL version 4 or 5 1 Log onto the access device using an account with root permissions 2 Extract the Linux Client tar gz package onto the system by executing the following terminal command tar xzvf lt name of file tar gz gt Run the install script by executing install sh After the
18. Software Assurance SA expiration date if applicable This information can be seen on the Licensing page described in this section The version number determines which major HP SAM revision the license is intended to cover For example a license key with a version of 2 means it was created for use with HP SAM version 2 X This license can be used to license resources in any 2 X version of HP SAM The license will never expire as long as a 2 X version is being used Continuing the example above if HP SAM is upgraded to a 3 X version the version 2 license will continue to work with any SAM version with an Effective Date shown at the top of the HP SAM Chapter 4 Administration administrative console that is before the SA expiration date If you install a version of SAM which has an Effective Date that is after the SA expiration date those licenses will no longer count This may cause an orange warning banner to be shown saying you have more resources than licenses Even in this situation no functionality will be lost The customer must then purchase version 3 licenses or revert to an older version of HP SAM Click the Enter New Key button to add a new key to HP SAM Once entered the system displays the information encoded on the key To delete the key from the system check the appropriate key s and then click Delete NOTE In order to successfully enter the license key for HP SAM the HP SAM service account must be a member of the server
19. Time Limits for Remote Sessions Session Timers for Linux HP SAM Session Timers for Linux have been added to provide functionality to administrators on Linux resources similar to what previously existed only for Windows resources It features the ability to disconnect or log off users after a set amount of time when logged in logged in but inactive or in a disconnected state It can also be set to factor in CPU usage with configurable thresholds The Session Timers for Linux are included in the SAM download package as a file in the RPM format After copying the RPM file to the Linux based resource it can be installed with the following command rpm ivh lt hpst file gt rpm for example rpm ivh hpst 1 0 0 1 x86_64 rpm The various session timer types described below and their options are set within the configuration file etc hpstd conf on each resource Use the command opt hpst sbin hpstd reload after changing settings in the configuration file for those settings to take effect The Active and Active But Idle timers will disconnect the user when the timer is triggered The Disconnect Session timers will log the user off of the resource when triggered All timers operate only when connected via the HP RGS protocol and are not designed for use with resources which are intended to be logged into locally The following timer types are available e Active Sessions Allows the administrator to force a disconnection after the user has b
20. amount of time 3 minutes by default to allow that user time to log on During this time the resource shows as Available in HP SAM with no user logged in but cannot be allocated to any other user NOTE This scenario may occur more frequently if this time period is increased This is set under System Settings General via the User Sign In Time Out option e Verify that the HP Session Allocation Management Service is running on the HP SAM server Typically if this service is not running it causes resources to go offline when users attempt to log on e Verify that the HP SAM communication port UDP 47777 by default is not blocked by a firewall This is the port over which the HP SAM Registration Service and the HP SAM Server communicate blade status Typically when this port is blocked resources go offline when users attempt to log on e Verify that the resources show the desired protocol in the HP SAM administrative console For example if the HP SAM clients are set to ONLY connect via RGS then resources which show as Available but do not show the RGS protocol are not allocated to the users e Verify that all users have valid UPN names in Active Directory Users without UPN names may be allocated to a resource by HP SAM but after disconnecting they may be sent to a different resource and not sent back to their resource UPN names are required for proper HP SAM to operate properly 91 92 Question Why does a us
21. can update the password using the operating system on the resource e Synchronization Request Retries The number of retries the system performs before marking the resources as offline e Synchronization Time Between Retries The number of seconds the system waits between the retries for the synchronization operation e User Sign in Time Out The number of seconds allowed for the user to complete the log on process The resource will not be allocated to other users during this period If time expires without completing a logon the computing resource is returned to the available list e Access Restriction Warning Time Out The time in seconds before the access restriction feature forces a logoff that the user will see a warning dialog regarding the impending logoff Chapter 4 Administration Multi Session Autoconnection When enabled allows the system to autoconnect users to all resources of the chosen type which are assigned to the user when user is on an access device without a monitor layout ID assigned Select one or more o Dedicated Resources o Roles with Public Enabled o Roles with Public Disabled Client Resource Network When the access device connects to the computing resource you can specify which method it uses gt Host Name If this is chosen the system passes the resource Computer Name to the access device in order to connect and relies on the DNS server to resolve the name to the appropriate IP address o
22. capabilities that provide a better video viewing experience HP SAM allows you to use either RGS or RDP for communication Roaming profile Collection of user settings in Active Directory which can be seamlessly shared between different computing resources It enables the user to have the same end user experience when connecting to different computing resources Role A role is a grouping of users and a grouping of computing resources so that users are matched to the appropriate resources HP SAM HP Session Allocation Manager The software system described in this document Session Persistence Ability for the user to connect to the same session without having to log off SG Security Group Smart card A pocketsized card that contains embedded circuits that can provide security services such as the ability to securely store password information UPN User Principal Name A user friendly name in e mail address format Web server The HP SAM component responsible for managing the computing resource pool providing an administrative user interface and providing computing resource brokering services to clients At the software level the web server is composed of an IIS web server and a SQL database that may or may not reside on the same physical server 97 Index A access device adding manually 65 changing 65 deleting 65 requirements 21 access devices managing 65 access list 52 access restrictions 82 account service
23. clicks Conneet and is automatically connected to blade PC 3 NOTE Ifa blade is in a dynamic role and is reassigned as a dedicated resource to a user that blade is no longer available for allocation in the dynamic role to any other user even if the current status is Available It is highly recommended that dedicated resources not be assigned to a dynamic resource role which will then help you accurately track the list of Available and In Use resources Common Tasks 9 Configuring a Monitor Layout for a User HP SAM allows a user to connect to multiple computing resources thereby creating simultaneous remote sessions Resources can be made available either by static assignment to the user or by assignment to roles allocated to the user Mapping a static user display ID to computing resource s allows a specific combination of user ID and client ID to be mapped to a specific computing resource or a specific group of computing resources When that user logs onto that client using RGS the preconfigured computing resources are displayed at a specific location and resolution on the client monitor or monitors Figure 1 4 Monitor Layout Example 15 2 76 104 15 2 76 103 RGS or RDP pat User lee In Figure 1 4 Monitor Layout Example on page 10 user Lee has static access to two blade PCs HP SAM needs to be configured to display the information from these blade PCs on Lee s two monitors 1 We create a monitor layout ID fir
24. configuration file 30 configuration file name 30 deploying to all blades 49 error codes 93 hardware requirements 20 installation error 87 installing 29 software requirements 20 software installing 29 software validating 29 starting 32 testing 33 Remote Desktop Protocol 3 4 Remote Graphics Software 3 4 6 removing access device 65 backup resources 58 monitor layout 66 monitor layout ID 61 resources 58 user 6 users from Administrator group 53 reports Resource Capacity Consumption 75 Resource Capacity Consumption Trend 76 Resource Utilization 77 Reports tab 75 requirements access device 21 Blade Workstation client 22 desktop or notebook PC 22 domain environment 15 hardware and software 12 mobile thin client 22 Personal Workstation client 22 registration service 20 SQL server 15 thin client 21 web server 15 ResetAfterSession 39 Resolutions 40 Resource Capacity Consumption report 75 Resource Capacity Consumption Trend Report 76 resource firewall rules 85 resource reservations 82 resource roles managing 54 Resource Synchronization Scheduler 73 Resource Utilization report 77 resources assigning 58 assigning from role 60 removing 58 Resources tab 62 resources assigning from template user 59 resources assigning manually 58 restrictions access 82 RGS 3 4 6 RgsDialogTimeout 45 RgsErrorTimeout 45 RgsWarninglimeout 45 RHEL client 38 role assigning resources from 60 RolesList 31 S security enabling 88
25. connection requests Resource Utilization Report Select the filter options and display options and click the Generate Report button HP SAM Administrative Console Tabs 77 Filters e Total Resources Physical count is based on unique physical resource i e primary role only Logical count produces higher numbers because a computing resource is counted multiple times if it was assigned to multiple roles e Role Enabled Narrow the data to all roles that are enabled only Yes disabled only No or ignore this flag by selecting both e Role Public Narrow the data to all roles that have no user access list restriction Yes restricted access role No or ignore this flag by selecting both e Roles See data for the selected roles only If you choose this option the system narrows the selection based on your previous selections above Display Options e Open in New Window If selected the result data are shown in a new browser window Output Report Log Tab 78 Role Name Name of role Offline Number of offline computing resources Disabled Number of manually disabled computing resources Available Number of available computing resources Disconnected Number of computing resources with users disconnected from the session In Use Number of computing resources with users actively using Total Number of computing resources that are offline available disconnected and in use NOTE Administrators are
26. databases multiple SQL 14 Debug 39 dedicated resource setting up 9 Default domain box 71 DefaultDomain 38 DefaultInsecurePassword 39 DefaultMonitorLayoutID 39 DefaultPolicy 39 DefaultSessionAction 43 DefaultUsername 39 deleting access device 65 backup resources 58 data center 67 monitor layout 66 monitor layout ID 61 resources 58 user 6l users from Administrator group 53 deleting enclosures from data centers 67 deploying HP SAM client software 50 registration service 49 desktop or notebook PC hardware requirements 22 software requirements 22 DisclaimerDisplay Timeout 40 displaying items per page 51 Displaylogoff 43 DisplayRestart 43 DisplayShutdown 43 DnsDomain 32 domain environment 15 double byte numbers use of 90 dynamic connection 3 resource setting up 7 E Enable Access box 71 EnableDomain 43 EnableOptionsButton 42 EnablePassword 42 EnablePublicRoles 39 EnableServer 43 environment domain requirements 15 F Failover 39 failover computing resources 58 server 31 87 features 2 firewall 23 28 35 firewall rules clients 85 resources 85 SQL server 86 web server 85 frequently asked questions 87 FullDrag 44 FullScreen 45 G Gateways 38 general 70 global and local client configuration files 47 granting access to security groups 62 to users 61 graphs 77 H hardware requirements 12 SQL requirements 16 Height 45 hierarchical policy table 68 History box 70 Home tab 54 HP Blade Wo
27. details e Outgoing o From resources TCP ANY to web server TCP 80 HTTP o From resources UDP 47777 to web server UDP 47777 SQL Server only if not running on the same machine as the web server e Incoming o From web server TCP ANY to SQL_Server TCP 1433 e Outgoing None 86 Appendix A Firewall Rules Question Why do some users on the HP SAM client have to select a role or resource to connect and others do not B Frequently Asked Questions Answer Users who are in more than one role must select the role to connect Those users who are in only one role do not see this screen A user assigned a single dedicated resource does not have to select a role Also when Monitor Layout IDs or Multi Session Autoconnections or Resource Reservations are used the user is not prompted for a role or resource Can the user connect to multiple computing resources from the same client access device Yes If multiple resources have been assigned to the user the user may connect to those resources Additionally if the user is in multiple roles the user can connect to a blade from each role Why is my blade being marked offline even though am able to connect to it using Remote Desktop Connection Check your firewall settings on the computing resource to make sure the HP SAM port 47777 is allowed for incoming connection My user is unable to connect to a computing resource on the browser bas
28. doing this Please see the Frequently Asked Questions on page 87 for details DnsDomain With this setting you can specify a domain name string to override the DNS detection For example if the resource Blade incorrectly detects the domain as americas hpinternal net but you want the domain to be hp com you can specify DnsDomain hp com and the resulting FADN name returned to HP SAM will be Bladel hp com Start Restart the HP SAM Registration Service 32 You can start or stop the service from the services applet Control Panel gt Administrative Tools gt Services or from the command line e Under the services applet the service displays as HP SAM Registration Service e Additionally you can start or stop the service from the command line using the syntax C gt net start daesve and C gt net stop daesvc You can also start or stop the service using tools such as HP Rapid Deployment Pack See the HP Rapid Deployment Pack documentation for instructions You can start and stop the Linux blade service using the syntax etc init d daesve start and etc init d daesve stop Chapter 3 Installation Test the HP SAM Registration Service Log onto the HP SAM administrative console click on the Resources tab and search for the computing resource within the role it was assigned e Ifthe computing resource was not found check the firewall settings and make sure that the service was started on that computing resource e Ift
29. enter in the HP SAM web server name with manage added to the URL for example http HP SAMservername manage Use https if the HP SAM administrative console has been set to require SSL If SSL is configured and a certificate related security pop up message is displayed click Yes Once you get to the logon page enter username password and click the Sign In button You have two ways to enter in your username It can be entered as domain username or your User Principal Name UPN yourname yourcompany com General Navigation and User Interface Design The HP SAM administrative console is designed with tabs and hyperlinks for navigation Depending on the tab there could also be a filter option section The main work space or result list is at the bottom of the page Display More or Fewer Items Per Page The system defaults to show only a certain number of items per page Select a new value 10 25 50 100 250 or 500 in the Show field to change this number The page will immediately be updated to reflect this new setting Move Columns The system displays the result data grid in a certain way You can move the columns by dragging and dropping the column header to the appropriate place within the grid Sort Result List Whenever there is a result grid you can sort by any of the column shown Click on the appropriate column header to sort by that column Click on the same column header to toggle between descending an
30. examples a Last Name Search is performed by last name when entering characters b First name Characters entered after a comma is typed initiate a search by first name You can also search by first name and last name by entering a space Characters before the space initiate a search by first name Characters after the space initiate a search by last name c UPN Name Entering a name including an at sign initiates a search by UPN Name i e jane doe E NOTE Results are shown as you type 5 Click Add to add highlighted users to the list 6 Select the users in the list that you want to add into HP SAM 7 Click Save To Grant Access to Security Groups or Organization Units To add many users leverage Active Directory services by adding the user names in Active Directory under a security group or organization unit Then add the security group or organization unit directly to the HP SAM role access list To change to the access list go to Active Directory and add remove users there instead of the HP SAM administrative console 1 Go to the Add New Users page 2 Set Search By to Organizations OU or Security Groups 3 If you want to filter to a specific domain in the Domain name list select the domain or select Global Catalog for all domains in the same Active Directory forest the HP SAM server is in 4 Type the name of the Organization OU or Security Group amp NOTE Search for groups by entering characte
31. interface to allow the HP SAM administrator to set up configure and administer HP SAM The web server also creates and accesses a database in Microsoft SQL Server e HP SAM Registration Service The HP SAM Registration Service registration service or blade service runs on the computing resource and communicates the status of the computing resource and its connections to the HP SAM Web Server NOTE Refer to the documentation that shipped with your computing resource and your access device to determine which of the above components are factory installed on your hardware and which components you ll need to install For example the HP SAM Client and the RGS Receiver are both factory installed on some clients Other RGS software is optional and must be acquired separately For more information on RGS visit http www hp com go rgs Remote Graphics Software RGS RGS is a communication protocol similar to Microsoft Remote Desktop Protocol RDP HP SAM allows you to use either RGS or RDP RGS has a couple of advantages over RDP e RGS has advanced graphics capabilities that provide a better experience with multimedia and 3D graphics applications over a standard computer network e RGS supports multiple monitors configured with an offset layout Thin clients are set to use RGS when possible If both RGS and RDP are installed on the access device RGS is the default If RGS is installed on both access device and computing res
32. must type a UPN formatted name Show password field Select Enabled to show the Password field on the web client screen Show configuration options Select Enabled to show the configuration link on the web client screen Show resolution selection Select Enabled to show the resolution selection on the web client screen Default domain Type the default domain for web client log on HP SAM Administrative Console Tabs 71 e Banner text Select the language and type the appropriate message in the box to change the customizable message that is displayed to the user on the HP SAM web client page e Smart Card Smart card login Select the value for the type of logon you want Disallowed Select to disable logging in using a smart card Only the traditional logon information fields are displayed Optional Select to make optional the use of a smart card to logon All logon fields are displayed Required Select to require use of a smart card to logon Only the smart card logon information is displayed gt User name field Select the appropriate value for the field on the certificate that contains the user s logon name Email Select to have HP SAM look in the e mail field on the certificate to find the logon name The data found in this field must match the user s UPN name UPN Select to have HP SAM look in the UPN field on the certificate to find the logon name o Auto connect Select Ena
33. or more Asset Groups listed in it ConnectionBar Enable integer value 0 or 1 When set to 1 the HP SAM connection bar is enabled Set this value to 1 to allow the user to manage multiple connections using the HP SAM connection bar This also prevents the user from opening multiple instances of the client The default value is 1 for Blade Workstation Client series and Linux Client and O for all others ConnectionBar FollowMouse integer value O or 1 When set to 1 the connection bar is open on the monitor where the cursor is The default value is 1 ConnectionBar Location integer value Sets the location of connection bar if O top if 1 bottom if 2 left if 3 right The default value is O top ConnectionBar EnableAddNew integer value O or 1 When set to 1 enables the Add New button on the connection bar The default value is 1 Install and Validate the HP SAM Client Software 39 40 ConnectionBar EnableCloseAll integer value O or 1 When set to 1 enables the Disconnect All button on the connection bar The default value is 1 ConnectionBar EnableReconnectAll integer value O or 1 Default is 1 enabled Set to O to hide disable the Reconnect All button on the connection bar ConnectionBar EnableDisconnectinstance integer value O or 1 When set to 1 enables the Disconnect button on the connection bar for each session The default value is 1 ConnectionBar EnableContextMenu integer value O or 1
34. resources This action has no impact on current users active on the computing resources Registration Service Error Codes The following is a list of possible errors which the registration service writes to the event log file on the computing resource If you encounter a critical issue on the blade note the error code and communicate it to the support team BCO001 Internal error accessing WMI Contact your HP SAM support team BCO002 Internal error accessing WMI Contact your HP SAM support team BCO003 Internal error failed to spawn threads usually due to low memory Close other applications or increase memory BCO005 Internal error Contact your HP SAM support team BC0006 Internal error usually due to low memory problems Close other applications or increase memory BCO007 Update thread failed to spawn Internal error possibly due to low memory conditions Close other applications or increase memory BCO008 Failed to start service OpenSCManager error Make sure the service is running under the access device account with sufficient permission to start stop the service BCO009 Failed to start service OpenService error Make sure the service is running under the access device account with sufficient permission to start stop the service BCO010 Failed to start service StartService error Make sure the service is running under the access device account with sufficient permission to start stop the se
35. s Local Administrators group If a license message displays on the HP SAM administrative console at any time go to this area to view the details of the license message Reports Tab NOTE You must enable history recording in System Settings gt General to populate reports Administrators are only able to see reports associated with the Asset Groups they control HP SAM provides three reports Resource Capacity Consumption Report See the peak resource usage levels in terms of percentages and highlight if any percentage value exceeds a specified threshold value Resource Capacity Consumption Trend Report See the charting of peak resource usage levels over a time period Resource Utilization Report See the current status of resource usage activities This report is also posted on the main Home tab Resource Capacity Consumption Report Filters Select the filter options and display options and click the Generate Report button Time Frame From To Narrow the data to show the time period you are interested in Role Enabled Narrow the data to all roles that are enabled only Yes disabled only No or ignore this flag by selecting Both Role Public Narrow the data to all roles that have no user access list restriction Yes restricted access role No or ignore this flag by selecting Both Roles See data for the selected roles only If you choose this option the system narrows the selection based on
36. shows the monitor layouts if any assigned to the selected user Click Remove in the Operation column To Delete a User Deletes a user from the system To delete a user 1 2 Select the check box next to the appropriate name s From the Operation list select Delete and then click the Go button Add New Users For any role that is not public users must be in the HP SAM access list to request a computing resource such as a blade PC from that role You can add the user as an individual in a security group or in an organizational unit When the system searches for the accounts added it uses the HP SAM web server domain and or other Active Directory servers that are in the same forest as configured in the System Settings gt Active directory tab To Grant Access to Individual Users 1 Go to the Add New Users page Set Search By to Users If you want to filter to a specific domain in the Domain name list select the domain or select Global Catalog for all domains in the same Active Directory forest the HP SAM server is in HP SAM Administrative Console Tabs 6 amp NOTE Searching by Global Catalog displays all users from external domains Users from other domains can be added to HP SAM using Global Catalog but they may not be able to log on if the External setting has not been selected on the Active Directory page of the System Settings tab 4 Type one or more of the parameters as shown in the following
37. software is installed verity the program has been installed into opt hpsam Customization Steps Recommended Start up the HP SAM client When you launch the HP SAM client by executing opt hpsam hprdclx sh your saved settings will take effect Type the HP SAM web server name Click Options Change the appropriate connection settings Click Save moe pN Additional settings can be set by manually editing the SAM files configuration files 1 The HP SAM connection client searches first for the user specific SAM file hprdc sam 2 It then checks the access device file opt hpsam hprdc_accessdevice sam Parameters found in the access device file replace or are added to the merged file 3 Then the connection client checks the file opt hpsam hprdc_admin sam Parameters found in the global file replace or are added to the merged file Refer to Configuration Settings on page 38 for a list of the options available for the RHEL Client Configuration Settings Options 38 There are additional options to configure the settings You can set these options by manually editing the SAM file The following list provides supported keys and values within the HPRDC section e Gateways string value Points to the section that lists HP SAM Servers e DefaultDomain string value This is a default value to be loaded in the Domain edit box on the client user interface If this value is not specified the program attempts
38. the public flag is set to checked which means the role does not require any user access restriction e New Resource Setting When a new computing resource self registers the system immediately sets it enabled or disabled for allocation e Time Zone Synchronization f selected the time zone setting on the computing resource is set to the same time zone as the user s access device e Log lf selected the system collects audit log data You can view log data from the Log tab amp NOTE Log data can quickly and significantly increase the size of the HP SAM database If enabled it is highly recommended that you set up a log maintenance schedule See Audit Log Clean Up Scheduler on page 73 e History lf selected the system records and retains historical data for reports for the number of days selected in the Keep raw data for list Use this option to limit the history database size Microsoft 2005 or 2008 Express Edition includes a database size limit of 4 GB Data older than the value in the Keep raw data for list is summarized into one entry per day You can view history data from the Reports tab e Authenticate Before Allocation f selected HP SAM will authenticate user s passwords with AD before allocating a resource to the user This may be desirable in security conscious environments If the Allow Expired Passwords option is enabled HP SAM will allow users who have expired passwords to be allocated to resources so they
39. window Output Report Minimum and Maximum Capacity graphs The graphs show the minimum number of blades available and the maximum number of blades used for the specified time period In general these values should add up to 100 However if a blade supports multiple roles then the numbers will not add up because consuming a blade which is in two or more roles in one role will also decrease the minimum available in the other role Time Interval The time interval for which the report was run This value is based on the selection in Display Options Time Interval Date The date of the report Role Name Name of role Minimum Available For the time period chosen the peak value of minimum available is shown This value indicates the percentage of computing resources that are still available for allocation dropped to this lowest value Minimum Available This value complements the percentage number above to show specifically how many resources within that role are still available Maximum Consumed This value indicates the highest percentage of resources that were consumed during the time period chosen Maximum Consumed This value complements the percentage number above to show specifically how many resources within that role were consumed Out of Resource For the time period chosen this value indicates how many times the system encountered the situation where there are not enough computing resources to fulfill the
40. with previous versions of HP SAM where password authentication is first done when logging into the operating system on the resource Authenticate Before Allocation 83 To enable this feature all of the following must be configured e Enable Authentication before Allocation on the General page of System Settings on the HP SAM administrative console e Ensure that a certificate from the domain certificate authority is installed on the HP SAM website in IIS on the HP SAM server e The following option must be enabled via the HP SAM client configuration file on all access devices AuthenticateBeforeAllocation 1 e There is no setup needed for the web client but the user must type in the URL using https instead of http e g https samserver e Ensure that communication between the access device and the HP SAM Server via SSL typically port 443 is not blocked by a firewall The Allow Expired Password setting in System Settings gives the HP SAM administrator the option to allow users with expired passwords to continue on so that they can change the password using the operating system on the resource NOTE Versions of the HP SAM client prior to HP SAM 2 3 cannot be used when this feature is enabled This feature is not compatible with Smart Card single sign on and must be disabled before using Smart Cards 84 Chapter 4 Administration A Firewall Rules This appendix lists the rules needed for communication betwee
41. you want the system to automatically launch the HP SAM client when a users inserts a smart card see steps a and b NOTE Step a is the default setting a For the Windows based client default setting edit the scwatch cfg file with the following scwatch Action c Program Files Hewlett Packard HP Session Allocation Client hprdew32 exe ActionDir c Program Files Hewlett Packard HP Session Allocation Client at Bes b For the Internet Explorer based client edit the scwatch cfg file with the following Action c Program Files internet explorer iexplore exe http HP SAMServername 8 Start the service by a Clicking Start gt Control Panel gt Administrative Tools gt Services b Rightclicking HP Smart Card Monitor Service c Selecting Start For more information about HP SAM smart card settings see Smart Card Settings on page 41 You can configure smart card related settings on the web client after you complete this procedure From the HP SAM administrative console go to System Settings gt Web Client NOTE The CAC is a high security type of smart card used by the military Its behavior in HP SAM matches that of typical smart cards HP SAM does not access extended data in the CAC card beyond the certificate needed to determine the user s credentials Configuring Session Time Limits for Remote Sessions HP CCI Session Timers allow administrators to control automatic disconnection or logoff of remote se
42. your previous selections above HP SAM Administrative Console Tabs 75 Display Options Threshold Percentages On the report you can highlight the data if it exceeds the number entered here o Minimum Available If data is below the value entered the report highlights it o Maximum Consumed If data is above the value entered the report highlights it Open in New Window If selected the result data are shown in a new browser window Output Report Role Name Name of role Minimum Available For the time period chosen the peak value of minimum available is shown This value indicates the percentage of computing resources that are still available for allocation dropped to this lowest value Minimum Available This value complements the percentage number above to show specifically how many resources within that role are still available Maximum Consumed This value indicates the highest percentage of resources that were consumed during the time period chosen Maximum Consumed This value complements the percentage number above to show specifically how many resources within that role were consumed Out of Resource For the time period chosen this value indicates how many times the system encountered the situation where there is no available computing resource to fulfill the connection request NOTE In general the maximum consumed should be opposite of the minimum available The exception is when the c
43. 23 Active Directory 23 72 ActiveX controls 35 adding access device manually 65 enclosures into data centers 66 monitor layout 65 organization units to the Administrator role 53 security groups to Administrator role 53 users 6 users to Administrator group 52 Administrative permissions 56 rights required to install 23 administrative console tabs 54 Administrator access list 52 access granting 28 Animation 45 architectural considerations 12 asset groups managing 55 AssetGroup AssetGrouplist 39 AssetGrouplist 32 assigning attributes 57 backup resources 58 monitor layout 60 resources 58 98 Index resources from role 60 resources from template user 59 assigning resources manualy 58 attributes assigning 57 AudioFollowsFocus 44 Audit Log Clean Up Scheduler 73 authenticate before allocation 83 auto refresh 63 Auto Schedules 73 Auto connect box 72 Autodial 39 AutoReconnect 45 Autosize 46 B backup computing resources 58 resources assigning 58 resources removing 58 server 31 87 Banner 42 Banner text box 72 best practices 12 Blade Workstation client hardware requirements 22 software requirements 22 blade offline 87 BordersEnabled 44 browsers alternate 88 C Caching 45 changing access device 65 data center 66 monitor layout 66 monitor layout configuration 61 Clearlype 46 client configuration settings 38 firewall rules 85 software deploying 50 Client Resource Network box 71 ColorDep
44. 6 Click Close To Delete Enclosures from a Data Center 1 Select the check box for the appropriate data center 2 Choose View Enclosures from the Operation list and click Go 3 Select the check boxes for the enclosures to delete 4 Click Delete 5 Click Close To Delete a Data Center 1 Select the check box for the appropriate data center or data centers 2 Choose Delete from the Operation list and click Go 3 Click OK HP SAM Administrative Console Tabs 67 Policies Tab Policy management allows administrator to override the user s HP SAM client settings In general the user is allowed the flexibility to customize the connection settings on the client side If there are specific settings that the user must always connect with then the administrator may use the Policies tab to define the forced settings The HP SAM hierarchical policy has 5 levels e Global e Role e OU organizational unit e Security Group e User Policy settings assigned to User override policy settings assigned to a Security Group and so forth up the list Steps 1 Create or update the policy in the Policies tab To update an existing policy click the policy name hyperlink i Assign the policy e toarole User and Roles gt Manage resource roles e toa user OU or Security Group User and Roles gt Manage users HP SAM always creates the Global Policy This policy applies to all user connections unless overridden by ot
45. 8 Spanish Espa ol es_MX UTF 8 Spanish Latin America Am rica Latina sv_SE UTF 8 Swedish Svenska de_CH UTF 8 Swiss German Deutsch Schweiz tr_TR UTF 8 T rk e The following file types are supported e JPG e GIF e BMP amp NOTE This feature is enabled by default if the disclaimer file is found in the correct location Deploy the HP SAM Registration Service to All HP SAM Computing Resources For high volume deployment HP highly recommends that you use a software tool such as HP Rapid Deployment Pack 1 Install the service on all computing resources 2 Create the HP SAM registration service configuration file hpevent cfg on a single blade and save this file as a template to use later 3 Start or restart service on a single computing resource and verify that the computing resource self registered into the HP SAM web server 4 Deploy the HP SAM registration service configuration file hpevent cfg to all appropriate computing resources and start the service on those units Deploy the HP SAM Registration Service to All HP SAM Computing Resources 49 Deploy HP SAM Client Software to All HP SAM Access Devices To deploy the HP SAM Internet Explorer based client instruct your users to go to the HP SAM server website s that you have set up If the access device is accessing the HP SAM server for the first time the access device needs to install two ActiveX controls HP SAM Web Client Utility C
46. EQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 1998 2007 The OpenSSL Project All rights reserved Copyright C 1995 1998 Eric Young eay cryptsoft com All rights reserved Administrator s Guide HP Session Allocation Manager HP SAM v 3 2 Seventh Edition November 2010 Sixth Edition April 2010 Fifth Edition August 2009 Fourth Edition November 2008 Third Edition December 2007 Second Edition August 2007 First Edition June 2007 Document Part Number 453252 007 About This Book A WARNING Text set off in this manner indicates that failure to follow directions could result in bodily harm or loss of life A CAUTION Text set off in this manner indicates that failure to follow directions could result in damage to equipment or loss of information NOTE Text set off in this manner provides important supplemental information iv About This Book Table of contents inroduchoi cide emo ene 1 What s New in This Release aoc jac ecunsAcowncd heoashimemaimane nace Sdadnadhemeedambendsteonalane iwncdaimesdancetianichidains Key FEQHUIeS seinoria ee a
47. HP SAM Web servers pointing to a single database All HP SAM Web servers contain the same feature set You can set up HP SAM such that the servers load balance each other and act as failover servers Additionally each server can independently run an automated task such as synchronizing the computing resources or deleting HP SAM system log data from the HP SAM database See Administration on page 51 for more details on these scheduled events If you attempt to install the HP SAM Web Administration Package on a MS SQL Server that has collation of the SQL Server set to case sensitive the installation will fail The HP SAM Web Administration package can be installed on a Domain Controller for demonstration or pilot situations but this is strongly discouraged in production installations To install HP SAM Web server and SQL software 1 Log onto the server using an account with administrative rights 2 Run the HP SAM xx EXE install file where is the software version number Replace xx with EN for English JP for Japanese FR for French DE for German ZH CN for Simplified Chinese KO for Korean 3 Click Next on the welcome screen Chapter 3 Installation For HP SAM Web server installation the installer asks for a user account The user account is the owner known as the HP SAM service account of the HP SAM website and the HP SAM server service The permissions required for this account are e Administrative rights on all
48. IN32 folder found in the AddOns folder in the HP SAM SoftPaq 1 Click Create 2 Type the serial number and friendly name 3 You may select the Asset Groups to which this access device will have access if you want 4 You may select a Monitor Layout if you want 5 Click Save To Change an Access Device 1 Type one or more parameters and click Search or click Search to find all registered access devices 2 Ifyou want to change the settings for the access device a Click the Serial Number link and then change desired settings for the access device in the dialog box b Click Save To Delete an Access Device NOTE You cannot delete an access device while it is in use 1 Type one or more parameters and click Search or click Search to find all registered access devices Select the check box next to the appropriate access device or devices Click Delete and OK Manage Monitor Layout This allows you to create a new layout or to modify or delete an existing layout To Create a Monitor Layout 1 Click Create 2 Type the monitor layout ID 3 Type a description of the layout HP SAM Administrative Console Tabs 65 4 Select the Asset Groups associated with this monitor layout 5 Click Save to add the new ID To Modify a Monitor Layout 1 If you want to change the name description or asset group of the monitor layout click the link in the Monitor Layout ID column and then change the desired settings
49. IP Address If this is chosen the system passes the IP address of the computing resource to the user access device to connect If the computing resource has more than one network card you must specify an option Reported Subnet The subnet to which the computing resource used to register communicate with HP SAM Specified Subnet If both the HP SAM server and the computing resource each have two NICs communicating through two independent subnets then it is necessary to specify which subnet the access device needs to use to make a connection request E NOTE HP SAM allows you to enter in only one subnet range If the network environment is complex then you must use Host Name instead of IP address Web Client This page allows the administrator to define the settings for the web client Make the appropriate changes and click Save to apply Enable Access Select this option to allow users to request a desktop session through the Internet Explorer based client Cookies Select User choice so the user has the option to save the user name domain and client settings information on the access device browser cookies If you have a security concern i e public terminal access then select Do not allow so the information is not saved and the user must always type in the user name and domain Show domain field Select Enabled to show the domain input field and allow users to specify a domain If this option is not selected users
50. If set to 1 displays the HP SAM client version text on the main window Default is 1 EnableOptionsButton integer value O or 1 If set to 1 the Options button on the main application dialog is visible If set to O the button is not displayed Default is 1 EnablePassword integer value O or 1 When set to 1 shows the Password box on the access device user interface When set to O the password box is not available Default is 1 UlLanguage language identifier Supported identifiers include o EN English o FR French o DE German o JA Japanese gt KO Korean o ZH CN Simplified Chinese If the identifier is not supported or the property is not present in the file the application default is US English A language support DLL must be present to support the language Not valid for the Blade Workstation Client series or Linux Client Chapter 3 Installation NOTE The UlLanguage specified must either be the same language as the HP SAM client application that you have installed or English If you installed the English HP SAM client application do not change the value to any other language To minimize disk space the English HP SAM client application does not contain any other HP SAM client language DLL EnableServer integer value O or 1 If set to 1 the HP SAM Server box on the main application dialog is visible If set to O the field is not displayed If the field is turned off the value is still require
51. Logoff o These operations were previously only functional for Windows based resources o The Send Message operation is still not supported on Linux resources o The SAM 3 2 versions of the SAM Linux Blade Service and the SAM Server are required for this feature to work gt A certificate from the domain certificate authority must be installed on the HP SAM website to enable this feature New SAM Policies for RGS Experience Properties o RGS 5 4 5 introduces new RGS settings to help provide a better experience in a WAN environment which has reduced bandwidth Those setting include choosing between fixed or self adjusting image quality as well as setting the minimum image quality and update rate when using the self adjusting option SAM 3 2 gives the SAM administrator the ability to force these settings to end users via SAM server policy Consult the RGS User Guide for details regarding usage of these new RGS settings Key Features Allocation system to assign users to computing resources such as blade PCs workstation blades or virtual machines Self registration of computing resources Central management of access device remote connection settings Follow me roaming and persistence support to enable reconnection to an open session from a different access device Customizable administration levels Usage and Capacity Planning reports Dedicated user display to computing resource mapping Chapter 1 Introduction Overview HP
52. M database without using the HP SAM service account HP SAM needs many concurrent connections HP SAM does not have control over the number of connections Instead the NET Framework database engine decides whether it is more efficient to wait for a connection re use an existing connection or create a new connection Normally the busier the database the more connections are created They are automatically destroyed once the operations are complete You should not need to limit the concurrent connections If you must set a limit we recommend that you set it for at least 200 300 The HP SAM database consists of two files e SAM _data mdf Location of the HP SAM tables e SAM_log ldf Location of transaction log information SQL server uses this file to keep track of SQL transactions The default size is 100MB for each file but the actual data inside each file is about 10MB This leaves about 90MB free for each to grow before SQL has to expand the file The SAM_data mdf file holds several HP SAM tables including History and AuditLog tables These two tables store the HP SAM history data and events and over time these two tables will grow larger If you disable history and audit logs you will not outgrow the 100MB default with 100 users If you do not disable them SAM_data mdf will grow by at least 100MB a day The busier the database the more transactions will be added to the SAM_log ldf file When a transaction is complete it is rem
53. O Korean o ZH CN Simplified Chinese For Red Hat Linux extract the HP SAM Linux Registration Service tar gz package onto the system by executing this command tar xzvf lt name of file tar gz gt Next run install sh to install the package If necessary stop the service by going to Control Panel gt Administrative Tools gt Services and look for HP SAM Registration Service If it is running stop it For Linux enter the following command in the terminal etc init d daesve stop Customize the service CFG file Edit the hpevent cfg sample file For details about how to customize this file see Create the HP SAM Registration Service Configuration File on page 30 Install and Validate the HP SAM Registration Service Software 29 e After you customize the configuration file required see Create the HP SAM Registration Service Configuration File on page 30 rename or Save As the sample file to hpevent cfg e Start the HP SAM registration service by going to Control Panel gt Administrative Tools gt Services and start the service under the name HP SAM Registration Service For Linux enter the following command in the terminal etc init d daesve start e Ifthe computing resource has a firewall enable the ports below o Incoming From web server UDP 47777 to blade UDP 47777 From web server TCP ANY to blade TCP 139 From access devices TCP ANY to blade TCP 3389 RDP From access devices TCP
54. Off User from Resource Scheduler on page 74 features can be used to set a logoff time slightly before 4PM to ensure the resources are free in time for the newly added reservation A manual or scheduled synchronize operation has no effect on resource reservations amp NOTE This feature is only supported on resources running a Windows operating system Refrain from using resources assigned to multiple roles while using this feature This can cause the automatic logoff to not occur when the resource is needed for a reservation set on one of the resource s other roles There are two other features in HP SAM that can bypass the role selection dialog for users with multiple roles Monitor Layouts and Multi session Auto connection If a conflict occurs Monitor Layouts will prevail over Resource Reservations which will prevail over Multi session Auto connection Authenticate Before Allocation When enabled this feature enhances security by requiring the user to enter his username and password on the HP SAM client which will then be authenticated by Active Directory before sending a user to a resource or displaying a list of roles and resources The feature also eliminates the possibility of Active Directory locking out a user because he mistyped his password during a single connection attempt when trying to connect to multiple resources at once This feature is disabled by default With this feature disabled the behavior is the same as
55. Server Hardware Requirements 16 If you have an existing SQL database server you can install the HP SAM database on the same server However a separate dedicated HP SAM SQL database server for HP SAM is highly recommended to support future scaling of environment See illustrations of possible setups allowing for load distribution following this procedure Minimum x86 compatible server such as an HP Proliant server with e Processor Pentium 4 1 0 GHz e Hard drive 10 GB requires more if running both web server and SQL e System memory 1 GB or more Chapter 2 Requirements Tested amp Verified O Client Devices cA i H il il SAM client Config file i eh SAM resource Allocation i Requests bank e SAM Server 2 x A HP SAM Server 2 eliS Database Cluster S9Y daY SW uopegunwwog H i i 3 Node 1 Active Node 2 Active Passive STe Heartbeat FE 5 8 3 s555 SSE a o Sgi JE sig z i Shared Disk Array i i i SAM Resources Remote Computing Solutions HP Blade PC Blade Workstation amp VDI SAM Load Distribution All SAM Resource Allocation requests are routed and handled via SAM Server 1 All SAM Resource Status updates are separately routed and handled via SAM Server 2 Notes SAM natively provides a method for Fail Over and Load Distribution SAM client and resource configuration files allow you specifically identify and poi
56. System Settings Tab on page 70 for more information 34 Chapter 3 Installation NOTE HP recommends that you add the HP SAM web server to the Trusted Sites list On the access device open Internet Explorer and go to Tools gt Internet Options gt Security tab If a firewall is installed you need to make appropriate changes to allow the HP SAM server client through For example if HP Sygate Security Agent is installed add a rule to allow port 3389 for application IEXPLORE EXE To use the Web Client on an access device running Windows XP 64 bit you must use Internet Explorer 32 bit HP SAM ActiveX Controls The HP SAM ActiveX controls are stored as source for distribution on the HP SAM web server during the web server installation process If the HP SAM ActiveX controls are replaced on the HP SAM web server during an upgrade the HP SAM client is automatically upgraded to the newer version the next time the access device connects to the HP SAM web server The HP SAM ActiveX controls support RDP 5 0 only even if RDP 6 0 or later or RGS is installed For the HP thin client running Windows XP Embedded or Windows Embedded Standard the installation of the HP SAM ActiveX components may be repeated every time the access device is rebooted if it is not saved as part of the thin client image Use the Web Client Controls installer found in the HP SAM SoftPaq so that you do not need to download and install any controls automaticall
57. Windows 2008 R2 24 Chapter 2 Requirements 3 Installation Order of Installation New Installation For new setup the recommended order of installation is 1 AE a oS Upgrade Install the HP SAM Web Server and SQL Software on page 26 Install and Validate the HP SAM Registration Service Software on page 29 Install and Validate the HP SAM Client Software on page 33 Deploy the HP SAM Registration Service to All HP SAM Computing Resources on page 49 Deploy HP SAM Client Software to All HP SAM Access Devices on page 50 To upgrade an existing setup the recommended order of installation is 1 2 3 6 Backup the database Shrink the database See steps below Stop Internet Information Services IIS or just the SAM website on all HP SAM servers This temporarily suspends all HP SAM activities Upgrade HP SAM servers choose to install the HP SAM database as well as the HP SAM web administrator You must install both so that the database structure will be updated to work with the latest version of HP SAM Upgrade HP SAM Registration Service on all computing resources then restart the service or the entire system Upgrade HP SAM clients To shrink the database 1 Truncate the Auditlog and History tables a Open SQL Server Management Studio and expand the Databases folder Right click on SAM database and select New Query c In the query tab on the right type Truncate Table Auditlog
58. Y Administrator s Guide HP Session Allocation Manager HP SAM v 3 2 Copyright 2007 2010 Hewlett Packard Development Company L P The information contained herein is subject to change without notice Microsoft and Windows are trademarks of Microsoft Corporation in the U S and other countries The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services Nothing herein should be construed as constituting an additional warranty HP shall not be liable for technical or editorial errors or omissions contained herein This document contains proprietary information that is protected by copyright No part of this document may be photocopied reproduced or translated to another language without the prior written consent of Hewlett Packard Company The MIT License http sourceforge net projects expat http www opensource org licenses mit license php Permission is hereby granted free of charge to any person obtaining a copy of this software and associated documentation files the Software to deal in the Software without restriction including without limitation the rights to use copy modify merge publish distribute sublicense and or sell copies of the Software and to permit persons to whom the Software is furnished to do so subject to the following conditions The above copyright notice and this permission notice shall b
59. a E EEE apace epansdannabe kd ylegroangd ebeedendesendenenestettentoednccanndes 2 ONE OE E E E E renrcraiaia ie 3 How HR SAM Works oieee a a E a AR 4 HP SAM Software Components ccccaicsnnuniver cian sani ncnbarisheanimset ateena nineteen 6 Remote Graphics Software RGS ccccccccseseceeeeseeeeeeneeeeeeeeeeceeeeeeseseeeeseaeeeesenaseeenaaes 6 Common VS ha caats Atichatocnasetaneh a a anne E E E concen Memaasmncanaaetta E 7 Setting Up HP SAM ans seconsssnnesvoredeug cosine oad epade epnde danny sn kladngaaenclsenedenege denchene danieneaedsnecstets 7 Setting up a User with a Dynamic Resource ccccccccceeseeeeeeeeeeeeseeeeeeeeeeeeeeseeeestiseeetiaes 7 Setting up a User with Static Dedicated Resources cccccsceceeesceeeeseeeeesteeeeeseseeeeeees 9 Configuring a Monitor Layout for a User jiasoicxicieasanstrnuidareeneneusennarunaumes 10 2 Reguiremenis oiiisie sisiesssiedesnsvasseiasnendivwscanen Janes oaaao a s aa ais 12 HP SAM Hardware and Software Requirements i cccccesssecsecerstcessesseeessoscesvaentecensessondantiersnnenss 12 Architectural Considerations and Best Practices for Setting up an HP SAM Environment 12 Domain Environment Requirements for HP SAM ss cccceeseeeeeeeeeeeeeeeeeeeeneeeeenteeeeesaes 15 HP SAM Web and SQL Server Requirements ccssccecceseeeeereeeeeeenseeesetseeeseteeensaes 15 HP SAM Registration Service Requirements cccccceccceseeeeeeeeeeeeeeeeceeeeeeeeeeaaaeeeseteeeeeeees
60. aaceaeeeeeeceeeeccececeaaeaeeeseeeeceeeeeeaaeaaaaeaeers 66 Policies Tabi Baarsa vansiectetsnd oatetentermas oinsiatobtaae banateaaiovebbeni perc enentesiaasanltuaneh naar purneeerncane 68 System Settings EI ich seas ctnnstvaeaiai iia diane nti ea Nba alee apse iia i E 70 Repons Tabi zirenean e E a ni E a E E E E E E E EEEIEE 75 log Te ep e E E E E 78 Setting Up Smart Card Logon on the Access Device cccceessccecsesneeeeeeenseeeecseeeeeeeneseeeeneeaeees 79 Configuring Session Time Limits for Remote Sessions ccccceececceeeeeteeeeeeeneeeeeessneeeeeseeteeeeesaaes 80 Session Timers for LINUX w vasnordsasehenaceduakwnriewsntconexelawanadoammvesnenaedtasternseconesneirinateiecarbiachorsasuenee 82 vi Resource Reservations AKA Access Restrictions ccccceccccsscceccueceeseeccecuecceseseceeuceesueceeeneeeeanees 82 Authenticate Before Allocation acccancasiewnrieeetienbserena oraabns Hee ea aaa 83 Appendix A Firewall Rules sssssssissssssssssssssisousssssssssssdsdsssesssressdsssssossssssisssssssssnsesssssssssstosssss 85 Ne VS srren e e a a E 85 E E A staat at celle ite 2S va es delineated Ca elev 85 RESOUNCES sip ire ersen erari E i EE a E a Sarena EE ER IE E EE EEIE ENARE NE EN EEEREN E 85 SOLSET E E cores scak antes 86 Appendix B Frequently Asked Questions ssesoseoossssssosssssessecsscsssosssossesscossesssosesossossossee 87 Appendix C Registration Service Error Codes sssssssecosesosesossecossossecossossseo
61. ades are unavailable for user connection through HP SAM within the scope of that role gt To change the setting click the link for the role select or clear the check box in the dialog box and then click Save o If the Enabled check box was cleared New user connection requests to this role are denied by the HP SAM web server Current active connections are left as is Disconnected users are not permitted to reconnect back to their disconnected sessions Chapter 4 Administration Public column o If selected the role is available for all users in Active Directory o If not selected then the role is only available to user s in that particular role access list o To change the setting click the link for the role select or clear the check box in the dialog box and then click Save Access Restriction column Shows a summary of the resource reservations that have been added to the role Create button Click to create a new role that you can assign to resources Delete button Click to delete selected roles Manage Asset Groups The HP SAM administrator or domain administrator has full rights to all Asset Groups in the HP SAM server Asset Groups allow full HP SAM Administrators to limit or hide objects resources users etc that other administrators are allowed to see and manage Clients Resources Users OUs SGs Roles Monitor Layout IDs Policies Logs Reports The HP SAM administrator or domain administr
62. ate via multiple SAM servers e In this Option the SAM Resource Allocation requests from the Client Devices are separately routed via SAM Server 1 This allows the SAM Resource Status updates to be isolated by routing via SAM Server 2 This separation allows for load distribution of SAM functionality where by isolating the SAM Resource Status updates in order to maintain a more accurate Resource Status If SAM server 1 goes down manually re sync SAM server 2 against the SAM database to acquire the blade resource data faster The SAM configuration role assignment etc will exist on the 2 SAM server via replication method established 18 Chapter 2 Requirements invent Client Devices on SAM Resource Allocation Requests Load Balancer s SAM Resource Status SSS via blade service _ ___ communication T 5 Ss HP SAM Server 1 HP SAM Server 2 g g SAM Server 2 x SAM Server 2 x O5 Z liS us fe QE 3 8 3 3 Database Cluster Node 1 Active Node 2 Active Passive Heartbeat Pre connect Check Shared Disk Array Port 47777 Port 80 SAM Resources Remote Computing Solutions HP Blade PC Blade Workstation amp VDI Notes SAM natively provides a method for Fail Over and Load Distribution SAM client and resource configuration files allow you specifically identify and point your clients and resources to communicate via multiple SAM servers e In
63. ator also creates the administrative groups Administrator groups can be assigned to control one or more asset group Users within each administrator group can control all assets in the Asset Groups identified Administrators will only be able to see assets associated with Asset Groups they control NOTE The HP SAM administrator or domain administrator has full rights to all Asset Groups in the HP SAM server Asset Group column A list of all asset groups Description column You can change the description for each asset group if the name by itself does not clearly explain what it is or to further differentiate it from the other asset groups Create button Click to create a new asset group You may also remove an asset group by selecting it and clicking Delete HP SAM Administrative Console Tabs 55 Manage Administrative Permissions 56 NOTE You must have full HP SAM Administrator permissions to Create modify or delete an Administrator group Assign users to an Administrator group The following have this permission HP SAM Server administrators Domain administrators Domain users assigned to Administrator Administrator group in HP SAM Use this window to customize permissions for differing levels of administrator access After you create administrative levels to grant user access you must add the users to the Administrator groups you created NOTE If you assign a user to multi
64. aunch the HP SAM client your saved settings will take effect Additional settings can be set by manually editing the SAM files configuration files 1 The HP SAM connection client searches first for the user specific SAM file hprdc sam 2 It then checks the access device file hprdc_accessdevice sam in the folder in which you installed HP SAM Parameters found in the access device file replace or are added to the merged file 3 Then the connection client checks the global file hprdc_admin sam in the same folder Parameters found in the global file replace or are added to the merged file Refer to Configuration Settings on page 38 for a list of the options available for the Windows based client Linux Based Client Different procedures are used to install the Linux Client onto the following platforms e HP Blade Workstation Client Series on page 36 e HP ThinPro GT Client for the HP gt7725 Thin Client on page 37 e Red Hat Enterprise Linux RHEL Client on page 38 HP Blade Workstation Client Series The HP SAM client is delivered preinstalled on the HP Blade Workstation Client series To upgrade to a newer HP SAM client go to www hp com click software amp driver downloads select the appropriate client select Workstation Blade Client Embedded OS and reimage the client Customization Steps Recommended 1 Start up the HP SAM client 2 Type the HP SAM web server name 3 Type the username and domain This ste
65. bar is displayed at the top of the window This window allows the user to minimize during a full screen session This value is only supported for RDP connections Default is 1 FullDrag 0 or 1 If 1 window contents are shown while a window is dragged This value is only supported for RDP connections Default is 1 Chapter 3 Installation Themes 0 or 1 If 1 Windows XP themes are shown in the session This value is only supported for RDP connections Default is 1 Animation 0 or 1 If 1 menu animation is shown in the session This value is only supported for RDP connections Default is 1 Caching 0 or 1 If 1 RDP bitmap caching is enabled This value is only supported for RDP connections Default is O AutoReconnect 0 or 1 If 1 RDP reconnection is enabled Not recommended for an HP SAM solution This value is only supported for RDP connections Default is O MapDrives 0 or 1 If 1 local drives are made available to the remote session This value is only supported for RDP connections Default is 0 MapPorts 0 or 1 If 1 local serial ports are made available to the remote session This value is only supported for RDP connections Default is O MapPrinters 0 or 1 If 1 local printers are made available to the remote session This value is only supported for RDP connections Default is 1 for Windows and is not supported with the Linux Client and Blade Workstation Client series MapSmartcards 0 or 1 If 1 local sma
66. bled so the client automatically connects when the user inserts the smart card gt Cryptographic service providers CSP Type the name of the CSP that supports the smart card solution you select when configuring smart card logon This value represents the identifier of the cryptographic service provider CSP to use Use the Create Edit or Delete buttons to take the appropriate action for this value Active Directory This page sets the system link to Active Directory services to retrieve user account information e External Select this option to search all domains amp NOTE Clearing this box will not prevent users in other domains from appearing when searching on the Add New Users page of the HP SAM administrative console It will however prevent HP SAM from allocating resources to those users when logging in via the HP SAM client e Server Query Time Limit Type the time out value for HP SAM to wait while Active Directory server extracts account information The HP SAM web server retrieves user account information as it is returned from Active Directory server within this time limit Increase the value only if you have been instructed to do so on the HP SAM administrative console on the Add New User page 72 Chapter 4 Administration Auto Schedules NOTE These schedules can now be found on the Auto Schedules page instead of the top menu Resource Synchronization Scheduler To schedule when to run the synchr
67. computing resources such as blade PCs e Administrative rights on the HP SAM web server e Domain user not a local administrator NOTE HP highly recommends that you type a name and password from a service account not gny you typ p from a personal account You should change this account name and password as infrequently as possible to minimize interruptions to HP SAM In order to install the HP SAM web administrator component the Service Account name used must match the name listed in Active Directory including the localized characters in that name such as 6 Gor Use the HP SAM Configuration Utility found in the Start Menu on the HP SAM Server to change the service account password for HP SAM if the password of the service account has been updated You have the choice to install the HP SAM web application only the HP SAM SQL database only or both Both are required for HP SAM to operate The default is both Click on the pull down arrow next to HP SAM Web Site or HP SAM Database to see the list of options A CAUTION Do not clear HP SAM Web Site from this list when you perform an upgrade if you want to keep the HP SAM Web site and the SQL database installed on the same server Clearing the HP SAM Web Site will remove the HP SAM Web Site from the server Leave the default installation folder as is or click the Browse button to change it Click Next to continue Type the SQL server name and either the NT authentication or t
68. d and must be defined in the configuration file Default is 1 EnableDomain integer value 0 1 or 2 When set to 1 the Domain box on the main application dialog is visible If set to O the field is not displayed If the field is turned off the domain specified using the DefaultDomain setting is applied unless the username is entered in UPN or domain username format with a different domain If set to 2 the field is visible but cannot be edited The domain set via DefaultDomain is always in effect and cannot be overridden using UPN or domain username format Default is 1 KioskMode integer value Not valid for Blade Workstation Client series When set to non zero the user interface is altered for use in a kiosk mode environment Valid values include o Bit 1 Enable disable the Cancel button if 1 disable o gt Bit 2 Enable disable the Minimize toolbar button if 1 disable o Bit 3 Enable disable the Close toolbar button if 1 disable Default value is O all features are enabled For example to turn off the Cancel and Minimize buttons and leave the Close button on set the value to 3 DisplayShutdown integer value O or 1 When set to 1 an action button is added to the client user interface to enable the user to shut down the access device This is the same button created by the DisplayShutdown DisplayRestart and DisplayLogoff options If the button already displays from another option setting the Shutdown op
69. d ascending Select More Than One Item The top left side of the result grid includes a check box e To select all items on all pages not just the page shown select this check box e To clear all boxes on all pages not just the page shown clear this check box Log In 51 Managing the HP SAM Administrator Access List The Domain Administrator Domain Users in the Administrators group on the domain controller and Domain Users in the HP SAM server Local Administrator Group are automatically members of the HP SAM Administrator Group To add another user to the HP SAM Administrator group see To Assign Attributes on page 57 Add Individual Users to the HP SAM Administrator Group If you are adding only a few users add the names directly to the HP SAM Administrator group 1 Go to the Add New Users page 2 Set Search By to Users 3 If you want to filter to a specific domain in the Domain name list select the domain or select Global Catalog for all domains in the same Active Directory forest the HP SAM server is in 4 Type one or more of the parameters as shown in the following examples a Last Name Search is performed by last name when entering characters First name Characters entered after a comma is typed initiate a search by first name You can also search by first name and last name by entering a space Characters before the space initiate a search by first name Characters after the space initiate a search by last name
70. dware Requirements Minimum x86 compatible server such as an HP Proliant server with e Processor Pentium 4 1 0 GHz e Hard drive 10 GB requires more if hosting both web server and SQL database e System memory 1 GB per 2 000 resources HP SAM Hardware and Software Requirements 15 HP SAM Web Server Software Requirements NOTE The HP SAM Web server software is not supported on a server running Windows 2008 R2 Server This operating system is not available as a 32 bit edition and the HP SAM Web server software cannot run on a 64 bit OS Minimum One of the following operating systems must be installed e Windows Server 2003 R2 Standard Edition with Service Pack 2 e Windows Server 2003 R2 Enterprise Edition with Service Pack 2 e Windows Server 2003 R2 Web Edition with Service Pack 2 e Windows Server 2008 Standard Edition e Windows Server 2008 Enterprise Edition e Windows Server 2008 Web Edition NOTE A 64 bit operating system is not supported on the HP SAM Server You must install Microsoft NET Framework Version 2 0 for the HP SAM Web Server to function It is recommended that Microsoft NET Framework 2 0 is installed after IIS for appropriate asp net registration If your domain controller is running Windows Server 2008 and its Domain Functional Level is set to Windows 2008 mode you must install the NET Service Pack 1 patch for the HP SAM web administrator to work properly HP SAM SQL Database
71. e Therefore when Mai requests connection to an abcde computing resource HP SAM automatically Common Tasks 7 8 connects her access device to one of the three blade workstations presuming one is available supporting that role Chapter 1 Introduction Setting up a User with Static Dedicated Resources Dedicated static resource assignment allows one or more specific computing resources to be assigned to a user and it allows one or more computing resources to be assigned as backup Support for Static roaming allows users to work from other locations The differing display configurations can be stacked on the client desktop to provide full access with fewer monitors Figure 1 3 Static Dedicated Connection Example 16 2 76 102 RGS or RDP 15 2 76 101 a User tom 15 2 76 100 In Figure 1 3 Static Dedicated Connection Example on page 9 we need to grant user Tom access to a specific computing resource A blade PC has been configured to support Tom 1 We assign blade PC 1 with an IP address of 15 2 76 100 to Tom See To Assign Resources Manually on page 58 2 To make sure Tom has a computing resource even if blade PC 1 is down we assign blade PC 3 with an IP address of 15 2 76 102 to act as backup to blade PC 1 See To Assign Resources Manually on page 58 Now regardless of what client computer Tom uses he is automatically connected to blade PC 1 at address 15 2 76 100 If blade PC 1 fails Tom
72. e O or 1 Allows user to use smart card to enter credentials and log on If UiMode 0 or 1 user has option of using smart card to log on If UiMode 2 user must log on with smart card See UiMode in User Interface Customization Settings on page 42 Default is 1 allow e SmartCardRequiresClick integer value O or 1 Set fo 1 to require that the user click Connect after a smart card is detected Changing this to O automatically initiates a connection when the user inserts a recognized smart card Default is 1 e SmartCardCSP string value The CSP to use for accessing the smart card This must match exactly the name of the CSP installed on the machine Default is ActivCard Gold Cryptographic Service Provider For example for ActivClient 6 x use ActivClient Cryptographic Service Provider e SmartCardUidType integer value 1 or 8 The Type field in the smart card certificate properties enumeration to use for determining the user UPN name Value of 8 is CERT_NAME_UPN_TYPE If set to 8 you must specify SmartCardUidOid Default is 1 CERT_ NAME_EMAIL_TYPE Install and Validate the HP SAM Client Software Al SmartCardUidOid string value The OID associated with the entered SmartCardUidType Not all Types require an OID An entry is required is SmartCardUidType 8 Default is blank SmartCardAutoDisconnect integer value O or 1 If set to 1 automatically disconnect the session when the smart card is removed
73. e Backup column click either Role or Resource for the user To select a role A Select a role to assign as a backup for the user and then click Save To select a resource a Type the IP address or host name of the backup resource and then click Search b Select the resource to act as the backup and then click Save To remove everything on this row dedicated resources backup roles and backup resources click Remove in the Operation column To remove the backup resource or role only a Click the backup role or resource in the Backup column b If removing a role click the Role button and then clear the check box of the role you want fo remove c Click Save d If removing a resource click the Resource button click Search and then clear the check box of the resource you want to remove e Click Save 11 Click Close To Assign Resources Automatically from Template User 1 2 3 Click Manage users Search for user s Select the check box next to the appropriate name s NOTE Multiple users may be selected YOU A Select Assign Resources from the Operation list and click Go Select Assign Resources from Template User Select the template user from the list Click Continue HP SAM Administrative Console Tabs 59 NOTE A message will be displayed if you attempt to assign resources to a user who already has resources or if the primary roles do not have enough resources available The
74. e included in all copies or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM DAMAGES OR OTHER LIABILITY WHETHER IN AN ACTION OF CONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE Copyright 2006 by the Open Source Initiative Technical questions about the website go to Steve M webmaster at opensource org Policy questions about open source go to the Board of Directors The contents of this website are licensed under the Open Software License 2 1 or Academic Free License 2 1 OSI is a registered non profit with 501 c 3 status Donating to OSI is one way to show your support Part of the software embedded in this product is gSOAP software Portions created by gSOAP are Copyright C 2001 2004 Robert A van Engelen Genivia inc All Rights Reserved THE SOFTWARE IN THIS PRODUCT WAS N PART PROVIDED BY GENIVIA INC AND ANY EXPRESS OR IMPLIED WARRANTIES NCLUDING BUT NOT LIMITED TO THE MPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED N NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT NCIDENTAL SPECIAL EXEMPLARY OR CONS
75. e user disconnects or logs out the HP SAM registration service updates the HP SAM Web server with the new information Introduction WYS Ww S00 pen pe zon puAE_ nok WY i pepuawwooa sy vonenaba Du epang yy o H Ozyas oN papua wu JSV ae niaan POREUS SOAS EILO PIOMSSEG PANDI 20 IUNIO WS IUJ eusqam yS C1 peppy e 9q 0 dno sasn d poreyndod O vS cA poppy BAAP 59008 pue 6 20 epeiq wey Dupo ey p 204 pauntyuco F PIYLU P IQ ON SUONIGOXA H ES PSAE PES ENO ONGI uod B i f ssn URWOG se paean QOM INYS su o PAPOEA paranana d a Pie ana us 9 unusu Suawasnbey vopunbyuoy wnususy CJ moj a6esn 2 6yU0D WYS dH 19A9 4S1H e 6 HP SAM Software Components The following are the primary components of HP SAM e HP SAM Client The HP SAM Client runs on the access device and displays the graphical interface employed by the user to request a connection from a client computer to a computing resource When the user requests a connection the HP SAM client communicates this request to the HP SAM Web Server for execution e HP SAM Web Server The HP SAM Web Server web server runs on Windows Server 2003 or 2008 and manages the operation of HP SAM A request is made to the web server when a user on an access device requests a connection to a computing resource The web server validates the request and then communicates back to the access device to orchestrate the connection In addition the web server supports a browser
76. e user to that same session i e follow me roaming If the user has no existing desktop session the HP SAM Web server checks its internal database to see what resources are available and connects the user to an appropriate resource b Ifthe user has more than one role or resource assignment they will be prompted to choose c The data returned to the HP SAM client contains the IP address es or Host name s depending on how it is configured on the HP SAM Web server of the appropriate resources d If no computing resource is available the HP SAM client informs the user The HP SAM client connects to the appropriate desktop session NOTE HP SAM uses HP Remote Graphics Software RGS or Microsoft Remote Desktop Protocol RDP to connect between access devices computing resources and OUs The user is then prompted at the logon screen for the password The user name and domain is prepopulated by the HP SAM client This step is omitted if the user has already entered the password on the HP SAM client and either RDP is used or RGS in Single Sign on mode is enabled NOTE With RDP RGS 5 1 or later or Authenticate Before Allocation see Authenticate Before Allocation on page 83 HP SAM allows users with expired passwords to log on They are then required to update their passwords immediately Once the user logs in the HP SAM registration service on the computing resource reports back to the HP SAM Web server Once th
77. ed box e Scheduled Start Date Select the date when the event is to start e Scheduled Time Select the time when the synchronize operation is to run Check as many as appropriate e Scheduled Day Pick one of the options below Daily Type the number of days after which the event is to recur o Weekly Type the number of weeks after which the event is to recur and on which day s of the week it is to recur e Clear Options o Delete entries older than Type the number days to keep entries and delete if older Delete types Check Information Warning and or Error to delete HP SAM Administrative Console Tabs 73 Delete without saving Select this if it is okay for the data to be permanently deleted o Save as CSV file and then Delete Select this to save to an external text file before deleting the data permanently Type the file path where you want to store the CSV file Log Off User from Resource Scheduler To schedule when the system will forcibly log off users from their resources set the timer as instructed below and click Create or Update NOTE A certificate from the domain certificate authority must be installed on the HP SAM website in IIS for this feature to work e Auto Schedule Event To turn it on check the Enabled box e Scheduled Start Date Select the date when the event is to start e Scheduled Time Select the time when the logoff operation is to run Check as many a
78. ed resource to a user that blade is no longer available for allocation in the dynamic role to any other user even if the current status is Available With the exception of the template user it is highly recommended that dedicated resources not be assigned to a dynamic resource role which will then help you accurately track Available and In Use resources To Assign Resources Manually 58 1 2 3 Click Manage users Search for the user from the HP SAM database Select the check box next to the appropriate name amp NOTE To assign resources manually select only one name 4 Select Assign Resources in the Operations field and then click the Go button to open the Assign Resource to User s window Select Manually Assign Resources and click Continue If you want to assign a dedicated resource to the user a Click Add b Type the IP address or host name of the resource c Click Search to search for resource to assign d Select the resource from the list Chapter 4 Administration 10 e Click Save to change the resource assignment f Repeat a for each additional resource to be assigned to the user If you want to change the friendly name for the resource click the link in the Friendly Name column and then type a new friendly name for the resource in the Update Friendly Name window The default friendly name is the resource host name If you want to assign a backup for the dedicated resource in th
79. ed web client What s going on Verify that the server is up and running and your firewall is enabled to allow port 3389 for IEXPLORE EXE Why is my client not switching to the failover server in my list Make sure the FAILOVER 1 is defined in your SAM file Why are my users being asked to reconnect using the HP SAM client every time there is a network glitch Why are my settings not working as set them on the client side Why does my user have to type the password twice every time to log onto a computing resource The Auto Reconnect setting is set to OFF If your network is set to log your users off when they are disconnected or timed out any network glitch that disconnects a user or times the user out will also log the user off Another user could then connect If the Auto Reconnect setting is set to On the original user might then automatically reconnect and bump off the new user HP recommends that you set Auto Reconnect to OFF The settings on the client side may have been overridden by forced settings on the HP SAM server in the Policy tab Also settings not valid on the protocol used are ignored This should not happen The Active Directory policy is requiring the user to log onto the blade interactively Either disable this policy or remove the Password box from the HP SAM client by setting PasswordEnable 0 in the SAM file This could also be caused by using RGS in Easy Login or Default mode got an erro
80. eeeeeeaaa 20 Access Device Requirements ssseeeeceeececeececeececaecaaeeeeseeeeeceeeeececeeeceeecueceaaaaenneteeeeeteeeeeeeeess 21 Thin Client meissa reo aca a E AR N E ee neiaeeR oer 21 Mobile Thim Client sates sh tanec icase elses tne hime E E AT naan 22 Des MopeGr MGIEDOGK d OR 22 Blade Workstation CNeits anisnudene eater sianne tera aaa incase mean 22 Personal Workstation Clients es asc leraestocenrbseche isa bon eee te wean oteiseeinalbanbehaidaane 22 KCTS CINTA gaa thogenseocostarosecestrn carota peta dood to saeea bn vamekanmpeetaucemsraer ona oneanadee sp earsendonndeotnand ae 23 Create a Service Account ossiani n e E E E EE 23 Obtain Administrative Rights oisicesnnetnshatenansannnedawnn nicduanchsdiebdinmseinsanuibanmnde nebianenalaaaredans 23 Eae ete REA I saist stcrasovirt saaeactmateteinlunnt wovenimnelolivuehidnniuodsaneaaualeneuolbvmiateatnienteidowees 23 Active Directory sae csacandteunnninaiia ve teecuuendedoes ea schatnetwabelwed Gaede E A ERS 23 3 MstallahiOM csere a pa d asda Ve aisis 25 Order of Installation lt sincseos netcsrrsccicrsrvetsaw ateirte beecgnse line tihgtvetaoraelbtan lila on ea navrancdanerdobusuolersnnbtrseienene 25 New Installati n sere pesinee piee nett ees abe a i s Sen 25 Upgrades neran a E E 25 Grant Users HP SAM Administrator ACCESS sssesccceceesceccccusesccecusesesscceaueeseceseaunesecs 28 Configure HP SAM System Settings usarvucrdorsaniachenrienneiennquaedonsvaveneravionsbeeataabennr
81. een connected for the specified period of time e Active But Idle Sessions Allows the administrator to force a disconnection when the user is connected and has been idle i e no mouse or keyboard activity for the specified period of time e Disconnected Sessions Allows the administrator to force a logoff the specified amount of time after the user disconnects either manually or via timers or network interruption e Disconnected Sessions CPU Low Works like the Disconnected Sessions timer above but will not log the user off if the CPU activity is above the specified threshold This timer helps to avoid logging off a disconnect user who has CPU intensive tasks still running e Disconnected Sessions CPU High Works like the timer above except that it will force a logoff if the CPU activity is above the specified threshold This is intended to free up resources which may be stuck in an infinite loop Please refer to the help page man hpstd for more detailed info and additional options Resource Reservations AKA Access Restrictions 82 This feature allows the administrator to restrict when and from where users may access resources It also provides the ability to free up resources as needed for when other users require those resources Role settings now enable the administrator to specify the source IP Address range time of day and day s of the week Users in that role will then only receive a resource from that role whe
82. eger value O or 1 When set to 1 an RDP session is automatically resized to fit when its containing window is resized When set to 0 the window maximum size is that of the remote session and when sized down scroll bars appear This value is ignored for RGS and rdesktop and is only valid in a windowed session Default value is O MapClipboard integer value O or 1 When set to 1 the clipboard will be made available to remote sessions and allows limited cut and paste functionality from the local machine to the remote session or vice versa This option is ignored for with RGS versions prior to 5 2 and with RDP5 When set to O this feature is disabled Default is 1 amp NOTE Enabling or disabling the clipboard in the HP SAM Client UI affects all sessions connected using that client The clipboard setting can be forced using HP SAM policy If the policy is assigned to roles it is possible for a user to have several sessions open simultaneously where some sessions allow copy and paste and others do not NetworkAuthentication integer value 0 1 or 2 When set to 1 the RDP client warns when connecting to a resource that cannot be authenticated When set to 2 the RDP client refuses to connect to an unauthenticated resource When set to O the connection succeeds regardless of the authentication state This setting requires RDP6 and is ignored for RDP5 or RGS Default value is O MapDrivesList string value RDP6 or later onl
83. einstalled RDP protocol files In order to connect via RDP from an access device running Windows XP 64 bit you need to install RDP into a folder other than windows e Windows Vista Business or Enterprise 32 bit or 64 bit with Service Pack 1 or later e Windows 7 Professional or Enterprise 32 bit or 64 bit e Linux RHEL4 32 bit or 64 bit update 5 or later e Linux RHEL5 32 bit or 64 bit update 2 or later e Linux RHEL6 32 bit or 64 bit Install and enable one or both of the following e RGS Receiver 5 1 3 or later e RDP Blade Workstation Clients Hardware Requirements e HP Compaq Blade Workstation Client e HP dc72 Blade Workstation Client e HP dc73 Blade Workstation Client Software Requirements e Blade Workstation Client series with RGS Receiver and HP SAM client in the image Personal Workstation Clients 22 Hardware Requirements e HP Personal Workstation Chapter 2 Requirements Software Requirements Windows XP Professional 32 bit or 64 bit with Service Pack 2 or 3 Windows Vista Business and Enterprise 32 bit or 64 bit with Service Pack 1 or later Windows 7 Professional or Enterprise 32 bit or 64 bit Linux RHEL4 32 bit or 64 bit update 5 or later Linux RHEL5 32 bit or 64 bit update 2 or later Linux RHEL6 32 bit or 64 bit Other requirements Create a Service Account The HP SAM Web server must run under a domain user account in which it can execute the HP SAM services on the local server
84. elect in which group or groups you want to perform the search Filter Options You can narrow the list of users shown by using the filter options The filter option is based on AND combinations so the more boxes you enter the narrower the list of users shown o Name Type the name to search for o Role Select the role to search within Names with square brackets around them are Administrator groups for example Administrator Names without brackets are resource roles e Asset Group Show users or groups that belong to a specific asset group o First Name Type a first name by which to search o Last Name Type a last name by which to search gt Domain Name Type a domain in which to search To perform any of the operations listed below 1 2 3 Select the appropriate user s Select the task to perform from the Operation list Click the Go button To Assign Attributes On this page you can modify the roles and asset groups assigned to a user assign a policy and assign an Administrator group to a user To assign attributes to a user 1 2 3 4 Set the appropriate filter options for example filter the role from the list Click Search Select the check box next to the appropriate name s From the Operation list select Assign Attributes and then click Go to open the Assign User to Policy Role window If you want to assign a policy to a user select the policy from the Policy lis
85. er whose Security Group has been added to HP SAM from a child domain receive the error Your account cannot be assigned to any existing roles Answer The user may see this error when logging into HP SAM using his username in UPN user domain dom format When UPN is used HP SAM checks the global catalog for group memberships in Active Directory Local and Global Security Groups are not visible this way The administrator has two options either change the Security Group to be a Universal Security Group or instruct the user not to use UPN format when logging in restored my HP SAM database from tape backup after the HP SAM SQL server was recovered from an unexpected failure Is a synchronize operation enough to get all the latest status for all computing resources Appendix B Frequently Asked Questions It depends on when the database backup was performed New computing resources may be registered after the last backup was performed If so those computing resources do not exist in the backup data The synchronize operation works only on computing resources the system is aware of If the status of those computing resources was offline disconnected or online when the SQL server went down then you must find those computing resources and add them back to the HP SAM system To do that stop and restart the registration service on those units When in doubt stop and restart the registration service on all of the computing
86. es roles monitor layout IDs policies logs and reports that is under the control of an administrator group Client An access device that sends requests to the HP SAM web server to get an available computing resource to which to connect CSP Cryptographic service provider A software library that provides hardware and software based encryption or decryption services Computing Resource A desktop session a computing resource such as a blade PC or a Blade Workstation or a virtual machine Data Center A grouping of enclosures in HP SAM which enables saving of enclosure passwords which is needed for the client side power cycle feature Dedicated Resource Specific computing resource s assigned to a user Also referred to as a Static Assignment Description blade Usually given to the blade by the blade manufacturer It can be changed if desired Follow me roaming Capability for the user to connect and reconnect to the same session while using different access devices in different locations Gateway See web server Global Policy Sets all users connection environment It can be overridden by Group or Individual Policy assignments Group Policy Sets connection environment for a group of users This policy overrides Global but can be overridden by individual policy assignment Individual Policy Sets connection environment for a specific user This policy assignment overrides group which overrides global pol
87. ewlett packard SAM webclient images LANG disclaimer lt file type gt amp NOTE Windows Replace LANG with the appropriate folder name for the language desired EN for English JP for Japanese FR for French DE for German KO for Korean or CN for Simplified Chinese Linux Client and Workstation Client OS Replace LANG with a folder name that directly correlates with the keyboard locale that has been chosen during setup or later For the US English en_US UTF 8 is the correct locale For other keyboards locales refer to the table below for the folder names needed For the Workstation Client Series it s driven off etc kbd_lang table and it shows up in the About Box you can get from the right click menu on the desktop fr_BE UTF 8 Belgian French Fran ais Belgique en_CA UTF 8 Canadian Fran ais Canadien zh_CN UTF 8 Chinese Simplified zh_TW UTF 8 Chinese Traditional da_DK UTF 8 Danish Dansk nl_NL UTF 8 Dutch Nederlands en_US UTF 8 English International en_GB UTF 8 English UK en_GB UTF 8 English UK Extended en_US UTF 8 English US fi_Fl UTF 8 Finnish Suomi fr_FR UTF 8 French Francais Chapter 3 Installation de_DE UTF 8 German Deutsch it_IT UTF 8 Italian Italiano ja_JP UTF 8 Japanese ko_KR UTF 8 Korean nb_NO UTF 8 Norwegian Norsk pt_PT UTF 8 Portuguese Portugu s pt_BR UTF 8 Portuguese Brazil Portugu s do Brasil es_ES UTF
88. fault is O Chapter 3 Installation Global and Local Client Configuration Files This feature allows administrators to lock down certain options while allowing other options to be altered by users There are three levels of files e Global hprdc_admin sam e Local hprdc_accessdevice sam e Personal hprdc sam The order of precedence is e Personal file is read first o o XPe Anywhere on file system double click hprdc sam XPe search locations used in this order when one is found it stops looking AppData Default for XP C Document and Settings lt username gt Application Data hprdc sam Default for Vista or Windows 7 C users lt username gt AppData Roaming hprdc sam Install directory Default C Program Files Hewlett Packard HP Session Allocation Client hprdc sam SystemRoot Default C windows Workstation Client OS file location root user hprdc sam Linux Client root hprdc sam for the root user home lt username gt hprdc sam for other users e Parameters in the local file override the personal parameters o XP file location is the install directory Default C Program Files Hewlett Packard HP Session Allocation Client hprdc_accessdevice sam Workstation Client OS file location opt hpsam hprdc_accessdevice sam root writable opt hpsam hprdc_accessdevice sam Linux Client opt hpsam hprdc_accessdevice sam e Parameters in the global file override the personal and local
89. he SQL authentication User Name and Password The SQL user account needs the ability to create a database on the SQL server for proper installation of the application If the HP SAM database does not exist the installation creates one If the database already exists then the installation links the web server to the HP SAM database server Click Next on the Web Resources Configuration screen Select New Web Site for new web installation or select Existing to install on an existing website or to upgrade HP SAM 10 Click the IP Address list and map the website to the appropriate IP address 11 Click Next to run all tests We recommend that you run all of them to ensure proper installation Diagnostic tests are now run during the HP SAM web server installation These tests check for common configuration or environment problems that can lead to unsuccessful HP SAM installations HP SAM Service Account permissions operating system SQL Server and NET Framework version support domain environment support and Windows Firewalls settings are checked 12 Click Next to start the installation or click Cancel to exit 13 Click Finish when the installation is complete Install the HP SAM Web Server and SQL Software 27 14 If your network environment uses a hardware and or software firewall then you need to make the following changes to the firewall for the HP SAM web server and or SQL server e Web server o Incoming From access de
90. he computing resource is found select the Resources tab and select Synchronize from the Operation list and click Go NOTE If the computing resource is marked offline after the synchronize operation this typically means the HP SAM web server is unable to communicate to the computing resource Check the firewall setting on the computing resource to make sure it allows incoming on port 47777 or the HP SAM registration service You can find out if the firewall is blocking the necessary traffic by disabling the firewall temporarily and then enabling it again later Install and Validate the HP SAM Client Software HP SAM includes the following clients e Internet Explorer based client e Windows based client e Blade Workstation Client series e Linux based Client The HP SAM client requires that RGS on the Windows based client Blade Workstation Client series or Linux Client and or Remote Desktop Connection or rdesktop for Linux all clients except the Blade Workstation Client series be functional on the access device NOTE The Linux based Client does not support versions of rdesktop previous to version 1 3 1 There are differences in features between the various HP SAM clients Install and Validate the HP SAM Client Software 33 Table 3 1 HP SAM Client Comparison Features Internet Windows XP Blade Linux Based Explorer Based Embedded Workstation Based Client Embedded OS Based Operating System Windows XP Wind
91. her policies The default sets the Auto Reconnect box to Off This ensures multiple users do not attempt to log onto the same blade at the same time When a network failure or something similar occurs the user may unknowingly have been logged off that resource depending on the network and AD group policy settings HP SAM may allocate that computing resource to another user If the auto reconnect feature is turned on the original user reconnects to this computing resource which could potentially have been allocated to another person If this is not a concern then change Auto Reconnect to an appropriate value Table 4 1 Effective Hierarchical Policy Example Parameter Global Role OU SG1 SG2 User Effective P1 ON Not Assigned Not Assigned Not Assigned Not Assigned Not Assigned ON 1P2 ON OFF Not Assigned Not Assigned Not Assigned Not Assigned OFF P3 ON OFF ON OFF Not Assigned Not Assigned OFF 2P4 ON No OFF Not Assigned Not Assigned Not Assigned Not Assigned ON Overrides Allowed P5 ON No OFF No Not Assigned Not Assigned Not Assigned Not Assigned ON Overrides Overrides Allowed Allowed 68 Chapter 4 Administration Table 4 1 Effective Hierarchical Policy Example continued Parameter Global Role OU SG1 SG2 User Effective 3P6 ON OFF ON OFF ON Not Assigned OFF 1 The order of policy assignment is User highest gt Security Group gt OU gt Role gt Global Policy lowest Individual parameters assigned at the User le
92. icy rules Monitor Layout ID Identification name for a collection of settings that controls how multiple sessions are mapped onto the display of an access device and other related settings OU Organizational Unit Policy The policy defines settings to be forced upon users from the HP SAM server It controls the appearance of the desktop taskbar command access sound availability etc There are five levels of policy Global Role OU SG User User settings override SG and so forth Public A public role is one that is accessible to all users in Active Directory Appendix D Glossary Registration Service Sometimes referred to as the blade service this is a service that runs on the computing resources that communicates the status of the resource back to the HP SAM Server Resource A managed computer inside HP SAM which can be provided to a client for the purpose of logging in via RGS or RDP It is also referred to as computing resource or desktop session A resource could be a Blade PC a Blade Workstation or a virtual machine RDP Microsoft Remote Desktop Protocol A multi channel protocol that allows a user to connect to a computer running Microsoft Terminal Services RGS HP Remote Graphics Software RGS is a communication protocol similar to Microsoft Remote Desktop Protocol RDP that allows users to connect to the desktop of a remote computer over a standard computer network In addition RGS has advanced graphics
93. ies or you can specify valid properties for either RGS or RDP In the Show Properties list select either ALL RDP5 RDP6 or RGS to determine which values are active on screen NOTE For more information about RGS refer to your Remote Graphics Software documentation View Effective Policy Use this feature to view the effective policy for a given user See Table 4 1 Effective Hierarchical Policy Example on page 68 1 Click View Effective Policy 2 Type the UPN name of the user 3 Click Go The hierarchical merge of policies applied to the user is displayed amp NOTE You may also select a Role for the user to view the effective policy based on that Role since the effective policy can be different with each Role to which that user belongs HP SAM Administrative Console Tabs 69 System Settings Tab This tab allows the administrator to set how the HP SAM server behaves General 70 This page allows the administrator to define the settings for the entire system Make the appropriate change s and click Save to apply e New Role Settings When a new role is created computing resource self registers with a role that is brand new to the system the flags are set accordingly based on the value assigned o Enabled f selected when a new role is created the role s enable flag is set to checked which means the role is available immediately for allocation e Public If selected when a new role is created
94. in one region and blades in another e As population size increases the HP SAM Server should be local to the blades resources as opposed to local to the users for the following reasons o Because the database of users has to be pulled across the network to HP SAM Server memory the WAN could impact performance if this database becomes too large o If the two servers SQL and HP SAM are in the same data center their communication can occur over the high speed backbone with little to no performance impact from the network e With relatively small population sizes fewer than 3 000 you may place the HP SAM Server local to the users as opposed to local to the blades resources for the following reasons o The database of users being pulled across the network to HP SAM Server is small and impacted very little by the WAN o The local HP SAM Server limits the number of users hitting that server so the server can be smaller Disaster Recovery designs e Multiple HP SAM servers can be configured so that users and resources will failover to another HP SAM server if a server becomes unreachable It is recommended that the HP SAM servers be installed in different locations for a greater likelihood that at least one server will remain accessible Multiple SQL Databases 14 Typically one SQL database should be shared between all HP SAM servers Only in some situations does it make sense to use more than one distinct SQL database e When cus
95. ined Without a role the computing resource is not available for allocation BCO106 Warning Internal service error in communicating with the SCM May affect how the Service Control Manager determines if the service has been started or stopped Contact your HP SAM support team BCO107 Failed to setup timer Internal error possibly due to low memory conditions Close other applications or increase memory BCO108 Failed to setup timer Internal error possibly due to low memory conditions Close other applications or increase memory BCO110 Failed to synchronize time zone information Contact your HP SAM support team BCO111 Failed to synchronize time zone information Contact your HP SAM support team BCO200 Informational service has started BCO201 Informational service has stopped 95 96 Glossary Access Device A device such as a thin client used to access HP SAM to connect to computing resources Active Directory A Microsoft Windows directory service that stores an enterprise s information and settings in a central organized accessible database Active Directory allows administrators to assign policies deploy programs and apply critical updates to an entire organization Administrator Group A group to which you can assign users in order to grant or revoke access to specific capabilities in the HP SAM administrative console Asset Group A collection of access devices users computing resourc
96. ing purposes are captured to tmp hprdc log This option is valid only on the Linux Client Default value is O Failover integer value O or 1 When set to 1 enables the failover capability of the access device If multiple web servers are defined the access device fails over to the next available HP SAM web server when a connection fails Turning this feature on limits the user s ability to type in a new HP SAM server the user still has the ability to choose between web servers defined in the configuration file Default value is O off EnablePublicRoles integer value O or 1 If set to 1 the HP SAM client will show any available public roles for the user to connect to If set to O the HP SAM client will hide public roles Default is 1 show ResetAfterSession integer value O or 1 If set to 1 access device settings including username are reset back to defaults after each session This is useful in kiosk mode to clear previous user settings The default is O DefaultMonitorLayoutID string value The string value designates the Monitor Layout ID to be used by default when logging in from the access device This setting only takes effect when new access devices are registered upon connection To have this setting apply to existing access devices delete them from HP SAM so they will re register AssetGroup AssetGroupList AssetGrouplList refers to another section in the file with a matching name AssetGroupList which has one
97. ing resources from 59 testing registration service 33 Themes 45 thin client hardware requirements 21 software requirements 21 thin client mobile hardware requirements 22 software requirements 22 Titlebar Text 42 U Ullanguage 42 UiMode 42 unable to connect 87 updating policy 69 upgrade installation 25 URL Internet Explorer based client 34 Index 101 user deleting 61 interface 51 interface settings 42 User name field 72 User Sign in Time Out 70 users adding 61 managing 57 removing from Administrator group 53 users and roles 54 v validating HP SAM registration service software 29 view details 63 W Wallpaper 44 web client 71 web server firewall rules 85 hardware requirements 15 software requirements 16 WebServerList 31 Width 45 Windows based client 35 WindowSnapEnabled 44 102 Index
98. ist that you want to add into HP SAM f Click Save NOTE After you have clicked Save you can set SG or OU attributes including Administrator Group If an SG or OU is already in HP SAM the attributes are changed to match what is set here NOTE To make future changes go to Active Directory and add or remove users from those groups You will not need to re add the groups into HP SAM Remove Users or Groups From the HP SAM Administrator Group To remove users from the HP SAM Administrators list navigate to Users and Roles gt Manage users 1 In the Filter Options section from the Role list select Administrator Administrator group names are encased in square brackets for example Administrator Group Click Search Select the check box next to the appropriate names If you want to permanently delete the user s or group s from the system select Delete in the Operation list and click Go 5 If you want to remove the user s or group s from the HP SAM Administrator Group without deleting them from the system perform the following steps a In the Operation list select Assign Attributes and then click the Go button b Next to the Administrator Group select lt blank gt or clear c Click Save to save your changes Managing the HP SAM Administrator Access List 53 HP SAM Administrative Console Tabs Home Tab When you log onto HP SAM the Home tab page is the default HP SAM shows a snapshot of cu
99. lass and Microsoft RDP Client Control The installed location for these controls are in the Y SystemRoot Downloaded Program Files folder E NOTE Use the Web Client Controls installer found in the HP SAM SoftPaq so that you do not need to download and install any controls automatically via the browser This is useful when the access device is locked down to the point where the user is not allowed to install ActiveX controls automatically from the browser Various methods can be used to deploy the Windows based HP SAM client to the access devices Following are two examples e Use software deployment tools such as HP Rapid Deployment Pack a Install the HP SAM client on the access devices b Update the client hprdc sam file to connect to the HP SAM server and specify desired settings see the customization steps for the specific HP SAM client type e Post the HP SAM Windows based client installation file on a website or fileshare If you created an hprdc sam file for your environment you should post this file also Then instruct the users to a Download and install the client software b Place the config file hprdc sam on the desktop c Double click the HP SAM file to launch amp NOTE Ifa firewall is installed make appropriate changes to allow the HP SAM client through Do this at the application level instead of the port 50 Chapter 3 Installation 4 Administration Log In In the Internet Explorer address bar
100. m e HP t5740e with Windows Embedded Standard 7 WES 7 operating system e HP 5135 thin client with HP ThinConnect embedded operating system e HP 5145 thin client with HP ThinConnect embedded operating system e HP t5545 thin client with HP ThinPro operating system e HP t5745 thin client with HP ThinPro operating system e HP gt7725 thin client with with HP ThinPro GT operating system e HP gt7720 with Windows XP Embedded operating system e HP gt7720w with Windows Embedded Standard operating system If the HP SAM client is preinstalled you need only to configure the HP SAM client to connect to the appropriate HP SAM Web server Software Requirements Install and enable one or both of the following e RGS Receiver 5 1 3 or later e RDP Access Device Requirements 21 Mobile Thin Client Hardware Requirements e HP Compaq 6720t Mobile Thin Client with Windows XP Embedded operating system e HP Compaq 2533 Mobile Thin Client with Windows XP Embedded operating system e HP Compaq 4410t Mobile Thin Client with Windows Embedded Standard WES operating system Desktop or Notebook PC Software Requirements Install and enable one of the following operating systems e Windows XP Professional 32 bit or 64 bit with Service Pack 2 or 3 NOTE The HP SAM Client is unable to connect from access devices running Windows XP 64 bit using the preinstalled version of RDP This is due to the location windows system32 of the pr
101. n e Virtual Machine on VMware vSphere 4 X NOTE If you are running VMware virtual sessions using VMware refer to the VMware documentation for hardware requirements Software Requirements Install and enable one of the following operating systems e Windows XP Professional 32 bit or 64 bit with Service Pack 2 or higher e Windows Vista with Service Pack 1 or later 32 bit or 64 bit as follows o Business o Enterprise e Windows 7 32 bit or 64 bit as follows o Professional o Enterprise e Linux RHEL4 64 bit update 5 or later 20 Chapter 2 Requirements NOTE HP SAM 2 2 and earlier clients are not able to connect to Linux resources e Linux RHEL5 64 bit update 2 or later e Linux RHEL6 64 bit Install and enable one or both of the following e RGS Sender 5 1 3 or higher with Single Sign on enabled e Terminal service enabled RDP Access Device Requirements The following sections provide information about the requirements for access devices Thin Client Hardware Requirements e HP Compaq t5720 thin client with Windows XP Embedded operating system e HP Compaq t5730 thin client with Windows XP Embedded operating system e HP Compaq t5730w with Windows Embedded Standard WES operating system e HP t5630 thin client with Windows XP Embedded operating system e HP t5630w with Windows Embedded Standard WES operating system e HP t5740 thin client with Windows Embedded Standard WES operating syste
102. n the various components The values in parenthesis represent ports with ANY meaning any ports on that component Web Server e Incoming o From clients TCP ANY to web server TCP 80 HTTP o From clients TCP ANY to web server TCP 443 HTTPS o From blades TCP ANY to web server TCP 80 HTTP o From admin_workstation TCP ANY to web server TCP 443 HTTPS o From resources UDP 47777 to web server UDP 47777 Custom e Outgoing o From web server TCP ANY to SQL_Server TCP 1433 MSSQL o From web server TCP ANY to resources TCP 139 RPC o From web server UDP 47777 to resources UDP 47777 Custom Clients e Incoming o None e Outgoing o From clients ANY to web server TCP 80 HTTP o From clients ANY to resources TCP 3389 RDP From clients ANY to resources TCP 42966 RGS r NOTE The default RGS port is TCP 42966 however RGS 5 3 and later allows this to be changed Please see the RGS documentation for details o From clients ANY to web server TCP 443 HTTPS Resources e Incoming o From web server UDP 47777 to resources UDP 47777 custom o From web server TCP ANY to resources TCP 139 RPC Web Server 85 o From clients TCP ANY to resources TCP 3389 RDP o From clients TCP ANY to resources TCP 42966 RGS amp NOTE The default RGS port is TCP 42966 however RGS 5 3 and later allows this to be changed Please see the RGS documentation for
103. n using an access device in the IP Address range and only on the specified day during the specified period of time In this case the user will be sent directly to a resource in this role even if he has many other roles he will not see a role selection dialog If outside of the IP range and time day the user will be denied access to that role Multiple such reservations can be designated on each role By default at the end of the reservation period the user is logged off of the resource The Allow time extension option can be set to allow a user to remain logged in beyond the current resource reservation end time They can remain logged in until another resource reservation time period for the Chapter 4 Administration same role begins or at 12 00 midnight if no other reservations are set A dialog warns the user before the logoff occurs The lead time of this warning can be configured in System Settings on the General page of the HP SAM administrative console For example a school may use resource reservations to ensure students get a resource from the correct role for each class and make sure resources are freed in time for a later class needing resources in the same role The administrator can set a reservation on the Math Class role specifying the IP address range of a certain classroom and a certain time day when the math class occurs The student who logs in using a computer in this classroom during the right day and time will get a reso
104. nenns 28 Configure Secure Socket Layer SSL weasisicnccanercnsaseiecdatediovndensddenrnanssuinernineda masiinentnnedel 29 Install and Validate the HP SAM Registration Service Software c cccceeeesseeeeeeesceeeeetsneeeeetteeees 29 Install the HP SAM Registration Service cccvinsibeceussteranxes tei ake nena so teewnnes 29 Create the HP SAM Registration Service Configuration File c ccccceeseeceeceeeeteeeees 30 Start Restart the HP SAM Registration Service ccccsessecceeeesceceeeeesenseeeeseeneeeeensaes 32 Test the HP SAM Registration Service i 0 c cssicersasesoeantdar saree cvtcashivennmetetannedtanensonetbanes 33 Install and Validate the HP SAM Client Software cccccesecceesseceeeseeeeeneeeeeeseeeeesnaeeeneseeeneaaeees 33 Internet Explorer Based Client svosssacsiecrriebivvasseisiedseredsvonhaegehdcandduerstonivaasaenineannlonsaatnies 34 Windows based Client 555400 sta eteernierh Ganka ee are arO eae re OREO Ee 35 Wine Based Client srepet anen a e O A E 36 Configuration Settings s ssnieniivarseaineoettomaniabivaaigncinlerendeinenenialerseesteaantiteuleeivanbaaenembiresdeliees 38 Global and Local Client Configuration Files x svisiedeasnteversiavideshvemnerntderte canner toeeenbbets 47 legal Bannen se sce wade atv teen ipod dba ada ena AT E 48 Deploy the HP SAM Registration Service to All HP SAM Computing Resources s sssesseteeteeeees 49 Deploy HP SAM Client Software to All HP SAM Access Devices
105. ngly 89 90 Question How do change the HP SAM datagram communication port to another value beside the default 47777 Answer Modify the connection config file located on the HP SAM web server in the HP SAM installation directory usually c Program Files Hewlet Packard HP SAM Use Notepad to edit the file Add this line in the appSettings section lt add key ProtocolChannel Value port number gt Where port number is the new HP SAM datagram communication port you want to use You must stop and restart the HP Session Allocation Management Service on the HP SAM web server You must also update the HP SAM registration service hpevent cfg file on all computing resources to use the same HP SAM datagram communication port then restart the HP SAM registration service on all computing resources Also update the appropriate firewall rules on the HP SAM web server and the computing resources Can use double byte numbers in the user name get warning messages when am operating in a double byte character set DBCS Asian language on the HP SAM administrative console and input numeric values in System Settings tab No HP SAM only supports single byte numbers HP SAM administrative console accepts only single byte numbers as a value Why I do see line graphs in Resource Capacity Consumption Report in the HP SAM administrative console in some instances and not in other instances Make sure the br
106. nnectionBar HideTimingFactor integer value Controls the speed of the animation when the connection bar is disappearing from the screen A smaller number means faster animation This can be useful on slow client systems where the connection bar animation is too slow The default value is 5 ConnectionBar SessionWindow Enableldentify integer value O or 1 When set to 1 an RGS session chosen on the HP SAM Connection Bar will be highlighted and can be moved by the user This features requires RGS 5 1 3 or later Default value is 1 DisclaimerDisplay Timeout Time in seconds for the HP SAM client to be idle before the Legal Disclaimer window reappears Default value is 30 Resolutions string value Specifies another section in the SAM file that contains a list of resolutions to show on the client Ul Open the default SAM file to see the required format ConnectionBar ShowLogoff integer value O or 1 When set to 1 an option to log off the resource is shown when disconnecting Default value is O ConnectionBar ShowReboot integer value O or 1 When set to 1 an option to restart the resource is shown when disconnecting Default value is O Chapter 3 Installation NOTE The options to log off or reboot from the connection bar are disabled by default in the Global policy The following requirements must be met for Logoff and Restart A certificate from the domain certificate authority must be installed on the HP SAM websi
107. nose the problem Question Users are getting the message All resources are currently in use Please try again later but there appear to be free resources according to the HP SAM administrative console What are the potential causes for this Answer First refresh the Resources list in the HP SAM administrative console and check to see if any resources are available in the role or dedicated resource the user is attempting to access If no resources are shown as Available try performing a Synchronize operation on all of the resources to ensure that their status is current If there are still no resources shown as Available the message is accurate and more resources can be added to the pool or the HP SAM session timers can be used to free up idle resources If there are resources shown as Available and users are still getting this message consider the other potential causes below e Some resources are marked as disabled in HP SAM e Some resources are assigned to a user as a dedicated resource Check the Manage Users page to see if these resources show up as dedicated to any users NOTE If a resource is in a role and is also dedicated to a user it will never be allocated to user who requests a resource using that role In other words it really is dedicated to that one user only e Some resources may be temporarily reserved When HP SAM allocates a resource to a user it reserves the resource for that user for a certain
108. nt your clients and resources to communicate via multiple SAM servers e In this Option the SAM Resource Allocation requests from the Client Devices are separately routed via SAM Server 1 This allows the SAM Resource Status updates to be isolated by routing via SAM Server 2 This separation allows for load distribution of SAM functionality where by isolating the SAM Resource Status updates e This configuration has been tested by 540 clients requesting resources within a three second window with no request denials or degradation on requests HP SAM Hardware and Software Requirements 17 a aman invent ue j N A ie j l SAM client N Config file ws al SAM resource Allocation Requests SAM Server 2 x us or Cpe i i i O 1 i s9 2 V i 8a s f d S 8 scie o o o TT gigg g 8 is l Soga B FEE H ete 3 g5 SQL Server 2 Standby t L i port 47777 SAM Resources Remote Computing Solutions HP Blade PC Blade Workstation amp VDI SAM Load Distribution All SAM Resource Allocation requests are routed and handled via SAM Server 1 oe All SAM Resource Status updates are separately routed and handled via SAM Server 2 Notes SAM natively provides a method for Fail Over and Load Distribution SAM client and resource configuration files allow you specifically identify and point your clients and resources to communic
109. omputing resource is in multiple roles Then the resource is counted multiple times one per role that it is in If the computing resource is disabled it is not counted in the overall number Resource Capacity Consumption Trend Report Select the filter options and display options and click the Generate Report button Filters e e e e 76 Time Frame From To Narrow the data shown to the time period you are interested in Role Enabled Narrow the data to all roles that are enabled only Yes disabled only No or ignore this flag by selecting both Role Public Narrow the data to all roles that have no user access list restriction Yes restricted access role No or ignore this flag by selecting both Roles See data for the selected roles only If you choose this option the system narrows the selection based on your previous selections above Chapter 4 Administration Display Options Threshold Percentages On the report you can highlight the data if it exceeds the number entered here gt Minimum Available If data is below the value entered the report highlights it o Maximum Consumed If data is above the value entered the report highlights it Time Interval Chart the data where the scale is based on hour day week or month Include raw data If the raw data is also wanted in the report check the Include raw data box Open in New Window If selected the result data are shown in a new browser
110. on page 54 for detailed instructions Configure HP SAM System Settings Log onto the HP SAM administrative console go to the System Settings tab and make appropriate changes See System Settings Tab on page 70 for detailed instructions 28 Chapter 3 Installation Configure Secure Socket Layer SSL SSL You may configure SSL on the HP SAM web server which includes installing a certificate to encrypt your password and browser session when you log onto the HP SAM administrative console Manage Access to the HP SAM administrative console Webclient Communication line between web client and HP SAM server Only certain virtual directories under the main HP SAM website can be set to Require secure channel SSL You should not set the main HP SAM website to Require secure channel SSL Install and Validate the HP SAM Registration Service Software Manually installing this software consists of these steps 1 2 3 4 Install the HP SAM Registration Service on page 29 Create the HP SAM Registration Service Configuration File on page 30 Start Restart the HP SAM Registration Service on page 32 Test the HP SAM Registration Service on page 33 Install the HP SAM Registration Service Log onto the blade PC using an account with local administrative rights and then run the bladeservice_xx MSI file is the software version Replace xx with o EN English o JA Japanese o FR French o DE German o K
111. onds to an action that is not enabled no default action is available Not valid for Blade Workstation Client series or Linux Client The default value is O Install and Validate the HP SAM Client Software 43 Policy Entries 44 You can set policy entries by manually editing the SAM file These settings must be located in a policy section of the SAM file for example Local Area Network or saved settings These values only specify the default settings in the Ul Values changed by the User in the UI will take effect Protocol integer value 0 1 or 3 Specify which protocol to use for connection RDP is 1 RGS is 3 A value of O automatic uses autodetected settings with a preference of RGS over RDP Default is O Mute 0 or 1 If O audio is enabled for this connection If 1 audio is disabled Default is O SoundQuality integer value 1 2 or 3 Set to 1 for lowest 3 for highest sound quality This value is only supported for RGS connections Default is 2 SoundStereo 0 or 1 If 1 stereo sound is supported If O mono sound is played This value is only supported for RGS connections Default is 1 BordersEnabled integer value O or 1 If 1 enables normal Windows borders 0 no borders This value is only supported for RGS connections Default is 1 WindowSnapEnabled integer value O or 1 If 1 allows the session window to snap to edge of screen when moved This value is only supported for RGS connection
112. onize operation task to capture any resources that are offline set the timer as instructed below and click Create or Update In general you do not need to do this if the resources are running under normal operation If you feel more comfortable knowing on a regular basis that there is a heartbeat from the resource then schedule the synchronize operation to run at the appropriate interval for example once a day at midnight e Auto Schedule Event To turn it on check the Enabled box e Scheduled Start Date Select the date when event is to start e Scheduled Time Select the time when the synchronization operation is to run Check as many times as needed e Scheduled Day Select one of the following options Daily Enter the number of days after which the event is to recur gt Weekly Enter the number of weeks after which the event is to recur and on which day s of the week it is to recur To run the synchronization operation task manually click the Resources tab locate and display a list of resources and select the resources to synchronize Then select the Synchronize option from the Operation list Audit Log Clean Up Scheduler To schedule when the system needs to run a database cleanup operation set the timer as instructed below and click Create or Update This should be done to help keep the database to a manageable size and minimize HP SAM performance impact e Auto Schedule Event To turn it on check the Enabl
113. only able to see log entries associated with the Asset Groups they control To view system historical activities set the filter options to narrow the content to display and then click Search Filters e Category Default is all or you can narrow to one of the categories below o Security Narrow the data show security related incidents Usage Activities Narrow the data to show user connect disconnect logoff type data gt Administration Activities Narrow the data to show administration type activities e Type Narrow the data to the level of the incident Choices are Information Warning and Error e Description Search for incidents with the Description box containing the text entered e Time Frame Narrow data to the dates entered e Asset Groups Narrow data to asset groups selected Chapter 4 Administration You have four operations you can perform e Save selected e Save entire log e Delete selected e Delete entire log Setting Up Smart Card Logon on the Access Device NOTE RGS 5 1 3 or later is required when logging in using RGS with smart cards Smart Card logon does not work if RGS Single Sign on is enabled You must enable Easy Login on the RGS Sender and set the USB on the RGS Receiver to Remote and Local or Remote Drivers for the smart card reader hardware are needed on the resource as well as on the access device Before you attempt the following procedure for the HP SAM client refer to this whi
114. ons If Lee logs in from another client the differing display configurations can be stacked on the client desktop to provide full access with fewer monitors 10 Chapter 1 Introduction Figure 1 5 Monitor Offset Configuration Example horizontal horizontal offset g offset 1280 vertical vertical offset O offset 0 i Common Tasks 11 2 Requirements HP SAM Hardware and Software Requirements Architectural Considerations and Best Practices for Setting up an HP SAM Environment Server Sizing In general the HP SAM Server can handle a theoretical maximum user and resource population of 40 000 e This is based on the assumption that no more than 1 of users will attempt to connect within the same 30 second window HP SAM Server at minimum specification has been shown to handle up to at least 500 blade requests within the same 3 second time slot without giving a denial The results may vary based on the speed of the servers and infrastructure used Increase Memory as user population grows e Performing HP SAM searches can tax memory because the HP SAM Server pulls a copy of the database across the network to memory in order to complete this task e One GB of RAM per 2 000 users or resources whichever is greater is a good rule of thumb Increase processor speed and cores as user population grows e Memory is the primary gate on performance of the HP SAM Server When handling large user popula
115. ource RGS is used If one or both do not have RGS then RDP is used HP RGS is optional and must be acquired separately For information on HP RGS visit hitp www hp com go rgs To view the HP Remote Graphics Software User Guide visit http www hp com support rgs_manuals and scroll down to the User guide heading Chapter 1 Introduction Common Tasks Setting up HP SAM 1 Install HP SAM See Installation on page 25 2 Add users a Add new users See Add New Users on page 61 b Create administrative groups assign users and customize permissions See Manage Administrative Permissions on page 56 Create a policy See Create or Update a Policy on page 69 Create a role See Manage Resource Roles on page 54 Assign computing resources or roles to the users See Manage Users on page 57 Setting up a User with a Dynamic Resource HP SAM enables computing resources to be dynamically shared among users Figure 1 2 Dynamic Connection Example pool of blade N workstations RGS or RDP Y rola abode i m In Figure 1 2 Dynamic Connection Example on page 7 we need to grant user Mai access to computing resources A pool of three blade workstations has been assembled each configured to support the role of abcde A We assign Mai a role of abcde See Manage Users on page 57 This means Mai is now authorized to access any computing resource which supports a role of abcd
116. oved from the file The maximum size of the file therefore is when the concurrent transactions peak For 100 users the average size of this file should be less than 2 GB To optimize the HP SAM database performance a database administrator should do two things e Develop a SQL maintenance plan This includes backing up HP SAM database and truncating orphaned transaction logs in the LDF file When backing up the orphaned transactions are truncated but the size of the LDF file is not reduced The database administrator can shrink the LDF file as far as the 100MB default if desired e Ifthe history and audit logs are not disabled the database administrator will need to truncate these two tables periodically It is recommended that this be done on a weekly basis to keep SAM_data mdf under 1 GB Number of HP SAM Servers It is recommended that as user populations grow the number of HP SAM Servers gateways be increased to handle loading and provide backup gateways when another server is inaccessible for whatever reason HP SAM Hardware and Software Requirements 13 If you want to avoid continuing to increase memory and processor cores on the HP SAM Server create multiple gateway servers and split user populations to limit the number of users using a particular gateway as their primary target You may also split resources between HP SAM servers to distribute the load between servers Regionalization of Data Centers When placing users
117. ows XP Blade Workstation HP ThinConnect support i Client Embedded Windows XP 64 Windows XP 64 os HP ThinPro bit bit HP ThinPro GT Windows Vista Windows Vista i 32bit and 64 bit 32bit and 64 bit RHEL4 32 bit and 64 bit Windows 7 32 bit Windows 7 32 bit f and 64 bit and 64 bit RHELS 32 bit and 64 bit Windows XP Windows XP Embedded Embedded RHEL6 32 bit and 64 bit Windows Windows Embedded Embedded Standard WES Standard WES WES 7 WES 7 Communication RDP only RGS and RDP RGS RGS and rdesktop protocol Automatic failover X X X support Requires Internet X Explorer browser Requires ActiveX X controls to be downloaded in order to run Languages English Japanese English Japanese English English French Germon French German Korean Simplified Korean Simplified Chinese Chinese Internet Explorer Based Client An access device can access HP SAM using Internet Explorer To use the HP SAM Internet Explorer based client type the server name http HP SAMservername in the Internet Explorer address bar If the access device is accessing the HP SAM server for the first time the access device needs to install two ActiveX controls HP SAM Web Client Utility Class and Microsoft RDP Client Control The installed location for these controls are in the SystemRoot Downloaded Program Files folder There are other HP SAM Internet Explorer based client configuration settings that you can control from the HP SAM server Refer to
118. owser language you are viewing the report is the same as the HP SAM web server operating system language For example if you are viewing the HP SAM administrative console in Japanese the HP SAM web server operating system language must be Japanese The Internet Explorer AutoComplete window covers up the HP SAM Add New Users search window How can see my search results Disable the Internet Explorer AutoComplete feature for form fields 1 In Internet Explorer click Tools on the menu bar 2 On the Content tab click AutoComplete 3 Clear the Forms check box I ve added a user as an HP SAM administrator but she cannot log onto the HP SAM administrative console see a generic error message of the HP SAM administrative console how can get more detailed information about the error Appendix B Frequently Asked Questions Be sure that AD Group Policy is set to enable Allow Logon Locally This situation applies to users that are not members of the local server administrator group but are members of the HP SAM Administrator Group Computer Configuration Local Policies Users Rights Assignment Allow logon locally For security reasons details of some types of errors cannot be viewed remotely If you reproduce the error on the HP SAM server itself you can see the details and a stack trace which can give you clues to the root cause of the failure This information may also be critical in helping support personal diag
119. p is optional 4 Click the Options button 36 Chapter 3 Installation 10 Change appropriate connection settings Click the Save Settings button Click OK in the message confirming that the settings were saved Select ete Click Save Click the Connect button to connect If the HP SAM client is closed it should start automatically If it does not start right click and select Remote Graphics Additional settings can be set by manually editing the SAM files configuration files 1 2 The HP SAM connection client searches first for the user specific SAM file hprdc sam It then checks the access device file root writable opt hpsam hprdc_accessdevice sam Parameters found in the access device file replace or are added to the merged file Then the connection client checks the file root writable opt hpsam hprdc_admin sam Parameters found in the global file replace or are added to the merged file Refer to Configuration Settings on page 38 for a list of the options available for the Linux Client HP ThinPro GT Client for the HP gt7725 Thin Client For the HP gt7725 thin client running HP ThinPro GT use the following procedure to install or update the HP SAM Client 1 4 Edit the file etc apt sources list and verify the following line exists if it does not add it deb ftp ftp hp com pub tcdebian gt7725 main non free Save the file then update the list with the following command apt get update
120. parameters o XP file location is the install directory Default C Program Files Hewlett Packard HP Session Allocation Client hprdc_admin sam Workstation Client OS file location opt hpsam hprdc_admin sam root writable opt hpsam hprdc_admin sam Linux Client Install and Validate the HP SAM Client Software A7 opt hpsam hprdc_admin sam Legal Banner 48 This allows a legal disclaimer to be displayed before logon Name the file disclaimer lt file type gt and copy the file into the appropriate directory create the folder if necessary The following are the default paths e Access Device Client Installing the legal banner on an access device causes the banner to be displayed on that access device only Name the file disclaimer lt file type gt and copy the file into the following directory create the folder if necessary on the access device o Windows C Program Files HewlettPackard HP Session Allocation Client LANG disclaimer lt file type gt o Workstation Client OS root writable opt hpsam site LANG disclaimer lt file type gt o Linux opt hpsam site LANG disclaimer lt file type gt e Web Client Installing the legal banner on an HP SAM web server causes the banner to be displayed to all users connecting via Web Client Name the file disclaimer lt file type gt and copy the file into the following directory create the folder if necessary on the HP SAM server gt Web Client C program files h
121. ple Administrator Groups which have different sets of access privileges the user will have all the privileges from the assigned Administrator Groups To create a new administrative permission group 1 Click Create 2 Inthe Group Name box type a name for the administrator group 3 In the Description box type a description for the group 4 In the Asset Group Assignment fields select the asset group s to associate with the new Administrator group In the Category list select the category for which to specify specific permission levels 6 Inthe Permissions area select the permissions to allow for this category for this specific administrative group 7 Repeat steps 5 and 6 for each category 8 Click Save To modify an Administrator group 1 Select the group to modify by clicking the group name hyperlink 2 Make changes as necessary 3 To change values for the different categories select a category from the Category list and in the Permissions area change the permissions as necessary Repeat this process for each category you want to modify 4 Click Save To delete an Administrator group 1 Select the group or groups to delete You can delete more than one group using this procedure 2 Click Delete and click OK to confirm Chapter 4 Administration Manage Users By default the search shows all users security groups and OUs Operation Search For Organizations OU Security Groups Users S
122. ported for RGS connections RgsErrorTimeout integer value The timeout in milliseconds used to detect and disconnect an inactive connection For more information see rgreceiver network timeout error in the RGS documentation The default value is the user interface value of 30000 milliseconds 30 seconds The user interface displays this value in seconds This value is only supported for RGS connections RgsDialogTimeout integer value The timeout in milliseconds used to display and wait on responses from input dialogs such as the authorization dialog and PAM authentication dialog For more information see rgreceiver network timeout dialog in the RGS documentation The default value is the user interface value of 15000 milliseconds 15 seconds The user interface displays this value in seconds This value is only supported for RGS connections Install and Validate the HP SAM Client Software 45 46 ClearType integer value O or 1 When set to 1 support for Font Smoothing is enabled in an RDP6 session This option is ignored for RDP5 RGS and rdesktop Set to O to disable Default value is O ComposedUI integer value O or 1 When set to 1 support for Vista Aero interface is enabled Desktop Composition This requires RDP6 and is ignored for RDP5 and RGS Additionally various hardware and operating system requirements must be met before the Vista Aero interface can be shown Set to O to disable Default is 1 Autosize int
123. r during registration service upgrade installation Check to see if the event log is open If so you must close the log so the tool can remove the old executable and upgrade to the new one 88 Question How do enable HP Sygate Security Agent on the Windows XP Embedded based thin client for the HP SAM client s Answer Go to HP Sygate Security Agent advance rules and create a new rule for HP SAM Add IEXPLORE EXE and or hprdcw32 exe to the Application tab On the Ports and Protocol tab set protocol to TCP and type 80 443 3389 42966 on the remote port line if you want both clients to work Otherwise make sure port 3389 is set for IEXPLORE You can set port 80 443 3389 or 42966 for the Windows based client or leave it alone alll For advanced methods such as an Altiris script you can create the script similarly here or use the HP Sygate Security Agent Policy Editor tool download as a SoftPaq from the HP website I am unable to view the Japanese characters on the web client Check to make sure the Japanese fonts are installed on the access device Can administer the HP SAM server using another browser such as Opera and Firefox No these browsers are not supported Appendix B Frequently Asked Questions Question How can change both the HP SAM web server http and https ports to some other value beside the default 80 and 443 Answer After changing the desired value TCP and or SSL ports in
124. rdware was powered off etc Auto Refresh Feature After performing a search and displaying a list of resources the following features are available Auto Refresh seconds This feature allows the Resource tab web page to automatically refresh Doing so the list of computing resources shown is pulled from the database with the latest information amp NOTE If this option is turned on then HP SAM administrative console does not time out and log you off the HP SAM administrative console This could be a security issue especially if the session is on a public terminal and the user forgets to shut down the browser or log out To use set the value to 5 15 30 or 60 seconds turn off set the value to Off and then click Apply The setting takes effect immediately View Details To view detail information regarding a resource click on the magnifying glass under the Details column E NOTE For a quick view to see who is currently connected to or disconnected from a computing resource move the mouse slowly to hover over the icon under the State column This displays the user account associated with that blade Operations NOTE Some of the operations below such as Logoff Restart and Shutdown require the HP SAM Service Account to have administrative privileges on the computing resource such as a blade PC HP SAM Administrative Console Tabs 63 To perform any of the operations listed below 1 2 3
125. rkstation Client 36 HP Remote Graphics Software 3 4 HP SAM ActiveX controls 35 client comparison table 34 client software installing 33 common tasks 7 database recovery 92 datagram communication port changing value 90 features 2 installing 25 overview 4 registration service requirements 20 setting up 7 SQL database hardware requirements 16 SQL database software requirements 20 web server hardware requirements 15 web server software requirements 16 HP Sygate Security Agent enabling 88 HP ThinPro GT client 37 http default port value changing 89 https default port value changing 89 Index 99 l ImageQuality 44 installation error 87 new 25 order 25 upgrade 25 installing Administrative rights 23 HP Blade Workstation Client series 36 HP SAM client software 33 HP SAM registration service 29 HP SAM registration service software 29 HP SAM SGL software 26 HP SAM Web Server 26 HP ThinPro GT client 37 Internet Explorer based client 34 RHEL client 38 Windows based client 35 Internet Explorer based client 34 IP address list 27 J Japanese characters 88 K KeyRepeatEnabled 44 Keys 45 KioskMode 43 L legal banner 48 Licensing 74 line graphs availability 90 Linux session timers 82 Linux based client 36 Log Off User from Resource Scheduler 74 Log tab 78 logging in 51 M manage resources 63 managing access devices 65 Administrative permissions 56 Administrator access list 52 100 Index
126. rrent resource status grouped by roles as a convenience to the administrator Users and Roles Tab The Users and Roles tab facilitates the management of roles and user access list Manage Resource Roles 54 All roles as created by computing resources when they self registered or created with the Create button are shown Role column A list of all roles amp NOTE Role names are limited to 128 characters If you type more than 128 characters for a role name in a resource configuration file the role name will work correctly but it will be truncated to 128 characters Asset Group column Shows asset groups that belong to each role Description column You can change the description for each role if the name by itself does not clearly explain what it is or to further differentiate it from the other roles The role name and description are displayed to the user on the access device during connect phase if the user has access privilege to use more than one role Policy column By default the HP SAM client settings are assigned to the Global Policy All Global Policy connection forced settings if any within that policy are applied to all users NOTE To override the Global Policy with another policy create the policy first on the Policies tab and then reassign the role to use the appropriate policy here Enabled column o If selected the role is available for allocation o If there is no check mark then all bl
127. rror accessing WMI Contact your HP SAM support team BCO041 Internal error failed to connect to WMI Contact your HP SAM support team BC0042 Internal error Contact your HP SAM support team BC0043 Failed to read Win32_SystemEnclosure WMI class Contact your HP SAM support team BC0044 Failed to read Win32_ComputerSystem WMI class Contact your HP SAM support team BC0045 Failed to read Win32_BaseBoard WMI class Contact your HP SAM support team BC0046 Failed to read Win32_NetworkAdapterConfiguration WMI class Contact your HP SAM support team BC0047 Failed to read Win32_NetworkAdapterConfiguration WMI class Contact your HP SAM support team BCO0048 Failed to query a specific WMI property Contact your HP SAM support team BC0049 Failed to register a WMI event Contact your HP SAM support team BCOO50 Problem accessing WMI possibly related to missing QFE documented in MS KB 828653 BCO100 Failed to setup timer Internal error possibly due to low memory conditions Close other applications or increase memory BCO101 No gateway HP SAM server was found in the configuration file Check the registration service installation section above on how to create the correct CFG file contents Make sure the server name is correct Appendix C Registration Service Error Codes BCO104 Failed to set up properties for listening UDP socket Contact your HP SAM support team BC0105 Warning this resource has no roles def
128. rs in the search field Results are shown as you type Click Add to add highlighted groups to the list Select the groups in the list that you want to add into HP SAM Click Save Resources tab The following sections explain what is available under the Resources tab 62 Chapter 4 Administration Manage Resources By default the search shows all computing resources such as blade PCs You can narrow the list of resources shown by using the filter options The filter option is based on AND combinations so the more boxes you enter the narrower the list of resources shown The following are your filter options IP Address Host Name Show the list of resources where the IP address or host name matches what you entered or range or set of computing resources matching what you entered Dedicated Resource Select to narrow the search to resources assigned as dedicated resources Enabled Show resources that are manually enabled or disabled only Role Show resources that belong to a specific role Asset Group Show resources that belong to a specific asset group Available Show resources that are available for allocation no users connected Disconnected Show resources that have users in a disconnected state In Use Show resources that have users actively connected Offline Show resources that are not available for allocation because the registration service is not responding service is not working properly the ha
129. rt cards are made available to the remote session This value is only supported for RDP connections Default is 1 for Windows and 0 for Linux Client and Blade Workstation Client series ColorDepth integer value 8 16 24 or 32 The color depth for the RDP session This value is only supported for RDP connections Default is 24 bit but for Linux it may be lower depending on the capabilities of the graphics on the access device 32 bit color applies only to Windows FullScreen 0 or 1 If 1 a full screen session is created Default is 1 Keys integer value 0 1 or 2 Indicates how to handle special key combinations such as Alt tab within an RDP session If O the keys are handled on the local machine If 1 the keys are handled on the remote machine If 2 the keys are handled on the remote machine while the session is full screen This value is only supported for RDP connections Default is 2 Height integer value Together with Width indicates size of the window Default is 600 Width integer value Together with Height indicates size of the window Default is 800 RgsWarningTimeout integer value The timeout in milliseconds used to detect and notify the user of a network disruption For more information see rgreceiver network timeout warning in the RGS documentation The default value is the user interface value of 2000 milliseconds two seconds The user interface displays this value in seconds This value is only sup
130. rvice BCO011 Failed to start service status check error Make sure the service is running under the access device account with sufficient permission to start stop the service BCO012 Internal error setting up service Make sure the service is running under the access device account with sufficient permission to start stop the service BCO013 Service configuration file tattoo was not found See the registration service installation section above for the list folder where the CFG file must be stored and that the service has read access to it BC0014 Could not find the Gateway section in the configuration file See the registration service installation section above on how to create the correct CFG file contents BCO015 Internal program error Contact your HP SAM support team BCO016 Internal program error Contact your HP SAM support team BCO017 Internal program error Contact your HP SAM support team BCO018 Internal program error Contact your HP SAM support team BC0020 Memory allocation error Close other applications or increase memory BCO021 Memory allocation error Close other applications or increase memory BC0022 Memory allocation error Close other applications or increase memory BC0023 Internal error Contact your HP SAM support team 93 94 BCO024 Internal error Contact your HP SAM support team BCO025 Internal error Contact your HP SAM support team BCO026 Error communicating with
131. s Default is 1 AudioFollowsFocus integer value O or 1 If O sound from all sessions is audible If 1 only audible sound is from session that has focus This value is only supported for RGS connections Default is O MicrophoneEnabled integer value O or 1 If 1 analog microphone input from the access device is sent to RGS sessions This value is only supported for RGS connections Ignored by RDP sessions This feature requires RGS 5 1 3 or later Default is O KeyRepeatEnabled integer value O or 1 If 1 disables key repeat suppression normally required by RGS to keep keys in hot key sequences from repeating when held down This value is only supported for RGS connections Default is O MapUSB integer value O or 1 If 1 allows USB redirection This value is only supported for RGS connections With RGS 5 1 3 or later you may remap USB devices to a selected session from the HP SAM Connection Bar Default is O ImageQuality integer value 0 100 Sets image quality O lowest quality lowest network bandwidth usage 100 highest quality highest network bandwidth usage This value is only supported for RGS connections Default is 65 Compression 0 or 1 If 1 RDP compression is enabled This value is only supported for RDP connections Default is 1 Wallpaper 0 or 1 If 1 the remote desktop wallpaper is displayed This value is only supported for RDP connections Default is 1 Connbar 0 or 1 If 1 a small
132. s appropriate NOTE The time set here is the time of the HP SAM server If the resources are in a different time zone from the HP SAM server you need to adjust this time appropriately e Scheduled Day Pick one of the options below o Daily Type the number of days after which the event is to recur o Weekly Type the number of weeks after which the event is to recur and on which day s of the week it is to recur e Roles Transfer roles from the box on the left to the box on the right to have users on the resources in those roles logged off automatically at the specified time s Licensing 74 By default i e no license key entered you are allowed to run up to 30 resources such as blade PCs This is meant for evaluation purposes only For production environments even for fewer than 30 resources you must purchase licenses for all resources There is no expiration date for this evaluation software HP SAM licensing is done per resource not per user For example in an environment with 300 users sharing 100 resources only 100 licensed seats are necessary If the number of resources exceeds the number of licensed seats an orange warning banner is shown in the HP SAM administrative console No functionality is lost in this situation HP SAM licenses are floating licenses that are not tied to a particular resource License keys for HP SAM are encoded with a specific number of seats resources a version number and a
133. s within a role to a user with a preference toward providing a resource that has not recently been used This helps provide more even utilization of resources e When this new option found in the General tab under System Settings on the HP SAM administrative console is enabled SAM will allocate resources within a role to a user with a preference toward providing the resource that was most recently used by this user o It is important to note that SAM cannot guarantee that a user will be returned to their most recently used resource because another user may already be using it If you want to ensure that each user will always get the same resource you should use Dedicated Resources instead of roles o Also note that this feature does not affect allocation when the user has In use or Disconnected sessions SAM will always try to allocate resources reserved for the user regardless of this setting It also has no affect on Dedicated Resources or their backup resources or backup roles e Additional Support o Linux RHEL6 on access devices and resources o VMware Virtual Machine Linux resources gt HP T5740e WES7 Thin Clients o Microsoft SQL 2008 R2 What s New in This Release 2 Control of Linux Resources from the HP SAM administrative console o SAM 3 2 adds support for remotely performing the following operations on Linux based resources from the Resources page of the HP SAM administrative console Shutdown Restart
134. se policies to work If XP Pro with Service Pack 3 Vista or Windows 7 is installed on the resource this emulation is unnecessary Set CPU utilization time limit for active but idle remote sessions This policy allows the administrator to set a time of no user input keyboard or mouse after which the system is considered idle At this point another time period set by the administrator defines how long the CPU usage on the system must fall below a configurable threshold before the user is disconnected or logged off as chosen by the administrator The administrator can also fine tune this by setting the percentage of the time period that the CPU usage must remain below the threshold for the disconnection of logoff to occur This is useful to allow for a limited amount of CPU spiking but still cause the system to disconnect or log off Set CPU utilization time limit for disconnected remote sessions Similar to the above this policy allows the administrator to set a time period which starts when the session is disconnected If the CPU remains below the chosen threshold for this period of time the user will be logged off of the resource freeing it to be used by other users For more detailed information on these settings open the policy in the Group Policy Management utility and click the Explain tab If the HP SAM administrator has no access to the domain controller the policy can be applied on each resource instead Configuring Session
135. ssions after specified periods of time The integrated session timers have the ability to control RGS sessions as well as RDP sessions You can configure time periods for Active Sessions Active But Idle Sessions and Disconnected Sessions and you can further configure CPU monitoring for Active But Idle and Disconnected Sessions This will prevent the disconnect or logoff action if the CPU usage remains above a configurable threshold This is useful for ensuring that connections are not logged off while important calculations for example are occurring The session timers consist of two main pieces e A utility HPCCIST EXE and its support files that is installed onto the resource along with the HP SAM Registration Service HPCCIST EXE is set to start when Windows starts but will only continue running when a policy is set that requires it to run e An Active Directory group policy administrative template allowing you to enable the HP CCI Session Timers The administrative template HPCCIST ADM can be found in the c windows inf folder assuming you installed Windows into the c windows folder 80 Chapter 4 Administration To import the session timers into the Group Policy Management utility on the domain controller 1 2 a oe Copy the HPCCIST ADM file to the domain controller Create a Group Policy Object GPO on the domain controller in Group Policy Management A Right click on Group Policy Objects and select New Right click on
136. sssosssosssossseosseo 93 Appendix D Glossary scssisccsascncisscsisscovcaxsmesemsiereresesicrestiemmsanivneenmeenatedeetasinaseiecites 96 Nk E E E E E A E E E E E A 98 vii viii Introduction HP Remote Client Solutions are designed to support a variety of users needs from the most basic computing tasks to more demanding professional and technical applications while giving IT greater control over technology resources simplifying desktop management increasing agility and in many cases reducing total cost of ownership Underlying HP Remote Client Solutions is a unified infrastructure that enables client deployment session allocation balancing of computing resources and supports the business needs of a diverse set of users though the use of a common set of tools The HP Session Allocation Manager HP SAM system is the control point in managing an HP Remote Client Solutions deployment HP SAM manages the assignment of connections from an end user s client access device to desktop sessions running on computing resources in a centralized location typically a data center HP SAM makes these desktop sessions available to users as they are needed For more information about HP Remote Client Solutions visit hitp www hp com go rcs What s New in This Release e Option to Prefer Allocation of Recently Used Resources o With previous versions of HP SAM and with this option disabled which is the default SAM allocates resource
137. st See Manage Monitor Layout on page 65 2 We assign the new monitor layout ID to Lee s access device See Manage Access Devices on page 65 3 We assign the Monitor Layout ID to Lee and select the two blade PCs already assigned to him as resources for that Monitor Layout ID See Manage Users on page 57 Both monitors have the same resolution width and height so we enter 1280 and 1024 respectively next to each blade PC selected HP SAM treats the set of monitors as a single unit To display output from each blade PC on a different monitor we have to specify the horizontal and vertical offset the distance from upper left at which the output should appear We want output from blade PC 4 to be displayed on Lee s left monitor and output from blade PC 5 to be displayed on his right monitor as shown in Figure 1 5 Monitor Offset Configuration Example on page 11 To display output from blade PC 4 on the left monitor the upper left position we set both the horizontal and vertical offsets to O To display output from blade PC 5 on the right monitor we must set the horizontal offset one monitor resolution over so we set that horizontal offset to 1280 The display is not lowered however so the vertical offset is still O E NOTE Offsets are only honored when using the RGS protocol Sessions using the RDP protocol will typically appear stacked on the default display Support for roaming allows users to work from other locati
138. t If you want to assign the user to an Administrator group select the group from the Administrator Group list NOTE Administrator groups are available only for Security Groups and user accounts HP SAM Administrative Console Tabs 57 9 Double click asset groups or use the arrows between the Available and Selected boxes to move the asset groups Place all asset groups you want to assign to the selected user in the Selected box Double click roles or use the arrows between the Available and Selected boxes to move the roles Place all roles you want to assign to the selected user in the Selected box Click Save to save your changes To Assign Resources This option allows you to assign a specific resource such as a blade PC to a user You can also assign a backup to a dedicated resource as well as assign a user friendly name to the resource You have three ways to assign resources Select a single user and assign resources manually Select one or more users and have their attributes and resources automatically assigned based on a single template user Select one or more users and a role and have blades automatically assigned to each user from the role NOTE The Template User must have a statically assigned blade in a role and there must be enough available resources in that role to satisfy the users during automatic assignment of static resources If a blade is in a dynamic role and is reassigned as a dedicat
139. te paper to configure the smart card on the computing resource Implementing Actividentity Smart Cards for Use with HP Compaq t5720 Thin Clients and HP Blade PCs at http h20000 www2 hp com bc docs support SupportManual cO1153197 c01153197 pdf jumpid reg_R1002 USEN You must successfully configure the smart card on the computing resource before attempting to configure it on the access device Use the following steps to enable the HP SAM client to log on using a smart card 1 Attach the smart card reader to the access device 2 Install the smart card reader driver onto the access device 3 Install the smart card cryptographic service provider CSP software onto the access device that supports your smart card solution This software is required to read the contents of the smart card 4 Install the HP SAM client software onto the access device If using the Internet Explorer based client configure the client on the HP SAM administrative console at System Settings gt Web Client gt Smartcard cryptographic service providers CSP For more information see Web Client on page 71 NOTE If you set the client to read the UPN or e mail field from the user s certificate whatever it reads from either of those fields must match the UPN name of the user 6 If using the XPe Client specify the CSP string in the SAM file Refer to Smart Card Settings on page 41 Setting Up Smart Card Logon on the Access Device 79 7 If
140. te to allow usernames and passwords to be transmitted to the server The HP SAM service account must have local administrator privileges on the resource to be granted permissions to reboot or log off a user from the blade e ConnectionBar ShowHardReboot integer value O or 1 When set to 1 an option to cycle power on the resource is shown when disconnecting Default value is 0 amp NOTE The option to perform a power cycle from the connection bar is disabled by default in the Global Policy The following requirements must be met for Power Cycle A certificate from the domain certificate authority must be installed on the HP SAM website to allow usernames and passwords to be transmitted to the server Version 4 20 or later Integrated Administrator IA software must be used on the HP BladeSystem PC Blade Enclosure s By default the IA software has a disabled SAM account You must enable this SAM account and create a password for the powercyle option to work The IA password for the built in SAM account must be saved in HP SAM on the Manage Data Centers page One of the following HP BladeSystem Blade PCs is required e HP BladeSystem bc2000 Blade PC HP BladeSystem bc2200 Blade PC HP BladeSystem bc2500 Blade PC e HP BladeSystem bc2800 Blade PC Smart Card Settings amp NOTE Smart card settings are not valid for Blade Workstation Client series or Linux Client e SmartCardAlways integer valu
141. template user must have at least one dedicated resource that exists in a role Only primary roles are considered when assigning dedicated resources to multiple users The selected users will be assigned dedicated resources from free resources in this role The selected users will also be assigned the same Roles Asset Groups and Policies as the template user The selected users will not be assigned an Administrator group based on the template user To Assign Resources Automatically from Role 1 Click Manage users 2 Search for user s 3 Select the check box next to the appropriate name s amp NOTE Multiple users may be selected Select Assign Resources from the Operation list and click Go Select Assign Resources from Role ao uu Ff Select the role from the list 7 Click Continue NOTE A message will be displayed if the role does not have enough resources Only primary roles are considered when assigning dedicated resources to multiple users To Assign and Configure a Monitor Layout for the User NOTE You should create the monitor layout before assigning it to the user See Manage Monitor Layout on page 65 1 Select the check box next to the appropriate name 2 From the Operation list select Assign Monitor Layouts and then click the Go button to open the Monitor Layouts for lt username gt window which shows the monitor layouts if any assigned to the selected user 3 Click Add
142. th 45 columns 51 common tasks 7 communication port changing value 90 comparing clients table 34 components software 6 ComposedUI 46 Compression 44 configuration file 30 firewall 23 28 HP SAM system settings 28 options 38 session time limits 80 settings 38 smart card logon 79 SSL 29 Connbar 44 connect unable to 87 ConnectionBar AutoHideTimeout 40 ConnectionBar Enable 39 ConnectionBar EnableAddNew 39 ConnectionBar EnableCloseAll 40 ConnectionBar EnableContextMen u 40 ConnectionBar EnableDisconnectlns tance 40 ConnectionBar EnableReconnectAl 40 ConnectionBar EnableSave 40 ConnectionBar FollowMouse 39 ConnectionBar HideTimingFactor 40 ConnectionBar Location 39 ConnectionBar SessionWindow En ableldentify 40 ConnectionBar ShowDelay 40 ConnectionBar ShowHardReboot 41 ConnectionBar ShowLogoff 40 ConnectionBar ShowOnDisconnec t 40 ConnectionBar ShowReboot 40 ConnectionBar ShowTimingFacto r 40 considerations architectural 12 Cookies box 71 creating monitor layout 65 policy 69 registration service configuration file 30 service account 23 creating a data center 66 Cryptographic service providers CSP box 72 customize view 64 customizing Administrative permissions 56 HP Blade Workstation Client 36 RHEL client 38 Windows based client 36 D data centers adding enclosures 66 changing 66 creating 66 deleting 67 deleting enclosures 67 managing 66 regionalization 14 database SQL considerations 12
143. the GPO select Edit and then edit the GPO Right click Administrative Templates Click Add and browse to HPCCIST ADM Click and drag your new GPO to your OU which contains your resources to create a link in the OU Right click on GPO select Edit and then edit the GPO to set HP Session Timer parameters On a Windows 2003 Server the HP Session Timer policies can be found under Computer Configuration gt Administrative Templates gt HP Client Consolidated Infrastructure On a Windows 2008 Server the HP Session Timer policies can be found under Computer Configuration gt Policies Administrative Templates gt Classic Administrative Templates gt HP Client Consolidated Infrastructure NOTE You can also set this policy for users under User Configuration If conflicting policies are set to both Computers and Users the policy assigned to Computers will apply Once this administrative template has been imported into the Group Policy Management utility on the domain controller three new policies will be available Emulate Terminal Services Session Time Limits This policy controls whether or not to have the HP session timer utilities emulate the Microsoft session timer group policies This is useful for resources running Windows XP Pro with Service Pack 2 or earlier The Microsoft session timers for Active Active But Idle and Disconnected sessions did not work with these versions of XP Enabling this emulation allows tho
144. the Terminal Services subsystem Contact your HP SAM support team BCO028 Failed to set up UDP server port Check if another program is already using the same UPD port usually port 47777 by default BC0029 Failed to receive UDP data from network recvfrom failed Check your network and or firewall settings BCO030 Failed to acknowledge SYNC request from server This may cause the machine to be marked offline during a sync Check your network and or firewall settings BC0032 Failed to acknowledge PRECONNECT request from server This may cause the machine to be skipped during allocation Check your network and or firewall settings BCO035 No gateway web server defined See the registration service installation section above on how to create the correct CFG file contents BCO036 Failed to connect to gateway web server Check the registration service installation section above on how to create the correct CFG file contents Make sure the server name is correct and it is reachable by using that name BC0037 Failed to connect to gateway web server Check the registration service installation section above on how to create the correct CFG file contents Make sure the server name is correct and it is reachable by using that name BCO038 Japanese support requested but the dsvc0411 dll which provides the Japanese support is not there Reinstall BCO039 Internal error Contact your HP SAM support team BC0040 Internal e
145. this Option a Load Balancer with or without redundancy has been introduced to manage and distribute SAM Resource Allocation Requests and SAM Resource Status updates In this design the SAM Client and Resource configuration files are pointing to a Virtual IP VIP The VIP manages and distribute both the requests and updates for high availability and redundancy With this SAM design both SAM Server 1 and SAM Server 2 are intended to manage an equal load of requests and HP SAM Hardware and Software Requirements 19 HP SAM SQL Database Server Software Requirements Minimum One of the following must be installed e Microsoft SQL Server 2005 Enterprise Standard or Express Edition with Service Pack 1 or Service Pack 2 e Microsoft SQL Server 2008 Standard or Enterprise Edition e Microsoft SQL Server 2008 R2 Standard or Enterprise Edition HP recommends using Microsoft SQL Server 2005 or 2008 Standard or Enterprise Edition However if you use SQL Server 2005 or 2008 Express Edition which has a 4GB database size limit you should either e Disable history data and or log collection or e Limit the number of days the system retains history data and set up the Log Maintenance Scheduler to frequently and regularly remove logs from the database HP SAM Registration Service Requirements Hardware Requirements e HP blade PC NOTE Linuxis not supported on HP blade PCs e HP blade workstation series e HP Personal Workstatio
146. tion is added to the button drop down Not valid for Blade Workstation Client series or Linux Client The default value is O do not show DisplayRestart integer value O or 1 When set to 1 an action button is added to the client user interface to enable the user to restart the access device This is the same action button created by the DisplayShutdown DisplayRestart and DisplayLogoff options If the button already displays from another option setting the Restart option is added to the button drop down Not valid for Blade Workstation Client series or Linux Client The default value is O do not show DisplayLogoff integer value O or 1 When set to 1 an action button is added to the client user interface to enable the user to log off the access device This is the same action button created by the DisplayShutdown DisplayRestart and DisplayLogoff options If the button already displays from another option setting the Logoff option is added to the button drop down Not valid for Blade Workstation Client series or Linux Client The default value is O do not show DefaultSessionAction integer value 0 1 or 2 When set to O the default session action pressing the button without dropping down the list for the button is Shutdown If set to 1 the default action is Restart If set to 2 the default action is Logoff If only one action is enabled that option is the default action and this setting is ignored If this value corresp
147. tions the HP SAM Server has to search through the large database to get profiles and resource assignments Once the memory hurdle is cleared the next gate in performance is the processor e 2 000 Users CPU Core is a reasonable rule of thumb Network I O performance is not typically a bottleneck e Extra NIC cards to handle higher load of users are not typically needed SQL Database Considerations 12 The HP SAM SQL database can be installed on the same server as the HP SAM Web Server to keep from buying another hardware platform and another Server OS license however HP recommends separating them onto two different servers for the following reasons e Recovery times from hardware failures will be faster e As deployments grow in size and number of locations there will likely be multiple HP SAM Web Servers but only one centralized HP SAM SQL database Chapter 2 Requirements Most Administrators already know how to size a SQL database based upon amount of data captured however simultaneous HP SAM logons and logoffs can impact performance because these events have to be written to the database Therefore the platform sizing for the SQL should take this into account as user populations grow HP SAM is a multi tier application and the actual user never logs into the database directly at any time HP SAM only needs one logon which is the HP SAM service account You may want have more than one logon if you want manual access to the HP SA
148. to determine the domain from the user s logon information which may or may not be accurate e Policies string value Points to the section that lists settings that are loaded in the client s Load Predefined Settings list on the Other tab of the Options section This allows the administrator to pre define a number of settings associated with various connection types Refer to Policy Entries on page 44 Chapter 3 Installation DefaultPolicy string value This is the policy that should be selected by default in the client s Load Predefined Settings list on the Other tab of the Options section It is not related to HP SAM policies set in the HP SAM administrative console Autodial integer value O or 1 If value is set to 1 the program automatically tries to connect on startup without waiting for the user to type logon information Default value is 0 DefaultUsername string value If value is not specified the program attempts to determine the user name from the user s logon information which may or may not be accurate DefaultinsecurePassword string value You can use this field to pre populate the password box This field was intended for automated load testing in an environment where security is not of importance CAUTION The DefaultInsecurePassword field is in plain text format and should not be used in a production environment Debug integer value O or 1 If value is set to 1 debug logs for troubleshoot
149. tomers can keep user and resource populations in entirely separate support arenas and users do not need to migrate between them e When user populations go beyond 40 000 e When large user populations log on and off extremely frequently because this will impact performance for everyone on that SQL database Otherwise you should only have a single SQL database Chapter 2 Requirements Domain Environment Requirements for HP SAM e HP SAM is supported in domains whose domain controllers are running Windows 2003 Server or later e HP SAM is supported in domains with Domain Functional Level of Windows 2003 Windows 2008 or Windows 2008 R2 Server NOTE Ifthe domain is using Windows 2008 domain functional level you must install Service Pack 1 for Microsoft NET Framework on the HP SAM server e HP SAM only supports domains in a single forest e HP SAM requires UPN names on all user accounts to enable certain HP SAM functions such as logging in to the HP SAM administrative console and follow me roaming amp NOTE The built in Domain Administrator group and the built in Administrator user on the domain controller Windows 2003 or earlier cannot be added into HP SAM HP SAM Web and SQL Server Requirements You can install HP SAM on one or more failover HP SAM Web servers with one central HP SAM SQL database You can also install HP SAM on one server hosting both the HP SAM Web server and SQL database HP SAM Web Server Har
150. uitable for remote computing RGS provides extremely fast capture compression and transmission of the desktop image the actual frame buffer pixels using standard TCP IP networking For more information on RGS visit http www hp com go rgs Overview 4 How HP SAM Works 1 4 Chapter 1 When a user on an access device desktop notebook thin client requests a desktop session the HP SAM client sends a request to the HP SAM Web server a If configured HP SAM supports server failover If the HP SAM Web server does not respond the HP SAM client goes down the list to the next HP SAM Web server b The HP SAM client sends the user name and domain information to the HP SAM server The HP SAM Web server receives the user name and domain name from the HP SAM client The web server validates this information with the Microsoft Active Directory server The account must be valid and enabled in Active Directory to continue Normally the password is not authenticated at this point but is authenticated when logging into the operating system on the resource With HP SAM 3 0 or later the Authenticate Before Allocation feature can be enabled which will cause the password authentication to occur during this step instead The HP SAM Web server returns the appropriate desktop session information to the HP SAM client a The HP SAM Web server determines whether or not the user still has a desktop session running and if so reconnects th
151. urce in the Math Class role without having to choose which role He can then use the resource until the class is over Another reservation on the Math Class role may specify another math class in a different room ata later time for the same resource s The automatic logoff feature ensures that those resources will be available for students in the later class When the HP SAM Server and the access devices are in different time zones note that the times set in Resource Reservations are the times of the access device not the time of the server For example suppose the HP SAM server is in the Central Standard time zone and the time in the reservation is specified as 4PM This will correspond to 4PM on the access device in the Pacific Standard time zone even though the time on the HP SAM server operating system will show 6PM Therefore be sure that times and time zones are set correctly for all systems involved The automatic logoff time is given to the resource during user logon and is not updated if the reservations are subsequently updated on the server For example if a user is logged in during a reservation set for 2 3PM which has Allow time extensions enabled and there is another reservation already set for 5 6PM the resource will log the user off at 5PM If after the user logs in for the first reservation the HP SAM administrator adds a new reservation starting at 4PM the user will still not be logged off until 5PM The Logoff Scheduler Log
152. urces such as blade PCs The first role in the list is the computing resource s primary role All other roles if any are considered non primary When a user requests a resource in a certain role computing resources are allocated to the user in the priority order below e Available computing resource assigned to this role only e Available computing resource assigned to multiple roles with this role being the primary role e Available computing resource assigned to multiple roles with this role being the non primary role NOTE If at any time the configuration file is changed on the computing resource you must restart the service for the changes to take effect This may be overridden by roles assigned via the HP SAM administrative Console Install and Validate the HP SAM Registration Service Software 31 AssetGroupList The AssetGroupList section lists zero or more asset groups to which the computing resource can belong The HP SAM administrator or domain administrator has full rights to all Asset Groups in the HP SAM server Asset Groups allow full HP SAM Administrators to limit or hide objects resources users etc that other administrators are allowed to see and manage For more information see Manage Asset Groups on page 55 ServicePort Use the setting to specify a non default UDP port for HP SAM to use for communication between the HP SAM Server and the resources There are other settings you must also change when
153. vel override parameters set at the Group level and so forth Note that Parameter P2 is set at ON at the Global level but is overridden by the OFF setting at the higher Role level leaving an effective setting of OFF No Overrides Allowed can be set at any level to prevent override by parameters set at higher levels Note that the No Overrides Allowed setting ON for Parameter P4 at the lowest Global level overrides the OFF setting at the higher Role level This option does not affect whether or not the effective setting is forced upon the user The effective setting is always forced At the Security Group level HP SAM checks all Security Groups in alphanumeric order and uses the policy if any in the first Security Group encountered Note that Security Group 1 is the first Security Group encountered so the OFF setting for Security Group 1 leaves Parameter P with an effective setting of OFF and the ON setting for Security Group 2 is ignored N w The No Overrides Allowed option is set for a specific setting to prevent inheritance of other policies that would override the setting Create or Update a Policy To create a new policy click the Create button and type a new policy name To update or edit an existing policy click the policy name hyperlink When the Update Policy window displays set the value that you want or leave the value blank to allow it to inherit a value When you update or create policies you can view all available propert
154. vices TCP ANY to web server TCP 80 HTTP From blades TCP ANY to web server TCP 80 HTTP From admin_workstation TCP ANY to web server TCP 443 HTTPS From blades UDP 47777 to web server UDP 47777 Custom o Outgoing From web server TCP ANY to SQL_Server TCP 1433 MSSQL if not running on the same machine as the web server From web server TCP ANY to blades TCP 139 RPC From web server UDP 47777 to blades UDP 47777 Custom e SQL Server only if not running on the same machine as the web server o Incoming From web server TCP ANY to SQL_Server TCP 1433 Outgoing None 15 On an HP SAM server ASP NET 2 0 is required If other versions are installed as well check the Properties of the HP SAM website Click the ASP NET tab and then select ASP NET version 2 0 Grant Users HP SAM Administrator Access The Domain Administrator Domain Users in the Administrators Group on the Domain Controller and Domain Users in the HP SAM server local Administrators Group are automatically members of the HP SAM Administrator Group HP highly recommends that you update the system by adding security groups or individual names to the HP SAM Administrator access list instead of using the Administrator account to log on This helps track who did what and when To add other users as HP SAM administrators go to the HP SAM administrative console and add these users to the Administrator group See Users and Roles Tab
155. y This field is valid only if MapDrives is set to 1 This allows control over which logical drives are made available to the remote session The list corresponds to the RDP configuration file format and it looks as follows MapDrivesList c d e DrivesDynamic In this example the drives c d and e are made available along with the drives connected after the session is established DrivesDynamic Span integer value O or 1 When set to 1 specify that the session should span over all available monitors to the limits of the protocol being used This setting requires RDP6 or RGS and is ignored for RDP5 The default value for this option is O session shown on single monitor Additionally the following restrictions apply for RDP6 e Combined monitor resolution can be no greater than 4096x2048 pixels gt All monitors must be at same resolution gt All monitors must be aligned side by side MatchClientDisplays integer value O or 1 Setting this parameter to 1 allows RGS to map the sender displays to the client display devices RGS sessions must line up with the physical display boundaries on the client desktop in order to set valid display resolutions on the sender Use this feature for multi display clients on senders that have multiple physical displays Senders that are configured to use a single logical display will cause RGS to revert to setting a single display instead of multiple displays RGS 5 1 3 or later is required De
156. y via the browser Windows based Client To install the HP SAM client on a Windows based thin client or on a desktop notebook PC running Windows XP Windows Vista or Windows 7 1 If you are installing the HP SAM client on a Windows based thin client unlock the write filter If you do not unlock the write filter before installing or saving configuration information to the XPe client the installation or configuration information will be lost when the client is turned off 2 Log onto the access device under an account with local administrative rights and run the scw32 xx MSI file is the software version to install the Windows XP based client Replace xx with e EN English e JA Japanese e FR French e DE German e KO Korean e ZH CN Simplified Chinese 3 Follow the installation wizard After the software is installed verity the program is placed on the start menu Start gt All Programs gt Hewlett Packard gt HP Session Allocation Client 5 If you unlocked the write filter in step 1 re enable it now Install and Validate the HP SAM Client Software 35 Customization Steps Recommended Start up the HP SAM client Type the HP SAM web server name Click the Options button 1 2 3 4 Change appropriate connection settings 5 Click the Save Settings button 6 Save the config file hprde sam to the default location if possible this may be locked down on some thin clients When you l
Download Pdf Manuals
Related Search