:::: MENU ::::

Posts Tagged / vexpert

  • Sep 07 / 2021
  • 0
Logo
NSX-T, VMware

Load Balancing UAG’s with NSX-T

Unified Access Gateway for end-user computing products and services needs high availability for Workspace ONE and VMware Horizon on-prem deployments. Unified Access Gateway appliances work with standard third-party load balancing solutions that are configured for HTTPS and also has an out-of-the-box High Availability solution. The out-of-the-box HA solution will reduce complexity and lower your TCO but it comes with the following limitations.

  • IPv4 is supported for floating Virtual IP address. IPv6 is not supported. 
  • Only TCP high availability is supported. 
  • UDP high availability is not supported. 
  • With the VMware Horizon use case, only XML API traffic to Horizon Connection Server uses high availability. High availability is not used to distribute load for the protocol (display) traffic such as Blast, PCoIP, RDP. Therefore, the individual IP addresses of Unified Access Gateway nodes must also be accessible to VMware Horizon clients in addition to the Virtual IP address.

To overcome some of the limitations you can use NSX-T Data Center logical load balancer as a load balancing solution in front of the UAG’s.

In this blog post, I would like to show you how to configure a load balancer for UAG’s in NSX-T in front of a Horizon environment.

Continue Reading
  • Jun 29 / 2021
  • 0
9.x, DaaS, EUC, Horizon, vExpert, VMware

Domain-Join account Horizon DaaS 9.x

For Horizon DaaS the Tenant environment needs 2 types of domain service accounts. A domain bind account that is used to perform lookups in your AD domain and a domain join account that is used for joining computer accounts to the domain and performing Sysprep operations.

The domain bind account is rather simpel. Just create a normal user account, provide a password and if the CISO allows you, set the password to never expire.

The domain join account is a little bit different. If you you want to do it quick and dirty you can make the account domain admin and set the password to never expire and you’re done. This however is not recommended. So we need to do delegation of control on the OU where the computer accounts will be created. The following “allow” permissions are needed for Horizon DaaS 9.1 tenants:

Continue Reading
  • May 27 / 2020
  • 0
Verify, VMware, Workspace ONE

Adding VMware Verify to VMware Workspace ONE Access

My colleague Arno Meijroos wrote a nice blog on “How to integrate Horizon DaaS 9.0 with Workspace ONE Access“. In extent on his blog, I want to explain how to add Vmware Verify for two-factor authentication (2FA).

VMware Verify

You can use the Verify app to secure login to VMware Workspace ONE and other apps. The Verify app is available for iOS, Android, and Chrome. It uses modern mobile push tokens, where users get a push notification on their mobile device that they can simply accept or deny. When the user’s device does not have cellular reception, such as in airplane mode when traveling, the user can open the Verify app and use a one-time passcode (aka soft token). Also a one-time passcode via SMS is available.

Continue Reading