At the time of writing version 5.4 is available to download but the following is based on 5.1. Mirage can be deployed in a cluster environment and for larger deployments I would recommend this approach to give the redundancy and flexibility needed. The following is what you will need to cluster Mirage.
- File share / server
- SQL database
- Two Mirage servers
- Mirage Management server
- Mirage Web server
- Two Mirage Gateway Appliances
File Share
The first step is to provision some file storage, this can be a dedicated file server or an existing one it just needs to be presented as a CIFS share. A Windows box is fine for up to 500 endpoints, after that its recommended to use a enterprise level NAS box using CIFS. VMware’s sizing stipulate 15GB per user and a minimum of .75 IOPS per CVD for incremental after the initial uploads. Once the CIFS share is provisioned move onto the SQL database.
Database
SQL database can be stored on full blown SQL server 2008 R2 x64, SQL server 2012 SP1 x64. SQL express edition is supported for these versions, its recommended to use full SQL database if the endpoint count is over 5000 endpoints. If you have an existing production SQL server that is supported then use that. The SQL server does require windows authentication and the user account used to install Mirage must have dbcreator over the DBs. As always use service accounts where possible.
Management Server
Create a new VM, mine was configured with 2 x vCPUs and 8GB of RAM. Install Windows 2012 R2, join to the domain and set static IP. Add .NET framework 3.5 from features. Install Mirage management server. When installing either disable UAC or ‘Run as Administrator’ this applies to all components.
Run through the set-up, add the required SQL / CIFS share information.
Once completed you will see ‘NonSIS’ and ‘SIS.vhm’ folders on the CIFS share. Add the following Windows firewall rules
- TCP 443 Inbound
- TCP 1443 Inbound
Mirage Server
Provision out 2 VMs out at this point with 4 x vCPU and 8GB of RAM. These VMs will have another vDisk attached that used for Mirage local cache. Cache size is recommended at 100GB and in this example it will be set to 100GB. Add VM to domian, static IP, VMware tools and add .NET 3.5. If the target endpoints are between 1000 and 1500 the minimum specs are 4 x vCPU and 16GB of RAM.
Point the setup to the SQL instance and set the location /size of the local cache. Set the identical setting on both Mirage servers using the same service account.
Set the following exceptions in Windows firewall
- TCP 8000 Inbound
- TCP 8001 Inbound
To enable SSL import the certificate now on each Mirage server. Import it to the local computer personal store.
Mirage Management Console
Mirage management console can be installed on any supported server or PC. I’ve installed it on the management server.
Install is just a next - next -finish. Once installed open the shortcut on the desktop - Add System. Enter the DNS name or im my case ‘localhost’ will do.
Once it has connected first update the license key. Add you license key then the Mirage system will display down the left hand side.
Web Server
Mirage has two web services available - File Portal and Web Management. Web Management is a webpage that can be used instead of the console and File Portal allows the users to browse the CVDs and be able to restore any of their items. It is possible to publish these sites externally but if you want to use domain account to access the sites the server must be on the domain, keep this in mind when publishing this externally.
Build a new VM, smaller resources then the other servers. I have 2 x vCPU and 4GB of RAM. Assign the relevant NICs, DMZ for external access for example, make sure the server still has access to the internal production network for domain access. Install Windows 2012 R2, static IP, VM tools and add to the domain. Install IIS role and run the below msi.
Select ‘Web Access’ - enter the server details and make a note of the ports.
Enter the server address and make a note of the ports.
To install the web management install the MSI from the parent folder ‘WebManagemet’.
Run through the setup, add the server name and make a note of the ports.
For Mirage 5.1 and Windows 2012 R2 there are additional IIS work to be carried out. IIS in 2012 R2 doesnt include IIS 8 features, by default you will get a HTTP Error 403.14 Forbidden error. Go Roles and Features and expand Web Server - Application Deployment and add the following.
Once added the sites will open fine browse to the configured address and the ports set above on HTTPS.
To add a certificate import the cert into the local computer Personal store on the new web server and add it to bindings in IIS.
Now if you browse to the web URL it will be secure. Now add the following Windows firewall exceptions
- TCP 7443 Inbound
- TCP 7080 Inbound
- TCP 6443 Inbound
- TCP 6080 Inbound
Gateway Appliance
Mirage gateway server is a virtual appliance, download the relevant OVF file from the portal and import it into vCentre. Run through the setup, assign the appliance a name, select the cluster resource, select a datastore, select a network and configure IP information. This appliance should be on an external DMZ network. Once the appliance has been deployed open the console - Set Time Zone. Enter your time zone. Once complete browse to the assigned IP address and login with the default credentials
- Username – mirage
- Password – vmware
First configure LDAP as below (add the LDAP server IP address)
Next step is to pair the gateway server with a Mirage server. This must point to one Mirage server and not a load balanced address. Point this to a resolvable DNS name and the correct port.
Next enter the certificate, as this is public facing a trusted 3rd party certificate is recommended. Note at this point the certificate is used for Mirage traffic and is not bound to the web management page. Once the certificate is applied you will still receive an error in the web browser.
Add the token expiration time in hours and set a activation code - this code will be used to add the appliance in the Mirage console.
Setup the second Mirage gateway appliance and point it to the second Mirage server. Once both appliances are configure and pointing to the Mirage servers open the Mirage console. Go down to ‘System Configuration - Mirage Gateway’. You should now see the appliances status as ‘UP’.
Once added the settings such as LDAP settings can be changed from within the console. External firewall ports must be allowed through to the Gateway appliances with the relevant NAT rules
- TCP 8000 Inbound
- TCP 8001 Inbound
DNS / Load-Balancer
Now the servers are built and before you go on to administrate Mirage, add a DNS entry for clients to access the Mirage servers. You will need to use a load-balancer to balance the requests to both server. Do this for internal (to the Mirage servers) and external (to the Gateway server).