JMP: Installing and Configuring – Part three

Part three: Configuring JMP

After completing the JMP setup, we now need to set up time synchronization between the JMP server and Horizon View connection servers, configure SSL for the JMP server and export the SSL certificates from App Volumes, Horizon View and Active Directory for the JMP server to establish secure connections between all components.

Time Synchronization

Time synchronization needs to be configured on the JMP server and all of the Horizon View Connection servers in your environment. I’m assuming you already have time synchronization set up on your ESXi hosts, if not click here.

  1. Log in to a virtual machine.
  2. Open CMD.
  3. Enter cd C:\Program Files\VMware\VMware Tools
  4. Enter VMwareToolboxCmd.exe timesync enable
  5. Repeat these steps on all servers.

Set up SSL for the JMP server

Now time synchronization is set up, we need to request/import a SSL certificate for the JMP server, convert it and edit the “nginx.conf” file.

  1. Log in to the JMP server.
  2. Open MMC.exe > select Add/Remove snap in.. > select Certificates > select Computer account.
  3. Right click Personal and request or import a new certificate. Because I have a CA set up in my environment, I request a new certificate.
  4. When the JMP server has it’s SSL installed, select the certificate and click Export.
  5. Make sure you select the option “Make private key exportable”.
  6. Now it’s time to convert the .pfx file into a .crt and .key file, which you need to replace the VMware self signed certificate. I use OpenSSL for the conversion. 

    Open a CMD a enter the following command to convert the .pfx to a .crt file:
    OpenSSL pkcs12 -in “location\name.pfx” -clcerts -nokeys -out “location\name.crt”

    To create the .key file, use the command below:
    OpenSSL pkcs12 -in “location\name.pfx” -clcerts -out “location\name.key”
    Enter Password: …
    Enter PEM pass phrase…
    Enter PEM pass phrase again…
    OpenSSL rsa -in “location\name.key” -outform PEM -out “location\name-pem.key”

  7. Stop the “JMP” services in the following order
    1. VMware JMP API Service
    2. VMware JMP File Share Service
    3. VMware JMP Platform Services
  8. Copy the <filename.crt> and the <filename-pem.key> files to: 
    “C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf”
  9. Open the “nginx.conf” file located in “C:\Program Files (x86)\VMware\JMP\com\XMS\nginx\conf”
  10. Search for “ssl_certificate” and “ssl_certificate_key” and replace the names with the new .crt and .key filenames.
  11. Start the “JMP” services in the following order
    1. VMware JMP API Service
    2. VMware JMP File Share Service
    3. VMware JMP Platform Services
  12. Verify if you can reach the JMP server on https.

Secure connections with AD, App Volumes and Horizon View

Next up we need to export the SSL certificates from the Domain Controller, App Volumes and Horizon View Connection servers to secure our connections with the JMP server.

  1. Log in the Domain Controller
  2. Open MMC.exe > select Add/Remove snap in.. > select Certificates > select Computer account.
  3. Open Trusted Root Certification Authorities > Certificates.
  4. Select the root certificate and export it.
  5. In the Certificate Export Wizard, select Base-64 encoded X.509 (.CER), and click Next.
  6. Name it adCA.pem, and click Next and Finish.
  7. Be aware! By default the certificate is saved as a .cer file, enable the File name extensions check box in windows explorer and remove the .cer extension on the adCA.pem.cer file
  8. Copy the adCA.pem file to the config folder on the JMP server:
    “C:\Program Files (x86)\VMware\JMP\com\XMS\Config\”

App Volumes
  1. Open a browser session to the App Volumes Manager.
  2. Depending on the browser, click the small lock icon before the URL and view the certificate.
  3. Export the certificate and name it av-selfsigned.cert.pem
  4. Copy the file to the com folder on the JMP server:
    “C:\Program Files (x86)\VMware\JMP\com\”

Horizon View
  1. Log in to the Horizon View Connection server.
  2. Open MMC.exe > select Add/Remove snap in.. > select Certificates > select Computer account.
  3. Open Personal > Certificates.
  4. Select the certificate with the friendly name “vdm” and export it.
  5. Select No, do not export the private key.
  6. In the Certificate Export Wizard, select Base-64 encoded X.509 (.CER), and click Next.
  7. Name it horizon.cert.pem, click Next and Finish.
  8. Be aware! By default the certificate is saved as a .cer file, enable the File name extensions check box in windows explorer and remove the .cer extension on the horizon.cert.pem.cer file
  9. Copy the horizon.cert.pem file to the com folder on the JMP server:
    “C:\Program Files (x86)\VMware\JMP\com”

With SSL and Time Synchronization all set up the JMP server can now properly communicate with all other components that need to be configured in the management console. In the next part of this series I’ll explain how to do this.

JMP: Installing and Configuring – Part One
JMP: Installing and Configuring – Part two
JMP: Installing and Configuring – Part three
JMP: Installing and Configuring – Part four
JMP: Installing and Configuring – Part five