HP Compaq Presario SR5513CF, Compaq Presario SR5404F, Compaq Presario SR5515CF, Compaq Presario SR5302FH Administrator's Guide
Administrator's Guide
HP Session Allocation Manager (HP SAM) v.3.0
© Copyright 2007–2009 Hewlett-Packard
Development Company, L.P. The
information contained herein is subject to
change without notice.
Microsoft and Windows are trademarks of
Microsoft Corporation in the U.S. and other
countries.
The only warranties for HP products and
services are set forth in the express warranty
statements accompanying such products
and services. Nothing herein should be
construed as constituting an additional
warranty. HP shall not be liable for technical
or editorial errors or omissions contained
herein.
This document contains proprietary
information that is protected by copyright. No
part of this document may be photocopied,
reproduced, or translated to another
language without the prior written consent of
Hewlett-Packard Company.
The MIT License
http://sourceforge.net/projects/expat/
http://www.opensource.org/licenses/mitlicense.php
Permission is hereby granted, free of charge,
to any person obtaining a copy of this
software and associated documentation files
(the "Software"), to deal in the Software
without restriction, including without
limitation the rights to use, copy, modify,
merge, publish, distribute, sublicense, and/or
sell copies of the Software, and to permit
persons to whom the Software is furnished to
do so, subject to the following conditions:
The above copyright notice and this
permission notice shall be included in all
copies or substantial portions of the
Software. THE SOFTWARE IS PROVIDED
"AS IS", WITHOUT WARRANTY OF ANY
KIND, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT
SHALL THE AUTHORS OR COPYRIGHT
HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT,
TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE
SOFTWARE OR THE USE OR OTHER
DEALINGS IN THE SOFTWARE.
Copyright © 2006 by the Open Source
Initiative
Policy questions about open source go to the
Board of Directors.
The contents of this website are licensed
under the Open Software License 2.1 or
Academic Free License 2.1. OSI is a
registered non-profit with 501(c)(3) status.
Donating to OSI is one way to show your
support.
Part of the software embedded in this
product is gSOAP software.
Portions created by gSOAP are Copyright
(C) 2001-2004 Robert A. van Engelen,
Genivia inc. All Rights Reserved.
THE SOFTWARE IN THIS PRODUCT WAS
IN PART PROVIDED BY GENIVIA INC AND
ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL,
EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING
IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
Copyright (c) 1998-2007 The OpenSSL
Project. All rights reserved.
Copyright (C) 1995-1998 Eric Young
(eay@cryptsoft.com). All rights reserved.
Administrator's Guide
HP Session Allocation Manager (HP SAM)
v.3.0
Fifth Edition (August 2009)
Fourth Edition (November 2008)
Third Edition (December 2007)
Second Edition (August 2007)
First Edition (June 2007)
Document Part Number: 453252–005
Technical questions about the website go to
Steve M.: webmaster at opensource.org /
About This Book
WARNING! Text set off in this manner indicates that failure to follow directions could result in bodily
harm or loss of life.
CAUTION: Text set off in this manner indicates that failure to follow directions could result in damage
to equipment or loss of information.
NOTE: Text set off in this manner provides important supplemental information.
ENWW iii
iv About This Book ENWW
Table of contents
1 Introduction
What's New in This Release ................................................................................................................ 2
Resource Reservations (AKA Access Restrictions) ............................................................ 2
Authenticate Before Allocation ............................................................................................. 3
Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar ........ 4
Support for RGS Senders Running on a Non-default Port .................................................. 4
Logoff Scheduler .................................................................................................................. 4
Key Features ........................................................................................................................................ 4
Overview .............................................................................................................................................. 5
How HP SAM Works ............................................................................................................ 6
HP SAM Software Components .......................................................................................... 7
Remote Graphics Software (RGS) ...................................................................................... 8
Common Tasks .................................................................................................................................... 9
Setting up HP SAM .............................................................................................................. 9
Setting up a User with a Dynamic Resource ....................................................................... 9
Setting up a User with Static (Dedicated) Resources ........................................................ 10
Configuring a Monitor Layout for a User ............................................................................ 11
2 Requirements
HP SAM Hardware and Software Requirements ............................................................................... 13
Architectural Considerations and Best Practices for Setting up an HP SAM
Environment ....................................................................................................................... 13
Domain Environment Requirements for HP SAM .............................................................. 16
HP SAM Web and SQL Server Requirements .................................................................. 16
HP SAM Registration Service Requirements ..................................................................................... 21
Access Device Requirements ............................................................................................................ 22
Thin Client .......................................................................................................................... 22
Mobile Thin Client .............................................................................................................. 22
Desktop or Notebook PC ................................................................................................... 22
Blade Workstation Clients .................................................................................................. 23
Personal Workstation Clients ............................................................................................. 23
Other requirements ............................................................................................................................ 24
Create a Service Account .................................................................................................. 24
Obtain Administrative Rights ............................................................................................. 24
ENWW v
3 Installation
Order of Installation ............................................................................................................................ 25
Install the HP SAM Web Server and SQL Software ........................................................................... 27
Install and Validate the HP SAM Registration Service Software ........................................................ 29
Install and Validate the HP SAM Client Software ............................................................................... 33
Deploy the HP SAM Registration Service to All HP SAM Computing Resources .............................. 49
Deploy HP SAM Client Software to All HP SAM Access Devices ...................................................... 49
Change the Firewall ........................................................................................................... 24
Active Directory .................................................................................................................. 24
New Installation ................................................................................................................. 25
Upgrade ............................................................................................................................. 25
Grant Users HP SAM Administrator Access ...................................................................... 29
Configure HP SAM System Settings ................................................................................. 29
Configure Secure Socket Layer (SSL) ............................................................................... 29
Install the HP SAM Registration Service ........................................................................... 30
Create the HP SAM Registration Service Configuration File ............................................. 31
Start/Restart the HP SAM Registration Service ................................................................. 33
Test the HP SAM Registration Service .............................................................................. 33
Internet Explorer-Based Client ........................................................................................... 34
Windows XPe-Based Client ............................................................................................... 35
Linux-Based Client ............................................................................................................. 36
Configuration Settings ....................................................................................................... 38
Global and Local Client Configuration Files ....................................................................... 47
Legal Banner ..................................................................................................................... 48
4 Administration
Log In ................................................................................................................................................. 51
General Navigation and User Interface Design .................................................................................. 51
Display More (or Fewer) Items Per Page .......................................................................... 51
Move Columns ................................................................................................................... 51
Sort Result List .................................................................................................................. 51
Select More Than One Item ............................................................................................... 51
Managing the HP SAM Administrator Access List ............................................................................. 52
Add Individual Users to the HP SAM Administrator Group ................................................ 52
Add Security Groups or Organizational Units to the HP SAM Administrator Group .......... 52
Remove Users or Groups From the HP SAM Administrator Group ................................... 53
HP SAM Administrator Console Tabs ................................................................................................ 54
Home Tab .......................................................................................................................... 54
Users and Roles Tab ......................................................................................................... 54
Resources tab .................................................................................................................... 62
Manage Data Centers ........................................................................................................ 65
Policies Tab ....................................................................................................................... 66
vi ENWW
System Settings Tab .......................................................................................................... 69
Reports Tab ....................................................................................................................... 73
Log Tab .............................................................................................................................. 76
Setting Up Smart Card Login on the Access Device .......................................................................... 77
Configuring Session Time Limits for Remote Sessions ..................................................................... 79
Appendix A Firewall Rules
Web Server ........................................................................................................................................ 81
Clients ................................................................................................................................................ 81
Resources .......................................................................................................................................... 82
SQL Server ......................................................................................................................................... 82
Appendix B Frequently Asked Questions
Appendix C Registration Service Error Codes
Appendix D Glossary
Index ................................................................................................................................................................... 92
ENWW vii
viii ENWW
1 Introduction
HP Remote Client Solutions are designed to support a variety of users’ needs, from the most basic
computing tasks to more demanding professional and technical applications, while giving IT greater
control over technology resources, simplifying desktop management, increasing agility and, in many
cases, reducing total cost of ownership.
Underlying HP Remote Client Solutions is a unified infrastructure that enables client deployment,
session allocation, balancing of computing resources, and supports the business needs of a diverse set
of users though the use of a common set of tools.
The HP Session Allocation Manager (HP SAM) system is the control point in managing an HP Remote
Client Solutions deployment. HP SAM manages the assignment of connections from an end-user's client
access device to desktop sessions running on computing resources in a centralized location (typically,
a data center). HP SAM makes these desktop sessions available to users as they are needed.
For more information about HP Remote Client Solutions, visit
http://www.hp.com/go/rcs.
ENWW 1
What's New in This Release
Resource Reservations (AKA Access Restrictions) on page 2
●
Authenticate Before Allocation on page 3
●
Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar
●
on page 4
Support for RGS Senders Running on a Non-default Port on page 4
●
Logoff Scheduler on page 4
●
Resource Reservations (AKA Access Restrictions)
This feature allows the administrator to restrict when and from where users may access resources. It
also provides the ability to free up resources as needed for when other users require those resources.
Role settings now enable the administrator to specify the source IP Address range time of day, and day
(s) of the week. Users in that role will then only receive a resource from that role when using an access
device in the IP Address range and only on the specified day during the specified period of time. In this
case, the user will be sent directly to a resource in this role even if he has many other roles—he will not
see a role selection dialog. If outside of the IP range and time/day, the user will be denied access to
that role. Multiple such reservations can be designated on each role.
By default, at the end of the reservation period, the user is logged off of the resource. The Allow time
extension option can be set to allow a user to remain logged in beyond the current resource reservation
end time. They can remain logged in until another resource reservation time period for the same role
begins (or at 12:00 midnight, if no other reservations are set.) A dialog warns the user before the logoff
occurs. The lead time of this warning can be configured in System Settings on the General page of the
HP SAM Web Administrator console.
For example, a school may use resource reservations to ensure students get a resource from the correct
role for each class and make sure resources are freed in time for a later class needing resources in the
same role. The administrator can set a reservation on the Math Class role specifying the IP address
range of a certain classroom and a certain time/day when the math class occurs. The student who logs
in using a computer in this classroom during the right day and time will get a resource in the Math
Class role without having to choose which role. He can then use the resource until the class is over.
Another reservation on the Math Class role may specify another math class in a different room at a later
time for the same resource(s). The automatic logoff feature ensures that those resources will be
available for students in the later class.
When the HP SAM Server and the access devices are in different time zones, note that the times set
in Resource Reservations are the times of the access device, not the time of the server. For example,
suppose the HP SAM server is in the Central Standard time zone and the time in the reservation is
specified as 4PM. This will correspond to 4PM on the access device in the Pacific Standard time zone
(even though the time on the HP SAM server operating system will show 6PM.) Therefore, be sure that
times and time zones are set correctly for all systems involved.
The automatic logoff time is given to the resource during user login and is not updated if the reservations
are subsequently updated on the server. For example, if a user is logged in during a reservation set for
2-3PM which has Allow time extensions enabled and there is another reservation already set for
5-6PM, the resource will log the user off at 5PM. If, after the user logs in for the first reservation, the HP
SAM administrator adds a new reservation starting at 4PM, the user will still not be logged off until 5PM.
The Logoff Scheduler (
Logoff Scheduler on page 4) features can be used to set a logoff time slightly
2 Chapter 1 Introduction ENWW
before 4PM to ensure the resources are free in time for the newly added reservation. A manual or
scheduled synchronize operation has no effect on resource reservations.
NOTE: This feature is only supported on resources running a Windows operating system.
Refrain from using resources assigned to multiple roles while using this feature. This can cause the
automatic logoff to not occur when the resource is needed for a reservation set on one of the resource’s
other roles.
There are two other features in HP SAM that can bypass the role selection dialog for users with multiple
roles: Monitor Layouts and Multi-session Auto-connection. If a conflict occurs, Monitor Layouts
will prevail over Resource Reservations which will prevail over Multi-session Auto-connection.
Authenticate Before Allocation
When enabled, this feature enhances security by requiring the user to enter his username and password
on the HP SAM client, which will then be authenticated by Active Directory before sending a user to a
resource or displaying a list of roles and resources. The feature also eliminates the possibility of Active
Directory locking out a user because he mistyped his password during a single connection attempt when
trying to connect to multiple resources at once. This feature is disabled by default.
With this feature disabled, the behavior is the same as with previous versions of HP SAM where
password authentication is first done when logging into the operating system on the resource.
To enable this feature, all of the following must be configured:
Enable Authentication before Allocation on the General page of System Settings on the HP
●
SAM Web Administrator console.
Ensure that a certificate from the domain certificate authority is installed on the HP SAM Web site
●
in IIS on the HP SAM server.
The following option must be enabled via the HP SAM client configuration file on all access devices:
●
AuthenticateBeforeAllocation=1.
There is no setup needed for the Web Client, but the user must type in the URL using https instead
●
of http (e.g., https://samserver).
Ensure that communication between the access device and the HP SAM Server via SSL (typically
●
port 443) is not blocked by a firewall.
The Allow Expired Password setting in System Settings gives the HP SAM administrator the option
to allow users with expired passwords to continue on so that they can change the password using the
operating system on the resource.
NOTE: Previous versions of the HP SAM client cannot be used when this feature is enabled.
This feature is not compatible with Smart Card single sign-on and must be disabled before using Smart
Cards.
ENWW What's New in This Release 3
Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar
New functionality has been added to the HP SAM connection bar and can be accessed by right-clicking
on a session’s status icon and choosing the following actions from the context menu:
Switch To—brings the selected session window to the top
●
Move—moves the session window around the local desktop
●
Minimize—minimizes the session window to the taskbar
●
Minimize All—minimizes all session windows to the taskbar for quick access to the local desktop
●
The action when left-clicking on a session’s status icon has been changed to perform the Switch To
action. (In previous versions of HP SAM, the left-click action was Move.)
The HP SAM administrator may disable the right-click context menu by setting
ConnectionBar.EnableContextMenu=0 in the HP SAM client configuration file. It is enabled by default.
NOTE: The HP SAM connection bar is disabled by default on the Windows HP SAM Client. To enable
it, set ConnectionBar.Enable=1 in the HP SAM client configuration file. The connection bar is enabled
by default on the Linux HP SAM client.
Support for RGS Senders Running on a Non-default Port
HP SAM 3.0 includes support for resources running the RGS Sender (version 5.2.6 or later) that have
been configured to use a TCP port other than 42966. This feature is only available for Windows-based
resources. For more information, see the HP Remote Graphics Software User Guide.
Logoff Scheduler
The HP SAM administrator can now schedule a forced logoff of users from all resources in the specified
roles. The feature supports very flexible time of day and frequency. Only supported on Windows-based
resources.
Key Features
Allocation system to assign users to computing resources (such as blade PCs, workstation blades,
●
or virtual machines)
Self-registration of computing resources
●
Central management of access device remote connection settings
●
Follow-me roaming and persistence support to enable reconnection to an open session from a
●
different access device
Customizable administration levels
●
Usage and Capacity Planning reports
●
Dedicated user/display to computing resource mapping
●
4 Chapter 1 Introduction ENWW
Overview
HP SAM enables automatic provisioning of remote computing resources to users.
Figure 1-1 HP SAM Configuration
HP SAM can be configured to enable a user to connect to the desktop session of a particular remote
computing resource (identified by its IP address or hostname)—this is known as a static connection.
Figure 1-1 HP SAM Configuration on page 5, HP SAM has been configured to statically connect user
In
Tom to blade PC 1 with an IP address of 15.2.76.100. Regardless of which access device Tom uses,
he is automatically connected to blade PC 1 at address 15.2.76.100.
HP SAM can also be configured to enable a user to connect to any of a pool of computing resources—
this is known as a dynamic connection. HP SAM allows the administrator to define one or more roles
for each computing resource. A computing resource with a role of “abcde”, for example, might be
configured with applications to conduct stock transactions or accounting functions. In
SAM Configuration on page 5, HP SAM has been configured to allow user Mai to dynamically connect
to one of the three blade workstations supporting the role of “abcde.”
HP SAM uses HP Remote Graphics Software (RGS) or Microsoft® Remote Desktop Protocol (RDP) to
connect between access devices and computing resources.
RGS has features which make it particularly suitable for remote computing. RGS provides extremely
fast capture, compression, and transmission of the desktop image (the actual frame buffer pixels) using
standard TCP/IP networking. For more information on RGS, visit
http://www.hp.com/go/rgs.
Figure 1-1 HP
ENWW Overview 5
How HP SAM Works
1. When a user on an access device (desktop, notebook, thin client) requests a desktop session, the
HP SAM client sends a request to the HP SAM Web server.
a. If configured, HP SAM supports server failover. If the HP SAM Web server does not respond,
the HP SAM client goes down the list to the next HP SAM Web server.
b. The HP SAM client sends the user name and domain information to the HP SAM server.
2. The HP SAM Web server receives the user name and domain name from the HP SAM client. The
Web server validates this information with the Microsoft Active Directory server. The account must
be valid and enabled in Active Directory to continue. Normally, the password is not authenticated
at this point, but is authenticated when logging into the operating system on the resource. With HP
SAM 3.0, the Authenticate Before Allocation feature can be enabled which will cause the
password authentication to occur during this step instead.
3. The HP SAM Web server returns the appropriate desktop session information to the HP SAM client.
a. The HP SAM Web server determines whether or not the user still has a desktop session
running and, if so, reconnects the user to that same session (i.e., follow-me roaming). If the
user has no existing desktop session, the HP SAM Web server checks its internal database
to see what resources are available and connects the user to an appropriate resource.
b. If the user has more than one role or resource assignment, they will be prompted to choose.
c. The data returned to the HP SAM client contains the IP address(es) (or Host name(s),
depending on how it is configured on the HP SAM Web server) of the appropriate resources.
d. If no computing resource is available, the HP SAM client informs the user.
4. The HP SAM client connects to the appropriate desktop session.
NOTE: HP SAM uses HP Remote Graphics Software (RGS) or Microsoft® Remote Desktop
Protocol (RDP) to connect between access devices, computing resources, and OUs.
5. The user is then prompted at the login screen for the password. The user name and domain is
prepopulated by the HP SAM client. This step is omitted if the user has already entered the
password on the HP SAM client and either RDP is used or RGS in Single Sign-on mode is enabled.
NOTE: With RDP, RGS 5.1 or later, or Authenticate Before Allocation (seeAuthenticate Before
Allocationon page 3), HP SAM allows users with expired passwords to log on. They are then
required to update their passwords immediately.
6. Once the user logs in, the HP SAM registration service on the computing resource reports back to
the HP SAM Web server.
7. Once the user disconnects or logs out, the HP SAM registration service updates the HP SAM Web
server with the new information.
6 Chapter 1 Introduction ENWW
ENWW Overview 7
HP SAM Software Components
The following are the primary components of HP SAM.
HP SAM Client—The HP SAM Client runs on the access device and displays the graphical
●
interface employed by the user to request a connection from a client computer to a computing
resource. When the user requests a connection, the HP SAM client communicates this request to
the HP SAM Web Server for execution.
HP SAM Web Server—The HP SAM Web Server (web server) runs on Windows Server 2003 or
●
2008 and manages the operation of HP SAM. A request is made to the web server when a user
on an access device requests a connection to a computing resource. The web server validates the
request, and then communicates back to the access device to orchestrate the connection. In
addition, the web server supports a browser interface to allow the HP SAM administrator to set up,
configure, and administer HP SAM. The web server also creates and accesses a database in
Microsoft SQL Server.
HP SAM Registration Service—The HP SAM Registration Service (registration service or blade
●
service) runs on the computing resource and communicates the status of the computing resource
and its connections to the HP SAM Web Server.
NOTE: Refer to the documentation that shipped with your computing resource and your access device
to determine which of the above components are factory-installed on your hardware and which
components you’ll need to install. For example, the HP SAM Client and the RGS Receiver are both
factory-installed on some clients. Other RGS software is optional and must be acquired separately. For
more information on RGS, visit
http://www.hp.com/go/rgs.
Remote Graphics Software (RGS)
RGS is a communication protocol similar to Microsoft Remote Desktop Protocol (RDP). HP SAM allows
you to use either RGS or RDP.
RGS has a couple of advantages over RDP:
RGS has advanced graphics capabilities that provide a better experience with multimedia and 3D
●
graphics applications over a standard computer network.
RGS supports multiple monitors configured with an offset layout.
●
Thin clients are set to use RGS when possible. If both RGS and RDP are installed on the access device,
RGS is the default. If RGS is installed on both access device and computing resource, RGS is used. If
one or both do not have RGS, then RDP is used.
HP RGS is optional and must be acquired separately. For information on HP RGS, visit
http://www.hp.com/go/rgs. To view the HP Remote Graphics Software User Guide, visit
http://www.hp.com/support/rgs_manuals and scroll down to the User guide heading.
8 Chapter 1 Introduction ENWW
Common Tasks
Setting up HP SAM
1. Install HP SAM. See Installation on page 25.
2. Add users.
a. Add new users. See
b. Create administrative groups, assign users, and customize permissions. See
Administrative Permissions on page 56.
3. Create a policy. See
4. Create a role. See
5. Assign computing resources or roles to the users. See
Manage Resource Roles on page 54.
Add New Users on page 61.
Create or Update a Policy on page 68.
Setting up a User with a Dynamic Resource
HP SAM enables computing resources to be dynamically shared among users.
Figure 1-2 Dynamic Connection Example
Manage
Manage Users on page 57.
In Figure 1-2 Dynamic Connection Example on page 9, we need to grant user Mai access to computing
resources. A pool of three blade workstations has been assembled, each configured to support the role
of “abcde”.
We assign Mai a role of “abcde.” See
▲
This means Mai is now authorized to access any computing resource which supports a role of “abcde.”
Therefore, when Mai requests connection to an “abcde” computing resource, HP SAM automatically
connects her access device to one of the three blade workstations (presuming one is available)
supporting that role.
ENWW Common Tasks 9
Manage Users on page 57.
Setting up a User with Static (Dedicated) Resources
Dedicated (static) resource assignment allows one or more specific computing resources to be assigned
to a user and it allows one or more computing resources to be assigned as backup.
Support for Static roaming allows users to work from other locations. The differing display configurations
can be stacked on the client desktop to provide full access with fewer monitors.
Figure 1-3 Static (Dedicated) Connection Example
In Figure 1-3 Static (Dedicated) Connection Example on page 10, we need to grant user Tom access
to a specific computing resource. A blade PC has been configured to support Tom.
1. We assign blade PC 1 with an IP address of 15.2.76.100 to Tom. See
Manually on page 58.
2. To make sure Tom has a computing resource even if blade PC 1 is down, we assign blade PC 3
with an IP address of 15.2.76.102 to act as backup to blade PC 1. See
Manually on page 58.
Now, regardless of what client computer Tom uses, he is automatically connected to blade PC 1 at
address 15.2.76.100. If blade PC 1 fails, Tom clicks Connect and is automatically connected to blade
PC 3.
NOTE: If a blade is in a dynamic role and is reassigned as a dedicated resource to a user, that blade
is no longer available for allocation in the dynamic role to any other user, even if the current status is
Available. It is highly recommended that dedicated resources not be assigned to a dynamic resource
role, which will then help you accurately track the list of Available and In Use resources.
To Assign Resources
To Assign Resources
10 Chapter 1 Introduction ENWW
Configuring a Monitor Layout for a User
HP SAM allows a user to connect to multiple computing resources, thereby creating simultaneous
remote sessions. Resources can be made available either by static assignment to the user or by
assignment to roles allocated to the user.
Mapping a static user/display ID to computing resource(s) allows a specific combination of user ID and
client ID to be mapped to a specific computing resource or a specific group of computing resources.
When that user logs on to that client using RGS, the preconfigured computing resources are displayed
at a specific location and resolution on the client monitor or monitors.
Figure 1-4 Monitor Layout Example
In Figure 1-4 Monitor Layout Example on page 11, user Lee has static access to two blade PCs. HP
SAM needs to be configured to display the information from these blade PCs on Lee's two monitors.
1. We create a monitor layout ID first. See
2. We assign the new monitor layout ID to Lee's access device. See
on page 64.
3. We assign the Monitor Layout ID to Lee and select the two blade PCs already assigned to him as
resources for that Monitor Layout ID. See
Both monitors have the same resolution width and height, so we enter 1280 and 1024, respectively,
next to each blade PC selected.
HP SAM treats the set of monitors as a single unit. To display output from each blade PC on a
different monitor, we have to specify the horizontal and vertical offset, the distance from upper left,
at which the output should appear.
We want output from blade PC 4 to be displayed on Lee's left monitor and output from blade PC
5 to be displayed on his right monitor, as shown in
Example on page 12. To display output from blade PC 4 on the left monitor, the upper left position,
we set both the horizontal and vertical offsets to 0. To display output from blade PC 5 on the right
monitor, we must set the horizontal offset one monitor resolution over, so we set that horizontal
offset to 1280. The display is not lowered, however, so the vertical offset is still 0.
NOTE: Offsets are only honored when using the RGS protocol. Sessions using the RDP protocol
will typically appear stacked on the default display.
Support for roaming allows users to work from other locations. If Lee logs in from another client, the
differing display configurations can be stacked on the client desktop to provide full access with fewer
monitors.
Manage Monitor Layout on page 65.
Manage Access Devices
Manage Users on page 57.
Figure 1-5 Monitor Offset Configuration
ENWW Common Tasks 11
Figure 1-5 Monitor Offset Configuration Example
12 Chapter 1 Introduction ENWW
2 Requirements
HP SAM Hardware and Software Requirements
Architectural Considerations and Best Practices for Setting up an HP SAM Environment
Server Sizing
In general, the HP SAM Server can handle a theoretical maximum user and resource population of
40,000.
This is based on the assumption that no more than 1% of users will attempt to connect within the
●
same 30-second window.
HP SAM Server, at minimum specification, has been shown to handle up to at least 500 blade
requests within the same 3-second time slot without giving a denial. The results may vary based
on the speed of the servers and infrastructure used.
Increase Memory as user population grows:
Performing HP SAM searches can tax memory because the HP SAM Server pulls a copy of the
●
database across the network to memory in order to complete this task.
One GB of RAM per 2,000 users or resources (whichever is greater) is a good rule of thumb.
●
Increase processor speed and cores as user population grows.
Memory is the primary gate on performance of the HP SAM Server. When handling large user
●
populations, the HP SAM Server has to search through the large database to get profiles and
resource assignments. Once the memory hurdle is cleared, the next gate in performance is the
processor.
2,000 Users/CPU Core is a reasonable rule of thumb.
●
Network I/O performance is not typically a bottleneck.
Extra NIC cards to handle higher load of users are not typically needed.
●
ENWW HP SAM Hardware and Software Requirements 13
SQL Database Considerations
The HP SAM SQL database can be installed on the same server as the HP SAM Web Server to keep
from buying another hardware platform and another Server OS license, however HP recommends
separating them onto two different servers for the following reasons:
Recovery times from hardware failures will be faster.
●
As deployments grow in size and number of locations, there will likely be multiple HP SAM Web
●
Servers but only one centralized HP SAM SQL database.
Most Administrators already know how to size a SQL database based upon amount of data captured,
however, simultaneous HP SAM log-ins and log-offs can impact performance because these events
have to be written to the database. Therefore, the platform sizing for the SQL should take this into
account as user populations grow.
HP SAM is a multi-tier application and the actual user never logs into the database directly at any time.
HP SAM only needs one login, which is the HP SAM service account. You may want have more than
one login if you want manual access to the HP SAM database without using the HP SAM service account.
HP SAM needs many concurrent connections. HP SAM does not have control over the number of
connections. Instead, the .NET Framework database engine decides whether it is more efficient to wait
for a connection, re-use an existing connection, or create a new connection. Normally, the busier the
database, the more connections are created. They are automatically destroyed once the operations are
complete.
You should not need to limit the concurrent connections. If you must set a limit, we recommend that you
set it for at least 200–300.
The HP SAM database consists of two files:
SAM_data.mdf: Location of the HP SAM tables
●
SAM_log.ldf: Location of transaction log information. SQL server uses this file to keep track of
●
SQL transactions.
The default size is 100MB for each file, but the actual data inside each file is about 10MB. This leaves
about 90MB free for each to grow before SQL has to expand the file.
The SAM_data.mdf file holds several HP SAM tables, including History and AuditLog tables. These two
tables store the HP SAM history data and events, and over time these two tables will grow larger. If you
disable history and audit logs, you will not outgrow the 100MB default with 100 users. If you do not
disable them, SAM_data.mdf will grow by at least 100MB a day.
The busier the database, the more transactions will be added to the SAM_log.ldf file. When a transaction
is complete, it is removed from the file. The maximum size of the file, therefore, is when the concurrent
transactions peak. For 100 users, the average size of this file should be less than 2 GB.
14 Chapter 2 Requirements ENWW
To optimize the HP SAM database performance, a database administrator should do two things:
Develop a SQL maintenance plan. This includes backing up HP SAM database and truncating
●
orphaned transaction logs in the LDF file. When backing up, the orphaned transactions are
truncated, but the size of the LDF file is not reduced. The database administrator can shrink the
LDF file as far as the 100MB default, if desired.
If the history and audit logs are not disabled, the database administrator will need to truncate these
●
two tables periodically. It is recommended that this be done on a weekly basis to keep
SAM_data.mdf under 1GB.
Number of HP SAM Servers
It is recommended that, as user populations grow, the number of HP SAM Servers (gateways) be
increased to handle loading and provide backup gateways when another server is inaccessible for
whatever reason.
If you want to avoid continuing to increase memory and processor cores on the HP SAM Server, create
multiple gateway servers and split user populations to limit the number of users using a particular
gateway as their primary target. You may also split resources between HP SAM servers to distribute
the load between servers.
Regionalization of Data Centers
When placing users in one region and blades in another:
As population size increases, the HP SAM Server should be local to the blades/resources as
●
opposed to local to the users for the following reasons:
Because the database of users has to be pulled across the network to HP SAM Server
◦
memory, the WAN could impact performance if this database becomes too large.
If the two servers (SQL and HP SAM) are in the same data center, their communication can
◦
occur over the high speed backbone with little to no performance impact from the network.
With relatively small population sizes (fewer than 3,000), you may place the HP SAM Server local
●
to the users as opposed to local to the blades/resources for the following reasons:
The database of users being pulled across the network to HP SAM Server is small and
◦
impacted very little by the WAN.
The local HP SAM Server limits the number of users hitting that server, so the server can be
◦
smaller.
Disaster Recovery designs
Multiple HP SAM servers can be configured so that users and resources will failover to another HP
●
SAM server if a server becomes unreachable. It is recommended that the HP SAM servers be
installed in different locations for a greater likelihood that at least one server will remain accessible.
ENWW HP SAM Hardware and Software Requirements 15
Multiple SQL Databases
Typically, one SQL database should be shared between all HP SAM servers. Only in some situations
does it make sense to use more than one distinct SQL database:
When customers can keep user and resource populations in entirely separate support arenas and
●
users do not need to migrate between them.
When user populations go beyond 40,000.
●
When large user populations log on and off extremely frequently, because this will impact
●
performance for everyone on that SQL database.
Otherwise, you should only have a single SQL database
Domain Environment Requirements for HP SAM
HP SAM is supported in domains whose domain controllers are running Windows 2003 Server or
●
later.
HP SAM is supported in domains with Domain Functional Level of Windows 2003 or Windows
●
2008.
NOTE: If the domain is using Windows 2008 domain functional level, you must install Service
Pack 1 for Microsoft .NET Framework on the HP SAM server.
HP SAM only supports domains in a single forest.
●
HP SAM requires UPN names on all user accounts to enable certain HP SAM functions, such as
●
logging in to the HP SAM Administrative console and follow-me-roaming.
NOTE: The built in Domain Administrator group and the built-in Administrator user on the domain
controller (Windows 2003 or earlier) cannot be added into HP SAM.
HP SAM Web and SQL Server Requirements
You can install HP SAM on one or more failover HP SAM Web servers with one central HP SAM SQL
database. You can also install HP SAM on one server hosting both the HP SAM Web server and SQL
database.
HP SAM Web Server Hardware Requirements
Minimum:
x86-compatible server, such as an HP Proliant server with:
Processor: Pentium 4, 1.0 GHz
●
Hard drive: 10 GB (requires more if hosting both Web server and SQL database)
●
System memory: 1 GB per 2,000 resources
●
HP SAM Web Server Software Requirements
Minimum:
16 Chapter 2 Requirements ENWW
One of the following operating systems must be installed:
Windows Server 2003 R2, Standard Edition, with Service Pack 2
●
Windows Server 2003 R2, Enterprise Edition, with Service Pack 2
●
Windows Server 2003 R2, Web Edition, with Service Pack 2
●
Windows Server 2008, Standard Edition
●
Windows Server 2008, Enterprise Edition
●
Windows Server 2008, Web Edition
●
NOTE: A 64-bit operating system is not supported on the HP SAM Server.
You must install Microsoft .NET Framework Version 2.0 for the HP SAM Web Server to function. It is
recommended that Microsoft .NET Framework 2.0 is installed after IIS, for appropriate asp.net
registration.
If your domain controller is running Windows Server 2008 and its Domain Functional Level is set to
Windows 2008 mode, you must install the .NET Service Pack 1 patch for the HP SAM Web Administrator
to work properly.
HP SAM SQL Database Server Hardware Requirements
If you have an existing SQL database server, you can install the HP SAM database on the same server.
However, a separate dedicated HP SAM SQL database server for HP SAM is highly recommended to
support future scaling of environment. See illustrations of possible setups allowing for load distribution
following this procedure.
Minimum:
x86-compatible server, such as an HP Proliant server with:
Processor: Pentium 4, 1.0 GHz
●
Hard drive: 10 GB (requires more if running both Web server and SQL)
●
System memory: 1 GB or more
●
ENWW HP SAM Hardware and Software Requirements 17
18 Chapter 2 Requirements ENWW
ENWW HP SAM Hardware and Software Requirements 19
20 Chapter 2 Requirements ENWW
HP SAM SQL Database Server Software Requirements
Minimum:
One of the following must be installed:
Microsoft SQL Server 2005 Enterprise, Standard, or Express Edition, with Service Pack 1 or
●
Service Pack 2
Microsoft SQL Server 2008 Standard or Enterprise Edition
●
HP recommends using Microsoft SQL Server 2005 or 2008 Standard or Enterprise Edition. However, if
you use SQL Server 2005 or 2008 Express Edition, which has a 4GB database size limit, you should
either:
Disable history data and/or log collection.
●
or
Limit the number of days the system retains history data and set up the Log Maintenance Scheduler
●
to frequently and regularly remove logs from the database.
HP SAM Registration Service Requirements
Hardware Requirements
HP blade PC
●
HP blade workstation series
●
HP Personal Workstation
●
NOTE: If you are running VMware virtual sessions using VMWare 3.X, refer to the VMware
documentation for hardware requirements.
Software Requirements
Install and enable one of the following operating systems:
Windows XP Professional 32-bit or 64-bit with Service Pack 2 or higher
●
Windows Vista with or without Service Pack 1, 32-bit or 64-bit, as follows:
●
Business
◦
Enterprise
◦
Linux RHEL4 64-bit (update 5 or later)
●
NOTE: HP SAM 2.2 and earlier clients are not able to connect to Linux resources.
Linux RHEL5 64 bit (update 2 or later)
●
Install and enable one or both of the following:
RGS Sender 5.1.3 or higher with Single Sign-on enabled
●
Terminal service enabled—RDP
●
ENWW HP SAM Registration Service Requirements 21
Access Device Requirements
The following sections provide information about the requirements for access devices.
Thin Client
Hardware Requirements
HP Compaq t5720 thin client (with Windows XP Embedded operating system)
●
HP t5730 thin client (with Windows XP Embedded operating system)
●
HP T5730w (with Windows Embedded Standard (WES) operating system)
●
HP t5630 thin client (with Windows XP Embedded operating system)
●
HP T5630w (with Windows Embedded Standard operating system)
●
HP t5135 thin client (with HP ThinConnect embedded operating system)
●
HP t5145 thin client (with HP ThinConnect embedded operating system)
●
HP gt7725 thin client with (with HP ThinPro GT operating system)
●
HP gt7720 (with Windows XP Embedded operating system)
●
HP gt7720w (with Windows Embedded Standard operating system)
●
If the HP SAM client is preinstalled, you need only to configure the HP SAM client to connect to the
appropriate HP SAM Web server. If the HP SAM client is not preinstalled, installation requires that the
access device has at least 3 MB of flash memory available.
Software Requirements
Install and enable one or both of the following:
RGS Receiver 5.1.3 or later
●
RDP
●
Mobile Thin Client
Hardware Requirements
HP Compaq 6720t Mobile Thin Client (with Windows XP Embedded operating system)
●
HP Compaq 2533t Mobile Thin Client (with Windows XP Embedded operating system)
●
Desktop or Notebook PC
Software Requirements
22 Chapter 2 Requirements ENWW
Loading...