:::: MENU ::::

Posts Categorized / 9.x

  • Oct 27 / 2022
  • 1
9.x, DaaS, EUC, Horizon, Uncategorized, VMware, Workspace ONE

How to migrate Workspace ONE Connector

Until Horizon DaaS 9.1.2 only Identity Manager connector 19.03.0.1 could be used to access the Virtual Apps Collections however Identity Manager connector 19.03.0.1 has been out of general support since 2022-08-31. As of September 27th Workspace ONE Access connector 22.09 has been released (release notes). This version supports Virtual Apps Collections on Horizon DaaS 9.1.4 (released October 2022). Horizon DaaS 9.1.4 and Workspace ONE Access connector 22.09 will create a supported environment again.

In this post, I will show you the steps on how to migrate from the (legacy) connector 19.03.0.1 to Workspace ONE Access connector 22.09.

Migration steps.

Continue Reading
  • Dec 13 / 2021
  • 0
9.x, DaaS, Uncategorized, VMware

Workaround instructions to address CVE-202144228 in Horizon DaaS 9.0.x and 9.1.x

VMware has released new a critical security advisory, VMSA-2021-0028. This advisory is for multiple VMware products that use the popular open-source log4j Java logging component, which was discovered to have a critical vulnerability in it (CVE-2021-44228)

This needs your immediate attention, not just at the VMware product level, but also for all other software in your environment. The log4j component is used by many vendors and software packages. For more information about the VMware products please visit https://www.vmware.com/security/advisories/VMSA-2021-0028.html

For Horizon DaaS 9.0.x and Horizon DaaS 9.1.x. a workaround is provided in the form of a hotfix. The hotfix should be applied to remediate the CVE-2021-44228.

Continue Reading
  • Jun 29 / 2021
  • 0
9.x, DaaS, EUC, Horizon, vExpert, VMware

Domain-Join account Horizon DaaS 9.x

For Horizon DaaS the Tenant environment needs 2 types of domain service accounts. A domain bind account that is used to perform lookups in your AD domain and a domain join account that is used for joining computer accounts to the domain and performing Sysprep operations.

The domain bind account is rather simpel. Just create a normal user account, provide a password and if the CISO allows you, set the password to never expire.

The domain join account is a little bit different. If you you want to do it quick and dirty you can make the account domain admin and set the password to never expire and you’re done. This however is not recommended. So we need to do delegation of control on the OU where the computer accounts will be created. The following “allow” permissions are needed for Horizon DaaS 9.1 tenants:

Continue Reading