[en] Application server - Configuring RemoteApp

La traducción oficial aún no está disponible.

Nota

[en] Application server was available in NiceLabel Control Center 2019 and is not available in NiceLabel Control Center 10.

[en] Problem

[en] This article provides the steps to enable Application Server functionality in Control Center.

[en] Prerequisites:

  • [en] NiceLabel LMS Enterprise license.

  • [en] Installed Microsoft RemoteApp with an active license on the Windows server.

[en] Some useful resources on the Microsoft web page:

[en] Complete the steps described in the subsections below.

[en] Solution

[en] Publishing NiceLabel programs

[en] On a computer with enabled RemoteApp role:

  1. [en] Enable WebDAV Redirector features. This was you enable NiceLabel Desktop Designer to connect to the Document Storage (WebDAV) on the Control Center.

  2. [en] Install NiceLabel Desktop Designer.

  3. [en] Set the default directories to point to the Document Storage.

    [en] In tc:\ProgramData\NiceLabel\NiceLabel <version> edit file product.config XML file.

    [en] Update folder names in <Directories/> node.

  4. [en] Activate NiceLabel Desktop Designer with the same LMS license key as used in the Control Center.

  5. [en] Start Server Manager.

  6. [en] In the left pane, click Remote Desktop Services.

  7. [en] Click Collections, then on the right side, click TASKS drop-down and select Create Session Collection. Follow the wizard.

  8. [en] Return to the Server Manager and open Publish RemoteApp Programs.

  9. [en] If you do not see NiceLabel Desktop Designer and NiceLabel Print in the list, click Add... and browse to \\<remoteapp>\c$\Program Files\NiceLabel\NiceLabel 2017\bin.net.

    [en] Replace the <remoteapp> with the Fully Qualified Domain Name (FQDN) for your RemoteApp server.

    [en] Add NiceLabelDesktop Designer.exe and NiceLabelPrint.exe RemoteApp programs from the bin.net folder:

    [en] Click Next.

  10. [en] You should see the four selected programs listed in the window. Click Publish.

  11. [en] All programs are now published. Click Close.

  12. [en] All RemoteApp programs are visible in the Server Manager.

  13. [en] Right-click each published program and select Edit properties.

    [en] In the Parameters category, select the option Allow any command-line parameters for each program.

  14. [en] Click OK.

[en] Digitally signing your published applications

[en] Each time you run NiceLabel Desktop Designer or NiceLabel Print with a file from your Document Storage, Control Center creates a .RDP file with instructions for the Remote Desktop Client. The .RDP file must be signed with the SSL certificate, or the users see warning messages about unknown publisher when executing the .RDP files.

[en] To configure the digital signature:

  1. [en] Addi certificate on RemoteApp deployment.

  2. [en] Add a certificate for your computer account and allow Control Center to access it.

  3. [en] Bind Control Center with the certificate.

[en] Installing the certificate on the computer

[en] To install the certificate on the computer and allow Control Center to use it, do the following:

  1. [en] Open Console. Press Windows key + R, enter "mmc", then press Enter.

  2. [en] In the Console, click File, then click Add/Remove Snap-in.

  3. [en] In Add or Remove Snap-ins, under Available snap-ins, double-click Certificates.

  4. [en] In Certificates snap-in, select Computer account. Click Next.

  5. [en] Select Local computer, then click Finish.

  6. [en] Click OK.

  7. [en] Expand Certificates (Local Computer) > Personal > Certificates.

  8. [en] Right-click Certificates, then select All Tasks > Import.

  9. [en] Follow the wizard to import the certificate.

  10. [en] Make sure the Certificates node is selected and certificates are listed in the right-hand pane. Select the certificate you created/imported previously.

  11. [en] Right-click the certificate, select All Tasks, then Manage Private Keys.

  12. [en] Click Add… and add the Application Pool user of the Control Center website. Enter the user name IIS AppPool\EPMAppPool.

    [en] Click Locations and select the server name (top selection in the list).

    [en] Click OK.

    [en] Click Check Names to verify the entered user name.

    [en] Click OK.

  13. [en] Select the user and grant Read permission.

  14. [en] Click OK.

    [en] NOTE. If you see an error message Unable to save permission changes and Access is denied your user name doesn't have permissions to manage certificate access rights.

  15. [en] Double click the certificate and go to the Details tab.

    [en] Scroll down to find the Thumbprint field.

    [en] Select the certificate thumbprint and copy it to Clipboard.

[en] Adding certificates to RemoteApp deployment

[en] To add certificates for server authentication, single sign-on, and establishing secure connections, do the following:

  1. [en] Start Server Manager.

  2. [en] In the left pane, click Remote Desktop Services.

  3. [en] Click Collections, then on the right-hand side, click TASKS drop-down and select Edit Deployment Properties.

  4. [en] Click the Certificates category in the left-hand menu.

  5. [en] Make sure you have a certificate issued by your Certification Authority (CA) in a file on a disk.

  6. [en] Select the Role Service that is not in Trusted level yet (is not bound with a certificate). Click Select existing certificate...

  7. [en] Select Choose a different certificate, then click Browse.

  8. [en] Select a certificate from a file. Enable Allow the certificate to be added to the Trusted Root Certification Authorities certificate store on the destination computers option.

  9. [en] Click OK.

  10. [en] Click Apply to confirm the changes, then repeat steps 6-10 for all Role Services in the list. In the end, the level must be set to "trusted" and status to "OK".

[en] Binding The Control Center With The Certificate

[en] To configure Control Center to work with the RemoteApp server:

  1. [en] Open your Control Center page and go to the Administration tab.

  2. [en] Go to the Application Server section.

  3. [en] Enable the Enable application server option.

  4. [en] In the Application server URL, enter the FQDN name of the RemoteApp server.

  5. [en] In Signing certificate thumbprint, paste the thumbprint from the Clipboard (read the previous section in this chapter).

  6. [en] Click Save changes.

[en] Testing if .RDP file is signed with the certificate

  1. [en] Open the Control Center page.

  2. [en] Go to the Document Storage.

  3. [en] Select a label and click the Application Server button in the toolbar.

  4. [en] Select Download Edit Label Shortcut. The .RDP file downloads.

  5. [en] Open the .RDP file in a text editor.

  6. [en] If the .RDP file is correctly signed, it contains additional entries signscope and signature.

[en] Applying a custom remote desktop port number

[en] If the Remote Desktop service runs on a non-default port, update the RDP template file that is used to generate .RDP file for the user.

  1. [en] Navigate to the folder where Control Center is installed. By default, it is installed in:

    [en] c:\Program Files\NiceLabel\NiceLabel Control Center\WEB

  2. [en] Open the template.RDP file in a text editor.

  3. [en] Search for the string:

    [en] server port:i:3389

  4. [en] Replace the default RDP port number 3389 with your custom port number.

  5. [en] Save the file.