Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Document ref: VT_HAXM_v1.0_250420
© 2020, Droplet Computing Limited
AD INTEGRATION GUIDE Mass deployment of Droplet containers using AD
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM
Droplet Computing
Application Delivery, Redefined
2
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
In This Document:
3
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
About this document
This integration guide discusses methods by which Droplet Computing software can be
distributed and configured using standard Microsoft Active Directory Group Policy
Objects (AD GPOs).
This approach can be adopted by organizations that wish to deploy Droplet
Computing software to physical PCs on their network, using centralized or distribution
software distribution points and opted against using third-party tools or additional
management software available from Microsoft such as System Center Configuration
Manager (SCCM).
Locating the source files
Droplet Computing supports two container image types. The DCI-X for legacy apps
and the DCI-M for modern apps. The DCI-M container image is accelerated by
leveraging the Intel VT instructions available on the CPU of modern Windows PCs. While
these PC’s may have Intel CPUs installed that do support this type of hardware
acceleration, it is not uncommon for the BIOS manufacturer to have, by default,
disabled this functionality.
Droplet Computing recommends that you consult with your OEM suppliers to validate if
the Intel VT feature is available on the CPU of device and to use their tools and
technologies to ensure that it is enabled in the BIOS before deployment of the
software.
Auditing tools will allow you to identify those Windows PCs that have yet to have Intel
VT enabled in their BIOS. You should also be aware that command-line tools will only
report on the chipset and its capabilities, and not whether Intel VT has been enabled in
the BIOS. The Intel Hardware Execution Manager (HAXM) check utility is one such utility
that reports on whether the CPU is Intel VT capable and not whether it is enabled.
You should ensure that you have the Microsoft Software Installer (MSI) version of the
Windows Droplet Container Application (DCA), and the MSI version of the Intel HAXM
software. If you only plan on deploying the DCI-X container image, then you do not
need to install the Intel HAXM software as this container image does not require
hardware acceleration.
The Intel HAXM MSI file can be found by running the installer for Intel HAXM and then
locating the Temp folder containing the extracted MSI file.
4
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
The following is the default path:
C:\Users\%username%\AppData\Local\Temp\Intel\HAXM\<VersionNumber>\<Date-Time>
In our example the Intel HAXM software can be found at this location:
C:\Users\Administrator\AppData\Local\Temp\Intel\HAXM\7.5.4\2019-12-16_14-22-06
In that folder you will find several files. The file required is the HAX64.MSI. The Droplet
Computing and HAXM MSI files can be placed on a network distributed share for
deployment via AD GPOs.
Preparing the AD environment
AD GPOs segment their settings by using a combination of Computer and User settings.
In environments where every computer will require the Droplet Computing software,
AD GPO computer settings can be used to install the container app software.
Droplet Computing software has per-user settings that prepares and controls the end
user environment. AD GPO user settings can be configured for this purpose. In
environments with a smaller subset of end users, where the end users regularly roam
from computer to computer, GPO user settings can be configured to deploy the
software as well as to configure the end user environment.
In this simple example, an OU structure was created for just the computers and users
that would be running the Droplet Computing container software as shown below:
5
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
In this example, two policies were created:
1. Droplet Computing Install Policy to install the software on selected computers
2. Droplet Computing Configuration Policy to configure the per user settings
This is shown in the following screenshot:
In the next section we are going to configure these new policies.
Install the DCA and Intel HAXM using Computer Settings
In this section we are going to create a new installation package by modifying the
Droplet Computing Install Policy using the Group Policy Management console,
following the steps as described:
1. Open the Group Policy Management Editor console
2. Navigate to the Software installation setting and click on it to select it as shown
in the screenshot below:
6
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
3. Right right-click Software installation and from the contextual menu that
appears, click on New and the select the option for Package…
4. An Open dialog box appears as shown in the following screenshot:
5. Navigate to the network share where the .MSI files have been copied to and
select the hax64-7.5.4 MSI file
6. Click Open
7. You will see the Deploy Software dialog box appear as shown in the following
screenshot:
8. Click the radio button for Assigned
9. Click OK to accept and close the dialog box
10. Repeat the process and create a new package to add the Droplet Computing
container app MSI installer file
Once you have completed the process, the Group Policy Management Editor console
will refresh and now shows both the Droplet Container App and Intel HAXM installation
software are ready to be installed as shown in the following screenshot:
7
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
This policy can be tested using any Windows 10 computer that is configured with its
Active Directory computer account being in the Organizational Unit that is assigned to
this GPO.
For existing Windows 10 computers it may take some time for the Group Policy to be
applied based on replication of the domain controllers. Administrators can use the
command-line tools to trigger an immediate refresh of the policy. For example:
gpupdate /force
There are several ways to validate that the software has been correctly installed. The
easiest way is to look in the Programs and Features screen to confirm that both the
Droplet Computing container app and Intel HAXM were installed on the machine on
the same date.
Configuring the Droplet Computing User Environment with User Settings
The Droplet Computing user environment can be configured using a series of small text
files together with the larger Droplet Container Image (DCI) file.
These configuration files can be found using a working Windows 10 PC environment,
and then distributed using the Files and Folders feature within the AD GPOs.
8
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
The following files are needed to automate the configuration of the user environment:
• apps.json – Application Tiles
• droplet.lic – License file
• settings.json – Global settings (CPU, Memory, DCI filename and path)
• credentials – Droplet Computing Administrator password
• eula_accept – File created after accepting EULA
• .droplet – Droplet Computing Image file (DCI)
The easiest way to create this configuration is to copy these files from a working
environment that closely matches the destination environment. By matches we mean
uses the same network share location for use with Active Directory policies. By default,
these files can be found in the following path:
C:\Users\%USERNAME%\AppData\Roaming\Droplet
Care must be taken with these files as they contain hard-coded paths and filenames
which must be present on the target system for them to work. For example, if the end
user’s DCI file is called DCI-M_32_V1.1-OFFICE2003-IE11.droplet and is stored on the H:
drive then this will be present in the settings.json file and there container app will be
looking for that exact filename in that exact folder location.
The DCI is a per-user file and each user will require their own personal, individual, and
unique copy. In a stateless environment were the same DCI is used this can be stored
on the C: drive of the local computer. Alternatively, if you have roaming users and wish
to customize their DCI container then it can be stored in the user’s home directory.
Administrators should confirm that the user has the correct permissions for the DCI file,
and both the file and directory have the required read/write access.
You can now configure the GPO for the user settings by following the steps described:
1. Navigate to User Configuration → Preferences → Windows Settings and then
Files.
2. Right-click Files, and select New
3. In the Action box, from the drop-down menu options, select the option for
Create
4. In the Source File(s) box, click the … button and then navigate to the first file. In
this example it’s the apps.json file
5. In the Destination File box type the path to the user’s profile for where the .json
file will be stored. This will look something like the following example:
C:\Users\%USERNAME%\AppData\Roaming\Droplet\apps.json
9
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
6. Finally, in the Attributes box, uncheck the Archive option as shown in the
following screenshot:
7. Now click the Common tab
8. Check the box for Run in logged-on user’s security context (user policy option).
This ensures files are copied under the context of the user to ensure their
ownership rights are preserved and prevents files being created using the
SYSTEM context which is the default behaviour.
10
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
9. Click OK to accept the configuration
10. Repeat the process for each of the individual files that make up the Droplet
Computing user environment including the preferred DCI image
11. Once you have completed the configuration for each file you will see the
following:
You have now configured the Droplet Computing solution to be deployed and
configured using AD Group Policy.
In the next section we are going to look at how AD GPO’s can be used to deliver
application shortcuts directly to the end users’ desktop.
DirectLaunch
Optionally, AD group policy can be used to create application shortcuts on the user’s
desktop and start menu. In this instance the app shortcut is to the Droplet Container
App which in turn launches the app using the DirectLaunch feature. Using
DirectLaunch enables the application inside the container to be launched directly
from the desktop rather than being launched from the Droplet Computing workspace
interface.
In the example below the shortcut Excel by Droplet was added to the desktop using a
GPO setting as shown in the following screenshot:
By using DirectLaunch, when the user clicks to launch Excel, the container app will
launch first, and then launch Excel. All that the end user will see is the Excel app.
To create the shortcut policy, follow the steps as described:
11
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
1. Create a new policy and link in to the relevant OU.
2. Now edit the policy and navigate to Computer Configuration → Preferences
→ Windows Settings → Shortcuts
3. Click to highlight Shortcuts and then right-click and from the contextual menu
that appears click on New and then select Shortcut
4. You will now see the properties box as shown in the following screenshot:
5. In the Action box, from the drop-down menu, select the option for Create
6. In the Name box, type in a name for the shortcut as you want it to appear on
the end user’s desktop. In this example we have called it Excel by Droplet
7. In the Target type box, from the drop-down menu, select File System Object and
in the Location box below, from the drop-down menu select Desktop
8. In the Target path box either browse to, or enter the path to the Droplet
Container App. In this example the app is in the default location.
9. The Arguments box is where DirectLaunch comes into play. Type in launch,
followed by the app you want to launch. In this example the app to be
launched is excel.exe.
10. In the Run box, from the drop-down menu, select how you want the app to run.
In this case it is Maximized. NOTE: this refers to the container app and not the
app inside the container. To configure the app inside the container to run
maximizes, you will need to configure this using the container app configuration.
11. Lastly, in the Icon file path, you can configure an icon that will be displayed on
the desktop. You can either type in the location to the .ico file or use the …
button and then navigate to the file you want to use.
12. Click OK to complete the configuration
12
Active Directory Integration Guide
WWW.DROPLETCOMPUTING.COM Document ref: AD_Integration_v1.0_20052020
© 2020, Droplet Computing Limited
Conclusion
AD GPOs remain a popular method for configuring physical Windows PC environments,
although in the modern era they continue to be modified and enhanced by additional
user environment management tools.
AD GPOs are universal and available to all types of organizations regardless of their size
and could be considered applicable to modern virtual desktops and application
delivery tools. Droplet Computing provides integration guides for these application
delivery technologies available online at:
https://www.dropletcomputing.com/product-guides-documentation/
86-90 Paul Street,
London,
England,
EC2A 4NE
Droplet Computing Limited
Registered in England and Wales, Company Number 10536920
WWW.DROPLETCOMPUTING.COM