Procedure for Enabling Notification of Switchover to the Quarantine Network

This section explains the procedure for enabling notification of switchover to the quarantine network.

Performing the following procedure will cause a pop-up message to be displayed on the desktop of a virtual PC or SBC server when it has been quarantined.

If notification of users fails, a warning message will be output in the GUI (ROR console), and the quarantining will proceed.

Procedure

Execute the following command using the Resource Orchestrator manager.

> msgnotice register -name VDI_management_server_name -ip IP_address_for_connecting_to_the_VDI_management_server -user_name Administrator_user_ID_for_the_VDI_management_server -passwd Administrator_password_for_the_VDI_management_server

Enable notification of quarantining.
Execute the following command.
```
> msgnotice enable 
```
Authorize remote management.
1. Execute the following command, and record the content displayed in TrustedHosts.
  > winrm get winrm/config/client
  Record the content displayed in TrustedHosts.
  
  If the displayed content is a single asterisk ("*"), or the "IP_address_for_connecting_to_the_VDI_management_server" configured in step 1, it is not necessary to perform steps b and c below.
  Example
  
  Results Displayed when Multiple Servers Are Registered
  192.168.1.100, 192.168.1.101
2. Execute the following command. When entering the command, enter the results of step a in "Content_recorded_in_step_a".
  > winrm set winrm/config/client @{TrustedHosts="Content_recorded_in_step_a, IP_address_for_connecting_to_the_VDI_management_server"}
  Example
  
  Command when Multiple VDI Management Servers Are Registered
  > winrm set winrm/config/client @{TrustedHosts="192.168.1.100, 192.168.1.101, IP_address_for_connecting_to_the_VDI_management_server"}
3. Execute the following command, and confirm the content in TrustedHosts.
  > winrm get winrm/config/client
  If the address of the VDI management server you entered in "Content_recorded_in_step_a" has been added, then there are no problems.
Configure the VDI management server to allow access from Windows Remote Management.
Log in to the VDI management server as a user with administrator privileges, and execute the following command from the command prompt. When the prompt is displayed, enter "y".
```
> winrm quickconfig 
```
Change the PowerShell execution policies.
On both the machine to be set up as the admin server of Resource Orchestrator and the VDI management server, change the PowerShell execution policy to "RemoteSigned".
Start the PowerShell console using administrator privileges and execute the following command.
```
> Set-ExecutionPolicy -ExecutionPolicy RemoteSigned 
```

Confirmation of Results

Execute the following command, and confirm that notification has been enabled.

> msgnotice info

See

For details on the msgnotice command, refer to "4.9 msgnotice".

Point

The default message is shown below.

Warning! 
Security threat detected. 
This virtual application/desktop will be disconnected for safety reasons.

When changing the content of the message, configure it in the definition file.

For details on the definition results file, refer to "2.5.4 Definition File for Enabling Notification".

Note

When notification is enabled, there will be a delay of up to 10 seconds before automatic quarantining is performed.
In order to use this function, it is necessary to configure Citrix Studio on the same server as Citrix Delivery Controller, which is on the VDI management server.

2.6 Procedure for Enabling Notification of Switchover to the Quarantine Network