Home » HP Manuals » Desktops » HP BladeSystem bc2800 » Manual Viewer

HP BladeSystem bc2800 Administrator's Guide HP Session Allocation Manager (HP - Page 11

Authenticate Before Allocation, Monitor Layouts, Multi-session Auto-connection, Resource Reservations

View all HP BladeSystem bc2800 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 11 highlights

before 4PM to ensure the resources are free in time for the newly added reservation. A manual or scheduled synchronize operation has no effect on resource reservations. NOTE: This feature is only supported on resources running a Windows operating system. Refrain from using resources assigned to multiple roles while using this feature. This can cause the automatic logoff to not occur when the resource is needed for a reservation set on one of the resource's other roles. There are two other features in HP SAM that can bypass the role selection dialog for users with multiple roles: Monitor Layouts and Multi-session Auto-connection. If a conflict occurs, Monitor Layouts will prevail over Resource Reservations which will prevail over Multi-session Auto-connection. Authenticate Before Allocation When enabled, this feature enhances security by requiring the user to enter his username and password on the HP SAM client, which will then be authenticated by Active Directory before sending a user to a resource or displaying a list of roles and resources. The feature also eliminates the possibility of Active Directory locking out a user because he mistyped his password during a single connection attempt when trying to connect to multiple resources at once. This feature is disabled by default. With this feature disabled, the behavior is the same as with previous versions of HP SAM where password authentication is first done when logging into the operating system on the resource. To enable this feature, all of the following must be configured: ● Enable Authentication before Allocation on the General page of System Settings on the HP SAM Web Administrator console. ● Ensure that a certificate from the domain certificate authority is installed on the HP SAM Web site in IIS on the HP SAM server. ● The following option must be enabled via the HP SAM client configuration file on all access devices: AuthenticateBeforeAllocation=1. ● There is no setup needed for the Web Client, but the user must type in the URL using https instead of http (e.g., https://samserver). ● Ensure that communication between the access device and the HP SAM Server via SSL (typically port 443) is not blocked by a firewall. The Allow Expired Password setting in System Settings gives the HP SAM administrator the option to allow users with expired passwords to continue on so that they can change the password using the operating system on the resource. NOTE: Previous versions of the HP SAM client cannot be used when this feature is enabled. This feature is not compatible with Smart Card single sign-on and must be disabled before using Smart Cards. ENWW What's New in This Release 3

Section	Page
Introduction	9
What's New in This Release	10
Resource Reservations (AKA Access Restrictions)	10
Authenticate Before Allocation	11
Switch To, Move, Minimize, and Minimize All Functions on HP SAM Connection Bar	12
Support for RGS Senders Running on a Non-default Port	12
Logoff Scheduler	12
Key Features	12
Overview	13
How HP SAM Works	14
HP SAM Software Components	16
Remote Graphics Software (RGS)	16
Common Tasks	17
Setting up HP SAM	17
Setting up a User with a Dynamic Resource	17
Setting up a User with Static (Dedicated) Resources	18
Configuring a Monitor Layout for a User	19
Requirements	21
HP SAM Hardware and Software Requirements	21
Architectural Considerations and Best Practices for Setting up an HP SAM Environment	21
Server Sizing	21
SQL Database Considerations	22
Number of HP SAM Servers	23
Regionalization of Data Centers	23
Multiple SQL Databases	24
Domain Environment Requirements for HP SAM	24
HP SAM Web and SQL Server Requirements	24
HP SAM Web Server Hardware Requirements	24
HP SAM Web Server Software Requirements	24
HP SAM SQL Database Server Hardware Requirements	25
HP SAM SQL Database Server Software Requirements	29
HP SAM Registration Service Requirements	29
Access Device Requirements	30
Thin Client	30
Mobile Thin Client	30
Desktop or Notebook PC	30
Blade Workstation Clients	31
Personal Workstation Clients	31
Other requirements	32
Create a Service Account	32
Obtain Administrative Rights	32
Change the Firewall	32
Active Directory	32
Installation	33
Order of Installation	33
New Installation	33
Upgrade	33
Install the HP SAM Web Server and SQL Software	35
Grant Users HP SAM Administrator Access	37
Configure HP SAM System Settings	37
Configure Secure Socket Layer (SSL)	37
Install and Validate the HP SAM Registration Service Software	37
Install the HP SAM Registration Service	38
Create the HP SAM Registration Service Configuration File	39
[WebServerList]	39
[RolesList]	40
[AssetGroupList]	40
ServicePort	40
DnsDomain	40
Start/Restart the HP SAM Registration Service	41
Test the HP SAM Registration Service	41
Install and Validate the HP SAM Client Software	41
Internet Explorer-Based Client	42
HP SAM ActiveX Controls	43
Windows XPe-Based Client	43
Customization Steps	44
Linux-Based Client	44
HP Blade Workstation Client Series	44
Customization Steps	44
HP ThinPro GT Client for the HP gt7725 Thin Client	45
Red Hat Enterprise Linux (RHEL) Client	46
Customization Steps	46
Configuration Settings	46
Options	46
Smart Card Settings	49
User Interface Customization Settings	50
Policy Entries	52
Global and Local Client Configuration Files	55
Legal Banner	56
Deploy the HP SAM Registration Service to All HP SAM Computing Resources	57
Deploy HP SAM Client Software to All HP SAM Access Devices	57
Administration	59
Log In	59
General Navigation and User Interface Design	59
Display More (or Fewer) Items Per Page	59
Move Columns	59
Sort Result List	59
Select More Than One Item	59
Managing the HP SAM Administrator Access List	60
Add Individual Users to the HP SAM Administrator Group	60
Add Security Groups or Organizational Units to the HP SAM Administrator Group	60
Remove Users or Groups From the HP SAM Administrator Group	61
HP SAM Administrator Console Tabs	62
Home Tab	62
Users and Roles Tab	62
Manage Resource Roles	62
Manage Asset Groups	63
Manage Administrative Permissions	64
Manage Users	65
Operation	65
To Assign Attributes	65
To Assign Resources	66
To Assign Resources Manually	66
To Assign Resources Automatically from Template User	67
To Assign Resources Automatically from Role	68
To Assign and Configure a Monitor Layout for the User	68
To Change the Monitor Layout Configuration for the User	68
To Delete a Monitor Layout ID for the User	69
To Delete a User	69
Add New Users	69
To Grant Access to Individual Users	69
To Grant Access to Security Groups or Organization Units	70
Resources tab	70
Manage Resources	70
Auto Refresh Feature	71
View Details	71
Operations	71
Operations	71
Customize View	72
Manage Access Devices	72
To Add an Access Device Manually	72
To Change an Access Device	72
To Delete an Access Device	73
Manage Monitor Layout	73
To Create a Monitor Layout	73
To Modify a Monitor Layout	73
To Delete a Monitor Layout	73
Manage Data Centers	73
To Create a Data Center	74
To Change a Data Center	74
To Add Enclosures into a Data Center	74
To Delete Enclosures from a Data Center	74
To Delete a Data Center	74
Policies Tab	74
Create or Update a Policy	76
View Effective Policy	76
System Settings Tab	77
General	77
Web client	78
Active Directory	79
Auto Schedules	80
Resource Synchronization Scheduler	80
Audit Log Clean Up Scheduler	80
Logoff User from Resource Scheduler	81
Licensing	81
Reports Tab	81
Resource Capacity Consumption Report	82
Filters	82
Display Options	82
Output Report	82
Resource Capacity Consumption Trend Report	82
Filters	83
Display Options	83
Output Report	83
Resource Utilization Report	84
Filters	84
Display Options	84
Output Report	84
Log Tab	84
Setting Up Smart Card Login on the Access Device	85
Configuring Session Time Limits for Remote Sessions	87
Firewall Rules	89
Web Server	89
Clients	89
Resources	90
SQL Server	90
Frequently Asked Questions	91
Registration Service Error Codes	95
Glossary	98

Match case Limit results 1 per page

before 4PM to ensure the resources are free in time for the newly added reservation. A manual or

scheduled synchronize operation has no effect on resource reservations.

NOTE:

This feature is only supported on resources running a Windows operating system.

Refrain from using resources assigned to multiple roles while using this feature. This can cause the

automatic logoff to not occur when the resource is needed for a reservation set on one of the resource’s

other roles.

There are two other features in HP SAM that can bypass the role selection dialog for users with multiple

roles:

Monitor Layouts

and

Multi-session Auto-connection

. If a conflict occurs,

Monitor Layouts

will prevail over

Resource Reservations

which will prevail over

Multi-session Auto-connection

Authenticate Before Allocation

When enabled, this feature enhances security by requiring the user to enter his username and password

on the HP SAM client, which will then be authenticated by Active Directory before sending a user to a

resource or displaying a list of roles and resources. The feature also eliminates the possibility of Active

Directory locking out a user because he mistyped his password during a single connection attempt when

trying to connect to multiple resources at once. This feature is disabled by default.

With this feature disabled, the behavior is the same as with previous versions of HP SAM where

password authentication is first done when logging into the operating system on the resource.

To enable this feature, all of the following must be configured:

●

Enable

Authentication before Allocation

on the General page of System Settings on the HP

SAM Web Administrator console.

●

Ensure that a certificate from the domain certificate authority is installed on the HP SAM Web site

in IIS on the HP SAM server.

●

The following option must be enabled via the HP SAM client configuration file on all access devices:

AuthenticateBeforeAllocation=1.

●

There is no setup needed for the Web Client, but the user must type in the URL using https instead

of http (e.g.,

https://samserver

●

Ensure that communication between the access device and the HP SAM Server via SSL (typically

port 443) is not blocked by a firewall.

The

Allow Expired Password

setting in System Settings gives the HP SAM administrator the option

to allow users with expired passwords to continue on so that they can change the password using the

operating system on the resource.

NOTE:

Previous versions of the HP SAM client cannot be used when this feature is enabled.

This feature is not compatible with Smart Card single sign-on and must be disabled before using Smart

Cards.

ENWW

What's New in This Release