In my previous post, I showed my struggles with installing ESXi on the NUC I got from Cohesity and the vExpert program. In this post, I will show you what I have been up to since then.Continue Reading
In the previous versions of Horizon DaaS, you had to change DNS via the interfaces file and the resolv.conf file. Since VMware upgraded the OS of the Horizon DaaS appliances to Ubuntu 18.04 LTS these changes must be done via netplan. Below I will explain how to use netplan.Continue Reading
I recently created a test/development environment for Workspace ONE UEM, Access, and Horizon Cloud (Next-Gen). The goal was to develop Zero Day onboarding. For Zero Day onboarding, an AD group is needed; therefore, I tried to install a Workspace ONE Connector server on Azure resources.
Because the environment is for testing and development I didn’t need a server that was according to VMware’s sizing guidelines for connector servers. See hardware requirements.
I choose a Standard B2s (2 vCPUs, 4 GiB memory) from the Azure marketplace and started the installation. The same steps were used for the installation as shown in How to migrate Workspace ONE Connector.Continue Reading
Until Horizon DaaS 9.1.2 only Identity Manager connector 19.03.0.1 could be used to access the Virtual Apps Collections however Identity Manager connector 19.03.0.1 has been out of general support since 2022-08-31. As of September 27th Workspace ONE Access connector 22.09 has been released (release notes). This version supports Virtual Apps Collections on Horizon DaaS 9.1.4 (released October 2022). Horizon DaaS 9.1.4 and Workspace ONE Access connector 22.09 will create a supported environment again.
In this post, I will show you the steps on how to migrate from the (legacy) connector 19.03.0.1 to Workspace ONE Access connector 22.09.
- Reset Connector Selection
- Install 22.09 Connector(s)
- Migrate directories
- Migrate Virtual Apps Collections
- Complete Migration
Vmware Verify is a multi-factor authentication (MFA) service that allows verification using 3 methods, Push approval with OneTouch notification, Time-based One Time Password, and text messages. VMware Verify was easy to integrate with VMware Workspace ONE Access to create a multifactor authentication.
End of life
VMware Verify will reach end-of-support (EoS) and end-of-availability date (EoA) on October 31st, 2022. The mobile application will be removed from the App Store and Play Store on this date. Current users will also be unable to use the application for any second-factor authentication.Continue Reading
VMware has released new a critical security advisory, VMSA-2021-0028. This advisory is for multiple VMware products that use the popular open-source log4j Java logging component, which was discovered to have a critical vulnerability in it (CVE-2021-44228)
This needs your immediate attention, not just at the VMware product level, but also for all other software in your environment. The log4j component is used by many vendors and software packages. For more information about the VMware products please visit https://www.vmware.com/security/advisories/VMSA-2021-0028.html
For Horizon DaaS 9.0.x and Horizon DaaS 9.1.x. a workaround is provided in the form of a hotfix. The hotfix should be applied to remediate the CVE-2021-44228.Continue Reading
Unified Access Gateway for end-user computing products and services needs high availability for Workspace ONE and VMware Horizon on-prem deployments. Unified Access Gateway appliances work with standard third-party load balancing solutions that are configured for HTTPS and also has an out-of-the-box High Availability solution. The out-of-the-box HA solution will reduce complexity and lower your TCO but it comes with the following limitations.
- IPv4 is supported for floating Virtual IP address. IPv6 is not supported.
- Only TCP high availability is supported.
- UDP high availability is not supported.
- With the VMware Horizon use case, only XML API traffic to Horizon Connection Server uses high availability. High availability is not used to distribute load for the protocol (display) traffic such as Blast, PCoIP, RDP. Therefore, the individual IP addresses of Unified Access Gateway nodes must also be accessible to VMware Horizon clients in addition to the Virtual IP address.
To overcome some of the limitations you can use NSX-T Data Center logical load balancer as a load balancing solution in front of the UAG’s.
In this blog post, I would like to show you how to configure a load balancer for UAG’s in NSX-T in front of a Horizon environment.Continue Reading
For Horizon DaaS the Tenant environment needs 2 types of domain service accounts. A domain bind account that is used to perform lookups in your AD domain and a domain join account that is used for joining computer accounts to the domain and performing Sysprep operations.
The domain bind account is rather simpel. Just create a normal user account, provide a password and if the CISO allows you, set the password to never expire.
The domain join account is a little bit different. If you you want to do it quick and dirty you can make the account domain admin and set the password to never expire and you’re done. This however is not recommended. So we need to do delegation of control on the OU where the computer accounts will be created. The following “allow” permissions are needed for Horizon DaaS 9.1 tenants:Continue Reading
With the release of Horizon DaaS 9, VMware introduced two new appliances the Horizon Version Manager (HVM) and the Horizon Air Link (HAL). The HVM is the automation appliance, based on Rundeck automation. The HAL is the resource manager for the management appliances. With the release of a new version of Horizon DaaS 9, these two appliances must be replaced if a new version is available. Because VMware is always innovating they are adding new features, scripts, and codebases to every new version it would be advised that if you are in the process of installing a new version of Horizon DaaS to make sure you are using the correct version. Check if an updated version of the HVM and HAL is available at my VMware.
Below I will explain how to replace the appliances and assign it to the Horizon DaaS environment.Continue Reading