Eric Monjoin
Staff Consulting Architect but also pilot, spending time in front of my computer or flying in the air...

Lets talk about End User Computing Because we worth it ...

PowerShell

PowerCLI and VMware Horizon.. error BaseImageVM_List

March 4, 2021

PowerShell and more specifically VMware PowerCLI (who are the PowerShell commands to manage VMware Infrastructure with around 800 cmdlets) are incredible tools who extremely facilitate administrators day to day life…

Now sometime it happens, after an upgrade, that didn’t work any more as expected.

In order to manage Horizon deployment using PowerShell scripts, using PowerCLI is not enough and you need to add the VMware.HV.Helper modules who contains many commands and more especially the New-HVPool one in order to create Horizon pools.

Continue reading…
vSphere

vCenter 7 – Depreciation of IWA…

January 30, 2021

Every Friday we have an informal meeting with peoples from VMware PS: Architect, Sr Consultant and Consultant but also TAM and Project manager as well and today we spoke about the depreciation of IWA with vCenter 7 and so the necessity to move to AD FS for upcoming release :

Deprecation of Integrated Windows Authentication

Integrated Windows Authentication (IWA) is deprecated in vSphere 7.0 and will be removed in a future release. For more information, see VMware Knowledge Base article 78506

So we started to have look about how to move from IWA to AD FS and for this I deployed a brand new vCenter 7 on my own labs as many questions arise : How other applications will deal with this change (I mainly thought to Horizon and App Volumes Manager) but also could we still connect using the local vsphere.local domain. Spoiler : Yes it works for both (external apps and using local account)

Now let see how to configure this 🙂

Continue reading…
Workspace One Access (Aka Identity Manager)

Adding Static Route to WS1 Access

January 21, 2021

I had a request from Spanish colleagues about adding static routes to Workspace One Access (in their case it was because of database in a different network).

I first had a look on our internal channel on Slack and find a first way to do it … but with Identity Manager version 3.3. However, when I try to test it in my Home Lab using my on-premise WS1 Access 20.10 it was totally different. vIDM 3.3 is based on Suse Linux when WS1 Access 20.10 is based on Photon 3. After some exchange by mail with my colleagues, they sent me the procedure they used for their deployment… different for the first two !!!
Yes they deployed Workspace One Access 20.01…

Basically both method work with vIDM 3.3 and Workspace One v20.01 as both are running Suse Linux

Workspace One Access (Aka Identity Manager)

AD FS as IdP for Workspace ONE Access and UAG

December 11, 2020

I’ll not talk about the configuration of AD FS itself but how to create the relying party for both Workspace ONE Access and UAG… spoiler: the configuration is not the same 🙂

So here the common part who consist to the creation of the Relying Party Trusts:

Open you AD FS Manager, select “Relying Party Truts” and with the select “Add Relying Party Trust…

Workspace One Access (Aka Identity Manager)

Azure AD as IdP for Workspace One Access

December 11, 2020

This tuto will show you how to configure Azure AD as a 3rd party Identity Provider for Workspace One Access.

Note : In my case, the default Azure AD domain is alfadir.onmicrosoft.com but in order to match with my on-premise Active Directory I had to use not the email address or UPN but the “Alternate email”

So the first thing to do is to create a “New Application” in Azure, once logged on Azure Portal as Admin, select “Azure Active Directory“, then on the left pane, select “Enteprise applications” and click “New Application“:

Workspace One Access (Aka Identity Manager)

Shibboleth as IdP for Workspace ONE Access

December 4, 2020

Recently I had to work on a project that imply Shibboleth as IdP (Identity Provider), so you will see below how to configure it in Workspace One Access as a 3rd party IdP.

One of the major issue with Shibboleth (in my case) is it only provides a samAccountName but not a UserPrincipalName (upn), so basically the User name without the domain name (eg. e.monjoin but not e.monjoin@mydomain.dom). It works in many situation excepted in a multi domain configuration where you can potentially have the same username in two different domain and you have a trust relationship between them (eg. e.monjoin@finance.domain.com and e.monjoin@technical.domain.com). In this case WS1 Access will not be able to choose a account you will see the following error :

Unified Access Gateway

Running VMware Unified Access Gateway on Hyper-V

April 28, 2020

Ok okkkkkk, I know that could be weird at first sight but I had a request from a customer to assist in the deployment of UAG 3.9 on Hyper-V in a “Dual DMZ” configuration.

The Back End UAG is deployed on vSphere but the the front-end should run on the DMZ hypervisors who are…. Windows 2019 Core / Hyper-V

So when we look at the files required to perform this installation we need to download 2 files :

  • Unifed Access Gateway (UAG) 3.9 PowerShell scripts to get all scripts to deploy the appliance
  • Unifed Access Gateway (UAG) 3.9 for Microsoft Azure to have .vhd file so Hyper-V disk format file.
App Volumes

App Volumes, load balancer health check

April 17, 2020

I recently had an issue with one of my App Volumes server: even if my server was down in an App Volumes point of view (connection lost the database), my Kemp load balancer see it up and running because: the web interface was up and favicon.ico was also available.

The template for App Volumes (part of Horizon 7 Template) is, in my opinion not complete and it missed the right way to configure health check

So the right way to configure load balancer ‘s health check is the following :

For Kemp :