Configuration Multiple Servers

This feature is part of CP versions 3.2.4 and higher:

New version will have option to have 2 sets of connection strings – Primary and secondary set. Each set will have a name.

HDX connection:

When HDX is validating session back on Veridium server, the “default” connection is used first.
When validation fails, we try Secondary Veridium server. If passed, default is changed to secondary instance.
Bops logon service will keep both device authentication certs, and return “default” one based on preference.

Unlock scenario:

CP will allow use same instance as was used on HDX initial logon (described as “Default” in previous text).

User on host authenticates on APAC Storefront (first time).
StoreFront does SAML authentication using APAC Veridium Server
VDI is started, HDX interface is called. Session ID is transferred to HDX
HDX tries to verify on EUR Veridium RA. Veridium RA verifies request on EUR Veridium Server. Since Session ID was not generated on this server, it will fail.
HDX tries to verify on APAC Veridium RA. Veridium RA verifies request on APAC Veridium Server. Since Session ID was generated on this server, it will succeed, authentication token will be returned. Since this moment, APAC instance will be set as default.

Settings:

All settings are stored on registry keys:

HDX entry:

CODE

[HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\Citrix Virtual Desktop Agent\Authentication\HdxCredentialSelectorPlugins]
"VeridiumAuth"="{B311C8B4-73F2-4C2F-bC92-fAfC00ACDC5B}"

Veridium CP settings (example):

CODE

[HKEY_LOCAL_MACHINE\SOFTWARE\VeridiumID\VeridiumAD]
"EnableSecondaryURLs"=dword:00000001
"SecondaryURLsSuffix"=""

"BOPS_URL"="https://develop.veridium-dev.com/websec/rest/enterprise/"
"BOPS_URL_EXTERNAL"="https://develop.veridium-dev.com/websec/rest/enterprise/"
"ENROLL_URL"="https://dev-dc1.dev.local/BopsEnroll/BopsEnroll.svc/"
"RA_URL"="https://dev-dc1.dev.local/RaWebApp/api/"

"BOPS_URL2"="https://dev1.veridium-dev.com/websec/rest/enterprise"
"BOPS_URL_EXTERNAL2"="https://dev1.veridium-dev.com/websec/rest/enterprise"
"ENROLL_URL2"="https://dev-dc2.dev.local/BopsEnroll/BopsEnroll.svc/"
"RA_URL2"="https://dev-dc2.dev.local/RaWebApp/api/"

Registry key description:

Environment	Key	Value	Description
Global	`EnableSecondaryURLs`	1	To enable multiple servers support, needs to be set to “1”. Default is “0”.
EUR instance connection details	`BOPS_URL`	`https://develop.veridium-dev.com/websec/rest/enterprise/`	Internal VeridiumID server (EUR)
	`BOPS_URL_EXTERNAL`	`https://develop.veridium-dev.com/websec/rest/enterprise/`	Externally available VeridiumID server (EUR)
	`ENROLL_URL`	`https://dev-dc1.dev.local/BopsEnroll/BopsEnroll.svc/`	Veridium EP URL (EUR)
	`RA_URL`	`https://dev-dc1.dev.local/RaWebApp/api/`	Veridium RA URL (EUR)
APAC instance connection details	`BOPS_URL2`	`https://dev1.veridium-dev.com/websec/rest/enterprise/`	Internal VeridiumID server (APAC)
	`BOPS_URL_EXTERNAL2`	`https://dev1.veridium-dev.com/websec/rest/enterprise/`	Externally available VeridiumID server (APAC)
	`ENROLL_URL2`	`https://dev-dc2.dev.local/BopsEnroll/BopsEnroll.svc/`	Veridium EP URL (APAC)
	`RA_URL2`	`https://dev-dc2.dev.local/RaWebApp/api/`	Veridium RA URL (APAC)