Skip to content

Introduction

In this section you can see all the resources that the installation has, these will appear when creating a desktop/template.

Videos

In this section you can add different video formats.

To add a new format, press the button

And the fill out the form

Interfaces

In this section you can add private networks to desktops.

To add a network, press the button

And the fill out the form

  • Type: Bridge , Network, OpenVSwitch, Personal

    • Bridge: It links with a bridge to a server network. On the server you can have interfaces that link, for example, with vlans to a backbone of your network, and you can map these interfaces in isard and connect them to the desktops.

    In order to map the interface within the hypervisor, this line must be modified in the isardvdi.conf file:

    # ------ Trunk port & vlans --------------------------------------------------
## Uncomment to map host interface name inside hypervisor container.
## If static vlans are commented then hypervisor will initiate an 
## auto-discovery process. The discovery process will last for 260
## seconds and this will delay the hypervisor from being available.
## So it is recommended to set also the static vlans.
## Note: It will create VlanXXX automatically on webapp. You need to
## assign who is allowed to use this VlanXXX interfaces.
#HYPERVISOR_HOST_TRUNK_INTERFACE=

## This environment variable depends on previous one. When setting
## vlans number comma separated it will disable auto-discovery and
## fix this as forced vlans inside hypervisor.
#HYPERVISOR_STATIC_VLANS=

  • Model: rtl8931, virtio, e1000

    • It is more efficient to use virtio (which is a paravirtualized interface), while the e1000 or rtl are card simulations, and it is slower, although it is more compatible with older operating systems and it is not necessary to install drivers in the case of windows.

    If you have a modern operating system, it works with virtio, but with the others that are interfaces. Old windows: rtl, e1000

  • QoS: limit up and down to 1 Mbps, unlimited

Boots

This section lists the different boot modes for a desktop.

If you do not have permissions, you cannot select a bootable iso and it is not allowed by default that users can map isos.

To give permissions, press on the icon

Network QoS

This section lists the limitations that can be placed on networks.

To add a limitation, press the button

And the fill out the form

Disk QoS

This section lists the limitations that can be placed on disks.

To add a disk limit, press the button

And the fill out the form

Remote VPNs

In this section you can add remote networks to desktops.

To add a remote network, press the button

And the fill out the form

Bastion

This manual applies to IsardVDI installations from version v14.64.3 onwards.

Bastion is a feature that allows public access to the HTTP and HTTPS services of virtual desktops, as well as SSH connections from any device. It works as an intelligent proxy that, depending on the subdomain used, automatically redirects to the appropriate HTTP, HTTPS, or SSH service of the virtual desktop.

Thanks to Bastion, it’s possible to connect to virtual desktops through the same server that hosts the IsardVDI web interface, avoiding the need for a VPN connection to access these services.

This section explains how to configure Bastion at the Administrator level. For information on how to use it as a user, please refer to the following link: Bastion User Manual.

Activation

  • IsardVDI version: Bastion access is available starting from version v14.30.0. You need to update IsardVDI to the latest version if you're using an earlier one to be able to use this feature.

  • Configuration: Add the new bastion variables to the isardvdi.cfg file (or regenerate the config file from the new version’s isardvdi.cfg.example):

    # ------ Bastion -------------------------------------------------------------
BASTION_ENABLED=true
BASTION_SSH_PORT=2222

  • Build process: Build IsardVDI to apply the changes and start the updated system:

    bash build.sh; docker compose up -d

  • Administration interface: Now, in the administration section under domainsresources, you’ll find a new configuration block.

Configuration

To use Bastion, you need a base domain that points to the IP address of the IsardVDI server. From this base domain, subdomains containing the UUIDs of the virtual desktops will be generated, allowing identification and routing to each desktop.

It is not recommended to use the same domain as the IsardVDI web interface as the base domain for Bastion. The best configuration is to use your own domain or a subdomain, and set it up with a CNAME record pointing to the main server domain of IsardVDI.

For example:

  • Main domain pointing to our server: isardvdi.com

  • We create a CNAME record in our DNS server to redirect a subdomain to the main domain:

example.isardvdi.cat.  IN  CNAME  isardvdi.com.

Don't forget the final dot at the end of the domain or subdomain you configure.

With this configuration, the subdomains generated with the UUIDs of the virtual desktops will be properly linked to the main domain.

The domain you choose to use will be the default domain available to all users who have permission to use Bastion.

However, this default domain can be changed to a custom one for each category. In the categories section, you can see a column with a circle that turns green if Bastion is enabled for that category:

If you edit the category by clicking → , which is next to the category name, you’ll see the following Bastion option:

Within this section, you will have 3 options:

  • Enable bastion access with the default domain: Enables the default domain used for Bastion.

  • Disable bastion access: Disables access to the Bastion feature.

  • Enable bastion access with a custom domain: This option allows you to configure a custom domain for Bastion access to the virtual desktops in that category. To do this, you’ll need to add some records to your DNS server.

How do I configure a custom domain for a category?

  1. Add an A record pointing to the server’s IP with the custom domain you want to add. Also, add another record indicating that all subdomains of that subdomain should also point to the server.

    category1.isardvdi.com. IN A {Server_IP}

    *.category1.isardvdi.com. IN A {Server_IP}

  2. When you modify the domain’s TTL (Time to Live), which determines how long devices and servers will cache the DNS resolution result before querying again, it’s recommended to set it to the minimum value to prevent the platform from working with outdated or stale data.

  3. To verify to the server that you own the domain you’re providing, add a TXT record with the information given by the platform section, the Record content. For example:

    _isardvdi-bastion-category.category1.isardvdi.com. TXT "1234-1234-1234-1234"

  4. Finally, fill in the Domain field with the new domain name for that category.

How can I verify that the domain was generated correctly?

  • From a terminal, you can query the domain by running:

    dig @8.8.8.8 -t txt _isardvdi-bastion-category.accesescriptori.isardvdi.cat

  • Pinging the new configured domain should resolve to the IP address of the IsardVDI server.

    ping category1.isardvdi.com

  • Another option is to use any online TXT record lookup tool for the domain you provide. You can use mxtoolbox and check that it matches what you configured in your DNS.

After completing the internal configuration, you can move on to the options provided by the platform to configure Bastion:

Features of each button:

  • : Clicking this button allows you to configure the permissions for Bastion use.

  • : This button allows you to grant permissions to modify/add custom domains for Bastion for each virtual desktop.

  • : In this section, you define the default domain for Bastion.