Tag: VMware

VMware related material.

Posted on

Real World Use of VMware Bundle Transfer Utility

Overview

I work in a lot of air-gapped networks and unfortunately, that comes with an extra level of effort for nearly every task. In the world of VMware Cloud Foundation (VCF), SDDC Manager is used to perform a lot of the maintenance tasks through Lifecycle Manager. When it comes times to perform upgrades, however, not having direct access to the Internet requires use of the Bundle Transfer Utility. More information about this utility can be found in the VMware Documentation.

Continue reading “Real World Use of VMware Bundle Transfer Utility”
Posted on

Configuring Smart Card | Common Access Card (CAC) | Personal Identity Verification (PIV) in VMware vSphere and VMware Horizon

Overview

I use a YubiKey 5Ci (by Yubico) in my lab. This allows me to log in with a smart card interface. If you are looking for information on how to configure smart card access in your lab, please reference the following post: MyLab: Smart Card Authentication

Continue reading “Configuring Smart Card | Common Access Card (CAC) | Personal Identity Verification (PIV) in VMware vSphere and VMware Horizon”
Posted on

MyLab: Configuring VMware Horizon on Unified Access Gateway (UAG)

Overview

This post will document how to configure VMware Horizon on Unified Access Gateway (UAG). To get this working the first time, ensure the following appliances are configured. A Unified Access Gateway should already be deployed and configured. Reference the link for more information on how to:
* Log into the Appliance Settings
* Configure NTP servers
* Configure TLS settings (Admin and Internet interfaces)
* Configure a SAML Identity Provider (IdP)
* Configure High Availability Settings (if required)
* Configure network settings.

The other technology that should already be configured are the VMware Horizon Connection servers. It is ideal to have separate Horizon Connection servers for internal and external endpoints. The configurations for these servers are different when dealing with tunnels and secure gateways. Ensure the Horizon Connection servers have TLS certificates configured.

Continue reading “MyLab: Configuring VMware Horizon on Unified Access Gateway (UAG)”
Posted on

MyLab: Automated Instant-Clone Farm (VMware Horizon)

Introduction

This post will discuss the initial setup and configuration for an Automated Instant-Clone Farm for use with VMware Horizon. I am going to use this farm to publish applications and connect them into Workspace ONE Access (WS1 Access). Workspace ONE Access is not required for this technology, but can be leveraged. In this example, I am also going to leverage VMware App Volumes instead of installing the applications directly on the server.

Basically, after installing the Remote Desktop Services Role, we will restrict users to a single session through a local group policy, install the VMware Horizon Agent, install the VMware App Volumes Agent, and finally run the VMware Operating System Optimization Tool (OSOT). Once complete, the virtual machine can be shut down, a snapshot can be taken, and then a Farm can be established in the VMware Horizon Console.

Continue reading “MyLab: Automated Instant-Clone Farm (VMware Horizon)”
Posted on

MyLab: Workspace ONE Access (post v2)

Preparing to Deploy the VMware Workspace ONE Access Appliance

Preparation tasks include the following:

  • Download the VMware Workspace ONE Access OVA file (customerconnect.vmware.com)
  • Create DNS records (forward (A) and reverse lookup (PTR) records are required)
  • Obtain IP addresses
  • Create the Workspace ONE Access Service Database (either using Windows Authentication Mode or Local SQL Server Authentication) — Explained later in this post
  • Change SQL Server Database Auto Growth Settings for Workspace ONE Access — Explained later in this post
Continue reading “MyLab: Workspace ONE Access (post v2)”
Posted on

MyLab: VMware Horizon True SSO

An Enterprise Certificate Authority needs to be accessible. Certificates are a big part of True SSO. There are going to be short term certificates that will be issued. True SSO will require the following servers and services:

  • A deployed and configured Workspace ONE Access appliance
  • A configured Workspace ONE Access connector with the VMware Virtual App Sync service configured
  • A synced Virtual Apps Collection in Workspace ONE Access
  • An Enterprise Certificate Authority
  • Smart Cards authentication configured in Active Directory
  • VMware Horizon Connection Server
  • VMware Horizon Enrollment Server
  • VMware Workspace ONE Access appliance
  • VMware Workspace ONE Access Connector

Familiarity with the command line is helpful, but not necessary as well.

Continue reading “MyLab: VMware Horizon True SSO”