How Does AD Connection Work with VERDE, LDAP and Domain

How Does AD Connection Work with VERDE, LDAP and Domain

Product Line:  VERDE

Verde VDI System Design Guide

(Active Directory Connection and Authentication)

 

This System Design Guide explains the integration of Active Directory with Verde VDI.

The following configurations are required for logging into Verde VDI using Active Directory credentials:

 

-          LDAP Connection   (defines the Active Directory Controller)

-          ACTIVE DIRECTORY tab within Session Settings   (provides AD Admin information)

-          DESKTOP POLICY    (provision Windows virtual desktops to Users/Groups)

(Details of these topics will be explained later in this document)

 

Diagram of a Guest session connection to the client

 

 

  

1.      Flow of authentication using Active Directory

Client login to Verde VDI using Active Directory credentials

There are several methods to login to Verde VDI.

a)      Verde Client (for Windows, MAC, Linux)

b)      Various Thin-client devices ex. NComputing RX-series

c)      HTML5 compliant Web browser (Google Chrome, Mozilla Firefox)

d)      Verde LEAF OS  (micro-kernel that is used to re-purpose aging desktop computers)

Authentication request to AD

Verde VDI uses the LDAP Connection to make LDAP requests to the AD Domain.

a)      It uses the credentials that were provided by the Verde Admin when creating the LDAP Connection to connect to the AD Domain and passes the User credentials to Active Directory to validate the User. (see configuring LDAP Connection – below)

Authentication approval from AD

Once the User credentials are validated within Active Directory, Verde searches the Desktop Policy to find a match of the User and presents a list of the provisioned Windows virtual desktops.

Guest session (VM) start

After the User clicks on the desired Windows virtual desktop, Verde will start the VM.

Joining of the VM (Computer Account) to AD

Upon the initial User login using Active Directory credentials, Verde requires information in the ACTIVE DIRECTORY tab of the Session Settings to perform a dynamic joining of the Domain. (see configuring SESSION SETTINGS – below)


 

2.      Major steps to configure Active Directory and VERDE VDI

User account registration in AD domain controller

VERDE VDI Configuration (Overview)



 












    • Related Articles

    • Configuring LDAP (OpenLDAP) only. No Active Directory

      Product Line:  VERDE It's rare to have a customer NOT use AD/Domain.  But, it is supported.  We've tested with OpenLDAP and JumpCloud LDAP.  This article covers the VERDE Configuration to support OpenLDAP only authentication.  
    • Configuring LDAP (JumpCloud) only. No Active Directory

      Product Line:  VERDE It's rare to have a customer NOT use AD/Domain.  But, it is supported.  We've tested with OpenLDAP and JumpCloud LDAP.  This article covers the VERDE Configuration to support JumpCloud only authentication. Or, depending on your ...
    • LDAP Authentication (NoTouch Center)

      LDAP Authentication (NoTouch Center) NoTouch Center is a tool for system administrators to manage their endpoints. It not only maintains a list of local user accounts, but it also supports user authentication via LDAP using either Microsoft Active ...
    • Accessing an AD/Domain that is Currently Out of the Guest Network.

      Product Line:  VERDE There may be a need to access and authenticate with an AD Server/Domain Server that is Out of the Guest Network.  These setting are specific to VERDE.  Add/Edit the lines highlighted. /etc/hosts 127.0.0.1   localhost4 ...
    • LDAP - Active Directory - Global Catalog

      Authenticating users from Active Directory forests (not only from a single domain) is possible in NoTouch Center. The NTC appliance needs to be configured to talk with the Active Directory Global Catalog server then though. The LDAP Server URL in ...