Using Dynamic Environment Manager with Horizon Cloud on IBM Cloud

Create and Configure the Dynamic Environment Manager Configuration Share

In this module you will learn the prerequisites for DEM configuration. 

You will verify the configuration in the interactive module.

The step is informational only, and no lab actions are required.

The Dynamic Environment Manager configuration share is a central share on a file server. It contains all the configuration files for personalization and application configuration management. The FlexEngine agent on the managed machine reads configuration data from the Dynamic Environment Manager configuration share when a user logs in or logs out of the environment, or when the user opens or closes applications that are configured with DirectFlex.

Configuration Share Prerequisites

To complete this exercise, you will need the following.

  • An Active Directory group containing one or more end-user accounts.

In this exercise, the AD group Domain Users is used.

  • An Active Directory group containing one or more IT Administrator accounts.

In this exercise, the AD group Domain Admins is used.

  • A file server with a certain amount of storage as a general guideline is to have at least 200 kB per application with a starting minimum size of 1 GB.

NTFS security permission

  • Administrators must have Full Control permissions.
  • End users must have Read and Execute permissions.  
    (For security reasons, non-administrators must not have write permissions on the Dynamic Environment Manager configuration share.

This section provides the instruction how to configure Dynamic Environment Manager, in Horizon Cloud on IBM Cloud which can be summarized in three parts:

  1. Create and Configure the Dynamic Environment Manager Configuration Share
  2. Create and Configure the Profile Archives Share
  3. Install the Dynamic Environment Manager Agent (FlexEngine) on the Desktop or RDSH Server
  4. Configure the Dynamic Environment Manager Management Console
  5. Create and Configure the FlexEngine Group Policy Object

Before beginning the installation, its important to understand the terminology specific to Dynamic Environment Manager. The following Dynamic Environment Manager documentation topic, User Environment Manager Infrastructure and Terminology, provides a comprehensive list of Dynamic Environment Manager terminology.

Create the File Share Folder

  1. On a Utiltiy server, create a folder titled UEM_Config.
  2. To configure sharing, right-click the UEM_Config folder and select Properties.
  3. On the Sharing tab, select Advanced Sharing.

Configure Advanced Sharing

  1. Select Permissions to configure the share permissions
  2. Confirm with OK

Grant Read Permissions to End Users

  1. Select the Read check box for the Domain Users group or any other group that need access to the share to consume Dynamic Environment Manager
  2. Confirm with OK

Grant Read and Change Permissions to Administrators

  1. Select the Read and Change check boxes for the Domain Admins group
  2. Confirm with OK

Configure NTFS Permissions on the UEM_Config Folder

  1. In the UEM_Config Properties dialog box, on the Security tab, select Edit.

Grant Full Control for Administrators

  1. In the Group or user names list, select the Domain Admins group.
  2. In the Permissions for Domain Admins list, select Full Control.
  3. Confirm with Apply

Grant Read & Execute Permissions for End Users

  1. In the Group or user names list, select the Domain Users group.
  2. In the Permissions for Domain Users list, select Read & execute, List folder content and Read tick box as selected automatically
  3. Confirm with Apply

Create and Configure the Profile Archives Share

The profile archives share stores the personal settings for users. The Dynamic Environment Manager agent (FlexEngine) creates a subfolder for each user. The share contains Dynamic Environment Manager profile archives, which are ZIP files. FlexEngine reads personal user settings from the profile archives share when a user logs in to the environment or launches a DirectFlex-enabled application. FlexEngine writes the modified settings when the user logs out, or closes a DirectFlex-enabled application.

Profile Archives Share Prerequisites

To complete this exercise, we will use the following.

  • An Active Directory group containing one or more end-user accounts.

This should be the same group you used in Configuration Share Prerequisites.

In this exercise, the AD group Domain Users is used.

  • An Active Directory group containing one or more IT Administrator accounts.

This should be the same group you used in Configuration Share Prerequisites.

In this exercise, the AD group Domain Admins is used.

  • A file server with a certain amount of storage as a general guideline is to have at least 100 MB per user.

NTFS security permissions

  • Setting the following NTFS security permissions on the profile archives share automatically creates a folder for each user on first login and limits the user to their own folder.
  • For Dynamic Environment Manager administrators and help desk: Full control, applied to this folder, sub folders, and files.
  • For End users: Create folders and append data, applied to this folder only.
  • For Creator owner: Full control, applied to sub folders and files only.
  • The minimum share permissions for all users should be Change and Read.

Create the Share Folder

  1. On a Utility server, we create a folder titled UEM_Profiles.
  2. To configure sharing, right-click the UEM_Profiles folder and select Properties.
  3. On the Sharing tab, select Advanced Sharing.

Configure Advanced Sharing

  1. Select Permissions to configure the share permissions.

 

Grant Read and Change Permissions to End Users

  1. Add Domain Users group
  2. Select the Read and Change check boxes for the Domain Users group, or whichever group you want to utilize the profile.
  3. Confirm with Apply

Grant Read and Change Permissions to Administrators

  1. Add Domain Admins user group
  2. Select the Read and Change check boxes for the Domain Admins group, or whichever group you selected you administrate the profile.
  3. Confirm with OK

Configure NTFS Permissions on the UEM_Profiles Folder

  1. In the UEM_Profiles Properties dialog box, on the Security tab, select Advanced

 

Add Desktop Admins as a Principal

  1. Select Add.
  2. In the Permission Entry for UEM_Profiles dialog box, click Select a principle, and add the Domain Admins group as a principal.

Configure NTFS Permissions for Administrators

  1. Verify that Domain Admins is listed as the principal.
  2. Verify that the Applies to drop-down list is set to This folder, subfolders and files.
  3. Select the Full control check box.
  4. Confirm with OK

Add Domain Users as a Principal

  1. Select Add.
  2. In the Permission Entry for UEM_Profiles dialog box, click Select a principle, and add the Domain Users group as a principal.