DCV Session Manager Installation: Broker and Agent

The DCV Session Manager is a set of software packages (broker and agent) and an application programming interface (API) that makes it easy for developers and independent software vendors (ISVs) to build front-end applications that create and manage the lifecycle of NICE DCV sessions. In addition to the information below this guide can be helpful: Getting started with managing NICE DCV sessions secured behind a NICE DCV Connection Gateway.

Automatic Installation of the DCV Session Manager Broker and Agent on RH8/CentOS 8 and Derivatives

We have created an automatic script for RH8/CentOS 8 and derivatives which guides you through the installation of the following DCV Session Manager components:

  • NICE DCV (without GPU)
  • DCV Session Manager Broker
  • DCV Session Manager Agent
  • DCV Session Manager Gateway

The script can be downloaded here: Automatic Installation of the DCV Session Manager Broker and Agent on RH8/CentOS 8 and Derivatives. If you need support for other operating systems the script can be easily adapted to install other binaries or we can help with – just let us know.

Manual Installation of the DCV Session Manager Broker and Agent on Linux

The installation overview below shows the broker installation on CentOS 8. Other OS are similar (more details can be found here). We install the DCV Session Manager Broker with the following steps downloading the respective DCV SM Broker package from https://download.nice-dcv.com/):

sudo rpm --import https://d1uj6qtbmh3dt5.cloudfront.net/NICE-GPG-KEY
wget https://d1uj6qtbmh3dt5.cloudfront.net/2023.0/SessionManagerBrokers/nice-dcv-session-manager-broker-2023.0.392-1.el8.noarch.rpm
sudo yum install -y nice-dcv-session-manager-broker-2023.0.392-1.el8.noarch.rpm
# ... the SM broker package installs the following packages:
# Installed:
#  alsa-lib-1.2.1.2-3.el8.x86_64
#  atk-2.28.1-1.el8.x86_64
#  copy-jdk-configs-3.7-1.el8.noarch
#  gdk-pixbuf2-modules-2.36.12-5.el8.x86_64
#  giflib-5.1.4-3.el8.x86_64
#  gtk-update-icon-cache-3.22.30-5.el8.x86_64
#  gtk2-2.24.32-4.el8.x86_64
#  hicolor-icon-theme-0.17-2.el8.noarch
#  jasper-libs-2.0.14-4.el8.x86_64
#  java-1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2.x86_64
#  java-1.8.0-openjdk-headless-1:1.8.0.272.b10-1.el8_2.x86_64
#  javapackages-filesystem-5.3.0-1.module_el8.0.0+11+5b8c10bd.noarch
#  jbigkit-libs-2.1-14.el8.x86_64
#  libXcomposite-0.4.4-14.el8.x86_64
#  libXcursor-1.1.15-3.el8.x86_64
#  libXdamage-1.1.4-14.el8.x86_64
#  libXfixes-5.0.3-7.el8.x86_64
#  libXi-1.7.9-7.el8.x86_64
#  libXinerama-1.1.4-1.el8.x86_64
#  libXrandr-1.5.1-7.el8.x86_64
#  libXtst-1.2.3-7.el8.x86_64
#  libfontenc-1.1.3-8.el8.x86_64
#  libjpeg-turbo-1.5.3-10.el8.x86_64
#  libtiff-4.0.9-17.el8.x86_64
#  lksctp-tools-1.0.18-3.el8.x86_64
#  nice-dcv-session-manager-broker-2023.0.392-1.el8.noarch
#  ttmkfdir-3.0.9-54.el8.x86_64
#  tzdata-java-2020d-1.el8.noarch
#  xorg-x11-font-utils-1:7.5-40.el8.x86_64
#  xorg-x11-fonts-Type1-7.5-19.el8.noarch
sudo systemctl enable dcv-session-manager-broker
sudo systemctl start dcv-session-manager-broker
# we can check if the SM Broker started correctly with
journalctl -xe
# broker log files can be found in /var/log/dcv-session-manager-broker/DcvSmBroker.*
tail /var/log/dcv-session-manager-broker/DcvSmBroker.*
# The incoming ports 8445 (default) and 8448 should be open
sudo iptables-save
sudo firewall-cmd --zone=public --add-port=8445/tcp --permanent   # agent to broker port
sudo firewall-cmd --zone=public --add-port=8448/tcp --permanent   # client to broker port, adapted from default 8443 to 8448 
sudo firewall-cmd --reload
sudo firewall-cmd --list-all | egrep "8445|8448"
sudo iptables-save 
# copy the broker certificate 
sudo cp /var/lib/dcvsmbroker/security/dcvsmbroker_ca.pem $HOME

Here is a sample DCV SM Broker configuration file located in /etc/dcv-session-manager-broker/session-manager-broker.properties (after changing the broker properties file please restart the broker with sudo systemctl restart dcv-session-manager-broker):

root # sudo cat /etc/dcv-session-manager-broker/session-manager-broker.properties
# session-manager-working-path = /tmp
enable-authorization-server = true
enable-authorization = true
enable-agent-authorization = true
enable-persistence = false
connect-session-token-duration-minutes = 60
delete-session-duration-seconds = 3600
# create-sessions-number-of-retries-on-failure = 2
# autorun-file-arguments-max-size = 50
# autorun-file-arguments-max-argument-length = 150
# broker-java-home =
client-to-broker-connector-https-port = 8448
client-to-broker-connector-bind-host = 0.0.0.0
# client-to-broker-connector-key-store-file = test_security/KeyStore.jks
# client-to-broker-connector-key-store-pass = dcvsm1
agent-to-broker-connector-https-port = 8445
agent-to-broker-connector-bind-host = 0.0.0.0
# agent-to-broker-connector-key-store-file = test_security/KeyStore.jks
# agent-to-broker-connector-key-store-pass = dcvsm1
enable-gateway = false
# gateway-to-broker-connector-https-port = 8447
# gateway-to-broker-connector-bind-host = 0.0.0.0
# gateway-to-broker-connector-key-store-file = test_security/KeyStore.jks
# gateway-to-broker-connector-key-store-pass = dcvsm1
# enable-tls-client-auth-gateway = true
# gateway-to-broker-connector-trust-store-file = test_security/TrustStore.jks
# gateway-to-broker-connector-trust-store-pass = dcvsm1
# Metrics
# metrics-fleet-name-dimension = default
enable-cloud-watch-metrics = false
# if cloud-watch-region is not provided, the region is taken from EC2 IMDS
# cloud-watch-region = us-east-1
session-manager-working-path = /var/lib/dcvsmbroker

After having configured and started the broker we can start the agent e.g. for testing on the same machine:

# Download the Session Manager Agent
wget https://d1uj6qtbmh3dt5.cloudfront.net/2023.0/SessionManagerAgents/nice-dcv-session-manager-agent-2023.0.675-1.el8.x86_64.rpm
sudo yum install -y nice-dcv-session-manager-agent-2023.0.675-1.el8.x86_64.rpm
sudo cp dcvsmbroker_ca.pem /etc/dcv-session-manager-agent/
# append the configuration to the agent.conf file; we disable strict TLS verification
cat << EOF | sudo tee --append /etc/dcv-session-manager-agent/agent.conf
broker_host = '$HOSTNAME'           # it could be the case that you need to remove the previous broker_host config to active this one
tls_strict = false
ca_file = '/etc/dcv-session-manager-agent/dcvsmbroker_ca.pem'
EOF
sudo systemctl enable dcv-session-manager-agent
sudo systemctl start dcv-session-manager-agent
# The logfiles will be at /var/log/dcv-session-manager-agent/agent.log by default where you can e.g. debug issues in case the DCV SM agent is not able to communicate with the SM broker
tail /var/log/dcv-session-manager-agent/agent.log

With DCV Session Manager agents running you can query the session broker to show the registered agents:

> sudo dcv-session-manager-broker describe-agent-clients           # this command might takes a moment to initialize
 Session manager agent clients
 [ {
   "active" : true,
   "id" : "daeaf3e8-a59f-445a-8194-9e65a8d7dddc",
   "softwareStatement" : "ewogICJpZCIgOiAiMzQxOTUzMmMtNWU3Yy00ZTdhLWI2MWUtZmFjODQ5NjJmYzc5IiwKICAiaXNzdWVkQXQiIDogMTU5OTQ5NTcwMi4wMDAwMDAwMDAsCiAgImNsaWVudE5hbWUiIDogIkRDViBTZXNzaW9uIE1hbmFnZXIgQWdlbnQiLAogICJjbGllbnRWZXJzaW9uIiA6ICIyMDIwLjIiCn0=",
   "name" : "dcv-sm-agent"
 } ]

Installing the DCV Session Manager CLI

The DCV Session Manager Command Line Interface (CLI) offers control and monitoring of DCV servers and sessions. The following commands are available:

root # ./dcvsm -h  
  close-servers                Closes one or more NICE DCV servers.
  create-session               Creates a new NICE DCV session.
  delete-session               Deletes the specified NICE DCV session.
  describe-servers             Describes one or more NICE DCV servers.
  describe-sessions            Describes one or more NICE DCV sessions.
  get-session-connection-data  Gets connection data for a specific NICE DCV session.
  get-session-screenshots      Gets screenshots of one or more NICE DCV sessions.
  open-servers                 Opens one or more NICE DCV servers.
  update-session-permissions   Updates the user permissions for a specific NICE DCV session.

The installation steps for NICE DCV Session Manager are:

wget https://d1uj6qtbmh3dt5.cloudfront.net/2023.0/SessionManagerCLI/nice-dcv-session-manager-cli-1.0.3-132.zip
unzip nice-dcv-session-manager-cli-1.0.3-132.zip
cd nice-dcv-session-manager-cli-1.0.3-132/
sed -ie 's~/usr/bin/env python~/usr/bin/env python3~' dcvsm   # replace the python with the python3 binary
./dcvsm --version
> NICE DCV Session Manager CLI, version 1.0.3-132

In case we do not have registered a client yet we can register with the following command:

# dcv-session-manager-broker register-api-client --client-name EF
client-id: 5ee022b4-9307-4a08-bebb-0320c716cc9d
client-password: OGMzYTk5MDgtODNjNC00Y2U4LTg2ODEtZDFmMmZjMzRjMDk5

In the “conf” directory we can find the DCV SM CLI configuration file conf/dcvsmcli.conf which we can adapt with our settings similar to below replacing client id, password and other configuration parameters (we have set the client-to-broker port to 8448 to avoid possible conflict with the DCV default port 8443):

root # cat conf/dcvsmcli.conf
[output]
# The formatting style for command output.
output-format = json

# Turn on debug logging
# debug = true

[security]
# Disable SSL certificates verification.
no-verify-ssl = true

# CA certificate bundle to use when verifying SSL certificates.
# ca-bundle = conf/dcvsmbroker_ca.pem

[authentication]
# hostname of the authentication server used to request the token
auth-server-url = https://ip-172-31-4-230:8448/oauth2/token?grant_type=client_credentials

# The client ID
client-id = 5ee022b4-9307-4a08-bebb-0320c716cc9d

# The client password
client-password = OGMzYTk5MDgtODNjNC00Y2U4LTg2ODEtZDFmMmZjMzRjMDk5

[broker]
# hostname or IP of the broker. This parameter is mandatory.
url = https://ip-172-31-4-230:8448

Describe Servers with the DCV SM CLI

Now we can use the CLI to check our DCV SM Broker using the commands highlighted above. Here is e.g, a sample output of the dcvsm describe-servers command:

root# ./dcvsm describe-servers
{
    "request_id": "e026e7f3-731b-42ad-9cde-8cea6bec6214",
    "servers": [
        {
            "id": "aXAtMTcyLTMxLTQtMjMwLTE3Mi4zMS40LjIzMC0zNjczMTkyMDlhZTE0YjdiYTg5ZmZhYjg0Mzc0MGRiMg==",
            "ip": "172.31.4.230",
            "hostname": "ip-172-31-4-230",
            "default_dns_name": "ip-172-31-4-230.eu-central-1.compute.internal",
            "endpoints": [
                {
                    "ip_address": "0.0.0.0",
                    "port": 8443,
                    "web_url_path": "/",
                    "protocol": "HTTP"
                },
                {
                    "ip_address": "::",
                    "port": 8443,
                    "web_url_path": "/",
                    "protocol": "HTTP"
                }
            ],
            "version": "2023.0.15065",
            "session_manager_agent_version": "0.0.0",
            "availability": "AVAILABLE",
            "console_session_count": 0,
            "virtual_session_count": 0,
            "host": {
                "os": {
                    "family": "linux",
                    "name": "Ubuntu",
                    "version": "22.04",
                    "kernel_version": "5.19.0-1027-aws"
                },
                "memory": {
                    "total_bytes": 4135554048,
                    "used_bytes": 1415235584
                },
                "swap": {
                    "total_bytes": 0,
                    "used_bytes": 0
                },
                "aws": {
                    "region": "eu-central-1",
                    "ec2_instance_type": "t3.medium",
                    "ec2_instance_id": "i-0220928deaa3c42b6",
                    "ec2_image_id": "ami-02e301abe6e1a910f"
                },
                "cpu_info": {
                    "vendor": "GenuineIntel",
                    "model_name": "Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz",
                    "architecture": "x86_64",
                    "number_of_cpus": 2,
                    "physical_cores_per_cpu": 1
                },
                "cpu_load_average": {
                    "one_minute": 0.15,
                    "five_minutes": 0.07,
                    "fifteen_minutes": 0.02
                },
                "gpus": [
                    {
                        "vendor": "Amazon.com, Inc.",
                        "model_name": "Device"
                    }
                ],
                "logged_in_users": [
                    {
                        "username": "ubuntu"
                    }
                ]
            },
            "tags": [
                {
                    "key": "dcv:max-virtual-sessions",
                    "value": "-1"
                },
                {
                    "key": "dcv:os-family",
                    "value": "linux"
                },
                {
                    "key": "dcv:max-concurrent-sessions-per-user",
                    "value": "1"
                }
            ]
        }
    ]
}

Creating, Listing and Deleting a session with the DCV SM CLI

Creating a session dynamically with the DCV SM CLI is also easy on one or more DCV servers:

ubuntu> ./dcvsm create-session --name SESS1 --owner ubuntu --type Virtual
{
    "request_id": "1ac796c2-82ab-4fd1-b11f-c4fa45a9fff7",
    "successful_list": [
        {
            "id": "3715ea87-c0f0-490f-9f4c-8c24cc9a4d82",
            "name": "SESS1",
            "owner": "ubuntu",
            "type": "Virtual",
            "state": "CREATING",
            "substate": "SESSION_PLACING"
        }
    ],
    "unsuccessful_list": []
}
# Create a DCV Console session on a specific host: 
ubuntu> ./dcvsm create-session --name session123 --owner sessionOwner --type Console --requirements "server:Hostname=’mycoolworkstation’"
# Create a DCV Console session on a Windows server: 
ubuntu> ./dcvsm create-session --name session123 --owner sessionOwner --type Console --requirements "server:Host.Os.Family = 'windows'"
ubuntu> ./dcvsm describe-sessions
{
    "request_id": "e5f73683-13a7-4362-bb44-c6182a3488b3",
    "sessions": [
        {
            "id": "3715ea87-c0f0-490f-9f4c-8c24cc9a4d82",
            "name": "SESS1",
            "owner": "ubuntu",
            "server": {
                "id": "aXAtMTcyLTMxLTQtMjMwLTE3Mi4zMS40LjIzMC0zNjczMTkyMDlhZTE0YjdiYTg5ZmZhYjg0Mzc0MGRiMg==",
                "ip": "172.31.4.230",
                "hostname": "ip-172-31-4-230",
                "default_dns_name": "ip-172-31-4-230.eu-central-1.compute.internal",
                "port": "8443",
                "endpoints": [
                    {
                        "ip_address": "0.0.0.0",
                        "port": 8443,
                        "web_url_path": "/",
                        "protocol": "HTTP"
                    },
                    {
                        "ip_address": "::",
                        "port": 8443,
                        "web_url_path": "/",
                        "protocol": "HTTP"
                    }
                ],
                "web_url_path": "/",
                "version": "2023.0.15065",
                "session_manager_agent_version": "0.0.0",
                "availability": "AVAILABLE",
                "console_session_count": 0,
                "virtual_session_count": 1,
                "tags": [
                    {
                        "key": "dcv:os-family",
                        "value": "linux"
                    },
                    {
                        "key": "dcv:max-concurrent-sessions-per-user",
                        "value": "1"
                    },
                    {
                        "key": "dcv:max-virtual-sessions",
                        "value": "-1"
                    }
                ]
            },
            "type": "VIRTUAL",
            "state": "READY",
            "creation_time": "2023-07-03T13:16:37.609000+00:00",
            "num_of_connections": 0,
            "storage_root": ""
        }
    ]
}
ubuntu> ./dcvsm  delete-session --session-id 3715ea87-c0f0-490f-9f4c-8c24cc9a4d82 --owner ubuntu
{
    "request_id": "0305c131-5378-42ff-a3aa-0f52c4b3ee81",
    "successful_list": [
        {
            "session_id": "3715ea87-c0f0-490f-9f4c-8c24cc9a4d82",
            "state": "DELETING"
        }
    ],
    "unsuccessful_list": []
}

Other commands to control the DCV environment are e.g. commands to open and close servers.

Installing the DCV Session Manager Agent on Windows

The DCV SM agent packages can be found at https://download.nice-dcv.com/ in the agent section. Executing the MSI installer guides through the installation process:

Then accept the EULA and proceed to:

and the installation is finished:

Copy the dcvsmbroker_ca.pem certificate from the SM broker host to C:\Program Files\NICE\DCVSessionManagerAgent\conf\dcvsmbroker_ca.pem and adapt the C:\Program Files\NICE\DCVSessionManagerAgent\conf\agent.conf similar to the following configuration as admin user adapting the broker host and CA file according to your setup:

# ......
# hostname or IP of the broker. This parameter is mandatory.
broker_host = 'centos8'
# CA used to validate the certificate of the broker.
ca_file = 'C:\Program Files\NICE\DCVSessionManagerAgent\conf\dcvsmbroker_ca.pem'
tls_strict = 'false'
# ......

Open a Windows command shell (cmd) as Admin user and execute the following commands to reread the configuration:

sc stop DcvSessionManagerAgentService
sc start DcvSessionManagerAgentService
REM In case of Powershell: 
REM Stop-Service -Name "DcvSessionManagerAgentService"
REM Start-Service -Name "DcvSessionManagerAgentService"

To inspect the logfiles we can have a look at the files in C:\ProgramData\NICE\DcvSessionManagerAgent\log per default. If the agent can connect to the broker on port 8445 by default you should see an output in agent.log similar to this (in case you have turned on debugging):

2020-11-27 13:53:35,429060 DEBUG ThreadId(11) dcvsessionmanageragent::dcv::cli:Executing command Command { std: "C:\\Program Files\\NICE\\DCV\\Server\\bin\\dcv" "list-endpoints", kill_on_drop: false }
2020-11-27 13:53:35,482422 DEBUG ThreadId(11) dcvsessionmanageragent::dcv::cli:Endpoints: EndpointList { endpoints: [Endpoint { ip: None, hostname: None, port: Some(8443), web_url_path: Some("/"), protocol: Some("http") }] }
2020-11-27 13:53:35,484032 DEBUG ThreadId(11) dcvsessionmanageragent::utils:Network interface: Ifv4Addr { ip: 192.168.178.116, netmask: 255.255.255.0, broadcast: Some(192.168.178.255) }
2020-11-27 13:53:35,484075 DEBUG ThreadId(11) dcvsessionmanageragent::dcv::cli:Executing command Command { std: "C:\\Program Files\\NICE\\DCV\\Server\\bin\\dcv" "list-sessions" "--json", kill_on_drop: false }
2020-11-27 13:53:35,527578 DEBUG ThreadId(11) dcvsessionmanageragent::dcv::cli:Session List SessionList { sessions: [Session { id: "console", name: None, owner: "Administrator", x11_display: None, x11_authority: None, num_of_connections: 1, creation_time: Some("1606483351000"), last_disconnection_time: Some("1606483443000"), licensing_mode: Some("demo"), licenses: Some([License { product: "dcv", status: "licensed", check_timestamp: Some("1606485151000") }]), display_layout: Some([DisplayLayout { width: 1920, height: 1080, x: 0, y: 0 }]), storage_root: Some(""), session_type: Some("CONSOLE") }] }
2020-11-27 13:53:35,527862 DEBUG ThreadId(11) dcvsessionmanageragent::tags:Failed to read tags from directory: Cannot find path. (os error 3)
2020-11-27 13:53:35,572258  INFO ThreadId(11) dcvsessionmanageragent::agent:Processing broker message "{\n  \"sessionsUpdateResponse\" : {\n    \"requestId\" : \"bcd3403041fb425cabc868308cf81441\",\n    \"result\" : {\n      \"success\" : true\n    }\n  }\n}"
2020-11-27 13:53:35,572299  INFO ThreadId(11) dcvsessionmanageragent::agent:Received sessions update response

With tags you can categorize your agents and DCV servers. Configure the tagfolder in the agent.conf file e.g. like this:
tags_folder = 'C:\Program Files\NICE\DCVSessionManagerAgent\conf\tags' and create a file tags.txt in that directory configuring the tags with e.g. the content:

gpu = "G4"
dcv_version = "2023.0"
disk = "500"

Using the DCV Session Manager Broker as DCV Authentication Server

To configure the authentication server for DCV so e.g. the user does not have to type the password after requesting a session in EnginFrame Views session management, we can set the following registry settings on Windows (set the pem certificate file, specify the URL to communicate with the Broker, for the port we use the Agent-Broker port with default 8445 and configure not to use strict TLS as the broker certificate is self-signed)

In case of Windows:

New-ItemProperty -Path "Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\security"  -Name ca-file -PropertyType STRING -Value "C:\Program Files\NICE\DCVSessionManagerAgent\conf\dcvsmbroker_ca.pem" -Force
New-ItemProperty -Path "Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\security"  -Name auth-token-verifier -PropertyType STRING -Value "https://broker_ip_or_dns:8445/agent/validate-authentication-token" -Force
New-ItemProperty -Path "Microsoft.PowerShell.Core\Registry::HKEY_USERS\S-1-5-18\Software\GSettings\com\nicesoftware\dcv\security"  -Name no-tls-strict -PropertyType DWORD -Value 1 -Force

In case of Linux in /etc/dcv/dcv.conf in the [security] section at the end of the file:

administrators=["dcvsmagent"]
ca-file="/etc/dcv-session-manager-agent/dcvsmbroker_ca.pem"
auth-token-verifier="https://ip-172-31-4-230:8445/agent/validate-authentication-token"
no-tls-strict=true

The DCV Session Manager is integrated with the EnginFrame Views Session Management Portal. Any questions just let us know.