Technical Readiness Checklist

Table of Contents

This article is meant to serve as a guide to completing the prerequisites for a proof-of-concept implementation of Login Enterprise. Proof-of-concepts are free of charge, and thus operate on a good faith basis. It is important that strict guiderails are set to hold both sides of the engagement accountable, both in terms of scope and timelines. 

Login Enterprise requires the ability to access and manage particular components of the infrastructure that may require coordination with peripheral teams within your IT organization. The number of people who may be involved depends on the size of your organization and division of responsibilities therein. Teams who may be involved include, but are not limited to:

  • Active Directory Administrator
  • End-User Computing Administrator
  • Infrastructure Administrator
  • Security Administrator
  • Networking Administrator

During the scoping call, it is imperative that these representatives, if applicable, are present during the planning and implementation where their input or access is required. Please raise any concerns with your respective Account team if there are foreseen challenges with this request.

Considerations

Evaluation of the product takes place over the course of a month.  As part of this review process we should discuss your change management process, and how long this takes.  Also, we've seen change freezes take place in the middle of evaluation, and further delay the schedule.  Please mention whether you expect any of this during the evaluation period.

Additionally, Virtual Users will need to be licensed for any system and application they interact with. Consider how long it may take to turnaround procurement of licensing for the following platforms, solutions, and applications:

  • Microsoft Windows, RDS CALs if applicable
  • Citrix and/or VMware Horizon licensing
  • Office365 and/or custom application licensing

Additionally, most evaluations include the process of creating a workflow for a custom line of business application that is not included in our template library. For guidance on choosing an effective application for your evaluation, please see this article.  

Note: For concerns around procuring licenses for any of the above items, or one not on the list, please bring them to the attention of your respective Account team.

Required Components

For more information on hardware or software requirements, please see this article.

Virtual Appliance

Hardware Requirements

The Login Enterprise Virtual Appliance is delivered as a fully configured virtual machine. This virtual machine is delivered as an OVA, VHD, or VHDX. We currently support the following hypervisors:

  • VMware ESXi 5.5 - 7.0 (OVA file)
  • Microsoft Hyper-V - Server 2012 R2 and higher (VHDX file)
  • Citrix Hypervisor 8.2 (OVA file)
  • Microsoft Azure (VHD file)

To download the Virtual Appliance in the format that best suits your needs, see our Downloads page.

Note: You will need to be signed in to access this page. If you have any issues with accessing the downloads page or downloading the Virtual Appliance, please bring this to the attention of your respective Account team.

The Virtual Machine hosting the appliance must have, at a minimum, the following resources allocated:

  • 4 vCPU
  • 8GB RAM
  • Storage – Pre-Configured 100 GB virtual Hard Disk

Pre-Import Checklist

The following can serve as a checklist to validate you have accounted for all aspects of the Virtual Appliance deployment:

  • Is your hypervisor on our supported list?
  • Do you have authorization to make changes to the hypervisor? Does this fall under another team?
  • Have you allocated the required CPU/ RAM/ Storage resources for the Virtual Appliance?
  • Have you downloaded the Virtual Appliance? 
  • Have you imported the Virtual Appliance to your Hypervisor? 

Note: The deployment process for Azure is different than traditional on-premise installations. For specific information on deploying the Virtual Appliance into Azure, see this article.

Otherwise, once the Virtual Machine is deployed, there are a few pieces of information required to complete the installation. For more information on the initial configuration of the Virtual Appliance, see this article. Once configured, please continue below.

Post-Configuration Checklist

The following can serve as a checklist to validate you have successfully configured the Virtual Appliance, as described in the "Configuring the Virtual Appliance For the First Time" article:

  • Is the Virtual Machine hosting the Virtual Appliance able to start?
  • Can you log into the Virtual Appliance Management Console?
  • Can you load the Web Interface when browsing to the configured DNS name?
  • Can you log into the Virtual Appliance web interface with your admin credentials?

If everything above has been accounted for, you have successfully configured your Login Enterprise Virtual Appliance.

Accounts

Login Enterprise Virtual Users need enabled, existing Active Directory User objects to operate. Login Enterprise does not create Active Directory accounts, nor does it verify their existence. Login Enterprise stores Virtual User Account credentials, and sends them to the launcher for use with specified Connector (Citrix Workspace, Horizon View Client, RDP, Universal Web Connector). 

For more information on Accounts within Login Enterprise, please see this article.

Logon Executable

The Logon Executable is a small program that runs as part of the Virtual User's AD user account. Because we can instantiate during the logon process, there is no need to install an agent. 

The Logon Executable (LoginPI.Logon.exe) must be run each time a Virtual User (AD user) launches a session and successfully logs in. Starting the Logon Executable confirms a connection with the Virtual Appliance and then downloads the "engine", and any data needed to perform the specified workload.

The exact command that is needed can be found from the Accounts > Downloads page of your Login Enterprise Web Interface. Note: you may need a more explicit path, depending on your configuration.

This requirement can be accomplished in several ways:

  • Group Policy to execute Logon Executable at Windows logon
  • NETLOGON/ Logon Script for the Virtual User AD User
  • shell:startup (For single-user OS scenarios, not recommended for production)
  • shell:common startup (For multi-session OS scenarios, not recommended for production)

Configuring the Logon Executable via Group Policy at the user level is the best practice. Rather than configuring the Logon Executable on a machine level, this allows you to quickly repurpose Virtual Users for other areas of your environment.

Note: For concerns around implementing one of the above configurations, or usability of one not on the list, please bring them to the attention of your respective Account team.

For more information on the Logon Executable, see this article.

Accounts Checklist

  • Using the credentials for one of your test users, can you logon and access the target environment (i.e., using the same authentication method as your true end-users)?
    • This will validate that the users can authenticate and are authorized to access the virtual desktop or published application. If you are unable to access the target resource with a Virtual User, please review your virtualization provider's management console to review permissions.
  • If you log in as a test user, do you see the Login Enterprise icon and a button to “STOP ENGINE”?
    • This will validate that the Logon Executable has been correctly configured. If you do not see the “STOP ENGINE” warning, the Logon Executable has not run successfully. The Virtual Users will not function without this successfully configured.

Stop_Engine.pngLogo.png

Launchers

The Launcher software can be accessed and downloaded from within the Launchers page of your Login Enterprise Web Interface.

Hardware Requirements

The Launcher is installed onto a machine that must have, at a minimum, the following resources allocated:

  • 2 vCPU
  • 4GB RAM
  • 1GB Free Virtual Hard Disk space (minimum available disk space)

Software Requirements

  • Windows 7 and greater (32/64-Bit) or Windows 2012R2 or Greater
  • Microsoft .NET Framework 4.6.1
  • Client Connector Application (Citrix Workspace, VMware Horizon Client, Universal Web Connector)
  • Login Enterprise Launcher

For more information on the Launcher component, see this article.

Pre-Install Checklist

The following list serves as a checklist to validate you have fully accounted for the Launcher component.

  • Does each Launcher machine follow the minimum requirements as specified above?
  • Do you have permissions to install software on the Launcher machine(s)? Does this fall under another team?
  • Have you downloaded the Launcher software from your Login Enterprise Virtual Appliance? 
  • Have you installed the Launcher software on the Launcher machine(s)? 
  • Have you installed the Client Connector application on the Launcher machine(s) (i.e., Citrix Workspace, VMware Horizon Client, RDP, Universal Web Connector)?
  • Is the Launcher sharing resources with the Target Resources? This will impact results on both the Launcher and the Target.
  • Has Single Sign-On been disabled on the Launcher Machine(s)? This may impact the Launcher's ability to use more than one account.

Post-Install Checklist

The following list serves as a checklist to validate you have successfully installed the Launcher component.

  • Does the Launcher UI show your Virtual Appliance FQDN and Version?
  • Does the Launcher appear in the Launchers tab of the Web Interface? (Home > Launchers)
  • Can you create a session from the Launcher into the Target Environment?
    • If you cannot launch a session manually, please verify the software requirements and your Virtualization provider's Management Plane to ensure Virtual Users are entitled to the Target Resources.

Launcher Group Policies

Automatic Windows Screen Lock

It is considered best practice for organizations to configure Windows to automatically lock the screen after a period of user inactivity. This is effective for real workstations, but poses a challenge for our Launcher software which requires an interactive session for its active remote desktop or application sessions. When the Windows Lock Screen policy is triggered, any currently running Launcher sessions will be terminated. For this reason, it is important to disable any policies that enforce automatic locking of Launcher screens to allow for headless test execution.

Antivirus and App Blocker Exclusions

For a list of exclusions that can be added to the respective Anti Virus or App Blocker to make sure the Launcher runs correctly, see this article.

Digital Workspace Preparation

This section will cover the importance of preparing the digital workspace. 

This may include, but is not limited to:

  • Antivirus and App Blocker Exclusions
  • Virtual User access to StoreFront, Horizon, etc.
  • Virtual User authorization to launch target resources
  • Target applications should be installed or available

Antivirus and App Blocker Exclusions

For a list of exclusions that can be added to the respective Anti Virus or App Blocker to make sure Login Enterprise runs correctly in your Target environment, please see this article.

User Access Entitlements

Virtual User Accounts require entitlements to access Target Resources. This is handled within your Virtualization provider's management plane.

The following list serves as a checklist to validate you have successfully granted Virtual Users with access to the Target Resource.

  • From a Launcher machine, can you navigate to the access portal (Citrix Storefront, VMware Horizon) and attempt to sign in? 
  • From a Launcher machine, can you launch the target resource after authenticating at the access portal? 
  • Does the Target Session launch from the associated Client Connector Application (Citrix Workspace, VMware Horizon Client, RDP, UWC)?
  • Is the Virtual User licensed to use the Target Application? 

Application Scripting Requirements

In order to create Custom Workflow Scripts for use within Login Enterprise, the Script Editor is required. The Script Editor and Application X-Ray work side-by-side to inspect an application's user interface and generate the requisite code to interact with it. The Script Editor has a standalone engine that can be used to test and validate a script before attempting to use it within a test configuration.

The Script Editor can be downloaded from the Applications tab within the Web Interface. The Script Editor will need to be temporarily downloaded on a target desktop in order to develop application workflows.

For more information on the Script Editor, please see this article.

Published Applications

Our engine relies on APIs available through the Windows OS, specifically the Windows UI Automation Accessibility Framework. With published applications, the underlying UI element properties that are available for locally running apps are not available. This poses a challenge when creating custom workflows for these applications. The standard UI information is not transmitted to the standard Login Enterprise scripting toolset. 

Login Enterprise supports executing workflows against published applications. When executing workflows with published applications, our engine must run in the published application session, where the engine can utilize the required APIs. However, when creating workflows the application must be accessed locally in order to capture its UI properties. This is because Application X-Ray will not be able to capture UI control information for streamed applications. 

There are two workarounds to inspect Published Applications:

  • Temporarily deliver locally to create application workflow
  • Provide access to Application Session Host

Special Considerations

Java Applications

Java applications, while becoming less frequent, are still prevalent in many enterprises. Java applications run in a specialized Java runtime environment. Our engine relies on APIs available through the Windows OS, specifically the Windows UI Automation Accessibility Framework. Java applications unlike more modernized WPF applications, do not transmit this information. This makes application development using standard Login Enterprise toolsets difficult.

In these situations, only coordinate-based interactions  and keyboard shortcuts are feasible. For availability scenarios where only validating the start of the application is important, this is still an option. Application launch times can still be captured using standard Login Enterprise scripting. Where keyboard shortcuts are available other application performance measurements can sometimes be captured as well. 

Double Hop & Nested Mode Scenarios

In Citrix terminology, this concept is known as a Double Hop. In VMware Horizon, it is known as a session in Nested Mode. This refers to the scenario where an end-user launches a virtual desktop--the first hop, and within that virtual desktop, launches a published desktop or application--the second hop. Our Logon Executable is primarily responsible for starting our automation engine.

Our engine relies on APIs available through the Windows OS, specifically the Windows UI Automation Accessibility Framework from within the "first hop" session. Thus, the underlying UI element properties that are available for locally running apps are not available for applications running in the "second hop". Similar to our challenges with Java-based applications, coordinate-based interactions and keyboard shortcuts may be options. 

If there are any concerns, please bring them to the attention of your respective Account team.