Yet another blog around EUC and more especially on VMware EUC stuffs
One year ago I posted a feature request for one of my customer who require to deploy Instant Clone VM on many Active Directory domain without Trust Relationship within each other and with the domain used by the Horizon Connection Server, so what was my surprise when I received the Announcing General Availability of Horizon Enterprise 2103 and saw this feature is now available 🙂
What’s New?
In order to deploy Horizon Cloud on Azure, you first need to perform many task on Azure side like creating Virtual Network and so on. This can be done from the Azure portal or you can also use PowerShell to accomplish all tasks…
Before, let me tell you that all the merit for the following script must go to my colleague Roch Norwa and you can find the initial version on his blog here : https://digitalworkspace.blog/2020/04/19/horizon-cloud-on-azure-introduction-and-deployment-automation-script/
I made some slight changes to Roch scripts :
PowerShell and more specifically VMware PowerCLI (who are the PowerShell commands to manage VMware Infrastructure with around 800 cmdlets) are incredible tools who extremely facilitate administrators day to day life…
Now sometime it happens, after an upgrade, that didn’t work any more as expected.
In order to manage Horizon deployment using PowerShell scripts, using PowerCLI is not enough and you need to add the VMware.HV.Helper modules who contains many commands and more especially the New-HVPool one in order to create Horizon pools.
Continue reading…Every Friday we have an informal meeting with peoples from VMware PS: Architect, Sr Consultant and Consultant but also TAM and Project manager as well and today we spoke about the depreciation of IWA with vCenter 7 and so the necessity to move to AD FS for upcoming release :
Deprecation of Integrated Windows Authentication
Integrated Windows Authentication (IWA) is deprecated in vSphere 7.0 and will be removed in a future release. For more information, see VMware Knowledge Base article 78506
So we started to have look about how to move from IWA to AD FS and for this I deployed a brand new vCenter 7 on my own labs as many questions arise : How other applications will deal with this change (I mainly thought to Horizon and App Volumes Manager) but also could we still connect using the local vsphere.local domain. Spoiler : Yes it works for both (external apps and using local account)
Now let see how to configure this 🙂
Continue reading…I had a request from Spanish colleagues about adding static routes to Workspace One Access (in their case it was because of database in a different network).
I first had a look on our internal channel on Slack and find a first way to do it … but with Identity Manager version 3.3. However, when I try to test it in my Home Lab using my on-premise WS1 Access 20.10 it was totally different. vIDM 3.3 is based on Suse Linux when WS1 Access 20.10 is based on Photon 3. After some exchange by mail with my colleagues, they sent me the procedure they used for their deployment… different for the first two !!!
Yes they deployed Workspace One Access 20.01…
Basically both method work with vIDM 3.3 and Workspace One v20.01 as both are running Suse Linux
I’ll not talk about the configuration of AD FS itself but how to create the relying party for both Workspace ONE Access and UAG… spoiler: the configuration is not the same 🙂
So here the common part who consist to the creation of the Relying Party Trusts:
Open you AD FS Manager, select “Relying Party Truts” and with the select “Add Relying Party Trust…“
This tuto will show you how to configure Azure AD as a 3rd party Identity Provider for Workspace One Access.
Note : In my case, the default Azure AD domain is alfadir.onmicrosoft.com but in order to match with my on-premise Active Directory I had to use not the email address or UPN but the “Alternate email”
So the first thing to do is to create a “New Application” in Azure, once logged on Azure Portal as Admin, select “Azure Active Directory“, then on the left pane, select “Enteprise applications” and click “New Application“:
Recently I had to work on a project that imply Shibboleth as IdP (Identity Provider), so you will see below how to configure it in Workspace One Access as a 3rd party IdP.
One of the major issue with Shibboleth (in my case) is it only provides a samAccountName but not a UserPrincipalName (upn), so basically the User name without the domain name (eg. e.monjoin but not e.monjoin@mydomain.dom). It works in many situation excepted in a multi domain configuration where you can potentially have the same username in two different domain and you have a trust relationship between them (eg. e.monjoin@finance.domain.com and e.monjoin@technical.domain.com). In this case WS1 Access will not be able to choose a account you will see the following error :
Ok okkkkkk, I know that could be weird at first sight but I had a request from a customer to assist in the deployment of UAG 3.9 on Hyper-V in a “Dual DMZ” configuration.
The Back End UAG is deployed on vSphere but the the front-end should run on the DMZ hypervisors who are…. Windows 2019 Core / Hyper-V
So when we look at the files required to perform this installation we need to download 2 files :
Recent Comments