40 | | * HLK client need to be physical computers, not virtualized (unverified) |
| 40 | * HLK client need to be physical computers, not virtualized (unverified) |
| 41 | |
| 42 | For HLK software installation please refer to the official MS documentation, check out [https://github.com/Puppet-Finland/puppet-hlk/ puppet-hlk] or try out the [https://docs.microsoft.com/en-us/windows-hardware/test/hlk/getstarted/getstarted-vhlk Windows Virtual Hardware Lab Kit]. |
| 43 | |
| 44 | = Preparing for test-signed drivers = |
| 45 | |
| 46 | Installation of HLK client software automatically enables test signing mode in Windows. Tap-windows6 build system supports test-signing the driver automatically. You need to put the automatically generated test certificate to the Windows certificate store on the HLK clients. After that you can install the test-signed driver without signature errors. |
| 47 | |
| 48 | = Firewall rules for HLK server and clients = |
| 49 | |
| 50 | Installing HLK software automatically opens ports in the Windows firewall for HLK traffic. In case HLK controller and HLK clients are not in the same switch some firewall (e.g. EC2 security group rules) might block HLK traffic. Here is a reference for the ports which need to be open for HLK tests to work: |
| 51 | |
| 52 | * HLK clients -> OpenVPN server udp/1194 |
| 53 | * HLK clients -> HLK controller tcp/1771 (HLK Server Receiver Port) |
| 54 | * HLK clients -> HLK controller tcp/1782 (HLKSvc Receiver Port) |
| 55 | * HLK clients -> HLK controller tcp/445 (HLKInstall Samba share) |
| 56 | * HLK controller -> HLK clients tcp/1771 (HLK Server Receiver Port) |
| 57 | |
| 58 | Outbound traffic is assumed to be unrestricted. If not, adjust egress rules accordingly. Also note that IPv6 traffic needs to flow properly in the OpenVPN virtual network as HLK tests require IPv6. |