hi,
a question
we want to setup horizon view with 2 factor auth. thru radius
in a test it works already for al the clients , but if we want it to work in the production, we want to separate intern and extern users .
is it possible ( if yes, howto ) to make it for extern use only ?
sow intern users have not to use the 2 factor auth. but extern user do have
specs:
vmware horizon 6.2.0 build-3005368
sercurity server -- connection server (2 x ) -- composer server
Yes its possible but you need to have another pair of connection brokers since this setting is per connection broker.
// Linjo
Yes its possible but you need to have another pair of connection brokers since this setting is per connection broker.
// Linjo
To expand Linjo's answer a bit:
Whether 2'nd authentication factor should be used is a connection server's property and applies to all sessions passing through this connection server.
To achieve your goal you would need to make sure that internal and external connections use different Connection Servers. The connection servers that are paired up with Security Servers have RADIUS enabled and the Connection Servers intended to serve internal / LAN sessions only (not paired with any Security Servers) have RADIUS disabled. And then make sure that whenever user starts a session from internal network, the request is sent to the "internal" CS.
Hope this helps.
Depending on your RADIUS server you might be able to bypass certain users. If it needs to be enforced externally for all users and bypassed internally for all users you will need to deploy separate connection server(s).
See my response to a similar question.
Is 2 Factor at the Pool Level Possible in VDI?
If you aren't aware Horizon View 6.x went end of general support on 2019/06/19. You need to move to 7.x as soon as possible to maintain support and get access to security/bug fixes and new features.
Edit: This showed up as having recent activity.