Want to set up a Horizon lab in Ravello but not sure how to set it up to allow clients to connect from the outside world? Here’s how it’s done!
This is a quick post to fill in some detail around setting up a VMware Horizon lab in Ravello, and how to configure the VMs and services so that you can connect your Horizon Client to it, from the outside world.
Basically this is all about the configuration of the services for your Horizon Security VM in Ravello, and making sure the settings in the Horizon Connection Server and Security Server are configured with the correct URLs and IPs. Sounds simple, and it actually is so let’s take a look.
I’m not one to reinvent the wheel (and it’s absolutely nothing to do with my inherent laziness, oh no), so to take you from scratch I’ll point you to some existing resources to that will take you through getting the environment all set up. For details of how to set up some ESXi hosts in Ravello, and a useful idea of how to spin up anything in Ravello for that matter, see this Ravello Community post. For the purposes of a Horizon lab you’ll want a basic vSphere set up with vCenter and a couple of hosts at least. You’ll also find handy an Active Directory or similar VM- this can be on your nested ESXi hosts or as a separate Ravello VM.
Next, for a guide to getting Horizon ready to roll I recommend this multi-post series from Daniel Boring at virtuallyboring.com, it’s well written, detailed and easy to follow. Enough said really. You might want to create a desktop VM to test connectivity to, again either a VM on your nested ESXi or native on Ravello.
So now you’re all caught up with your Ravello lab and Horizon is all sorted, there’s just a few specific things to note in order to allow you to get connected.
Configure the Services
As you’ll have learnt from following the Horizon setup in the link above, you’ll need to make sure certain ports are open to your Horizon Security Server in order to allow your client to connect, namely 443 for HTTPS (logins and such), 8443 for Blast Extreme (via Blast Extreme Gateway on your Security Server), and 4172 for PCoIP (note that both TCP and UDP are required- forget to add UDP 4172 and you’ll get ‘Desktop is slow to load’ errors and network timeouts when attempting to connect). If you’re interested you can find a complete run down of all required ports in a Horizon deployment in this fun to read Network Port Guide.
So how do we make sure these are all accessible through Ravello? Supplied Services is the answer. To make life easier set up your Security Server as a Ravello VM (so not on your nested ESXi VMs) and you can set the services up with a few clicks. From the Canvas view click your Security Server VM, then click Services in the right-pane. Add each service to look like this:
All done? Excellent. Make sure you Update the application in Ravello before continuing with…
Next you’ll need to pull your external IP and URL details for your Security Server VM from Ravello, into your Horizon Connection server and Security server configurations (yes both- they need to match).
First, make a note of the full DNS name and current IP address for your Security Server VM. With the Security Server VM highlighted in the canvas you can find these details in the ‘Summary‘ tab in the right-pane. It is worth noting here that the IP address will likely change every time you power up the application so you may need to update this in the Horizon config as required, but the DNS should remain the same. So, let’s find it and take a note:
Obviously part of my full DNS name and IP has been obscured here, but take a note of the full name and IP address.
Noted? Cool, let’s crack on and update the configs.
So head to your Horizon Administrator interface (https://<your_connection_server>/admin), expand View Configuration and click Servers. Then in the Servers pane, click the Security Servers tab and select your Security Server from the list. Then, click Edit.
In the HTTP(S) Secure Tunnel and Blast Secure Gateway fields, enter the correct DNS details recorded earlier, remembering to keep the https:// and :443 at the beginning and end respectively.
Then replace the PCoIP Secure Gateway IP address with the external IP address you noted earlier, keeping the :4172 port designation the same.
Awesome. Now we need to do the same for the Connection Server, so switch to the Connection Servers tab, select your Connection Server and hit Edit.
As above, enter the DNS and IP details, remembering to keep the protocol and port prefix/suffix where applicable.
That’s it! Set up your resources and your entitlements and you will be able to connect to your Ravello Cloud-based VMware Horizon lab from anywhere in the world. Enjoy.
I hope you found this useful, any queries then feel free to give me a shout. New to Ravello? Head to https://cloud.ravellosystems.com to get started.