VMware Horizon Community
whopke69
Contributor
Contributor
Jump to solution

Vmware view Radius extern, not intern

hi,

a question

we want to setup horizon view with 2 factor auth. thru radius

in a test it works already for al the clients , but if we want it to work in the production, we want to separate intern and extern users .

is it possible ( if yes, howto ) to make it for extern use only ? 

sow intern users have not to use  the 2 factor auth.  but extern user do have

specs:

vmware horizon 6.2.0 build-3005368

sercurity server -- connection server (2 x ) -- composer server

1 Solution

Accepted Solutions
Linjo
Leadership
Leadership
Jump to solution

Yes its possible but you need to have another pair of connection brokers since this setting is per connection broker.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

3 Replies
Linjo
Leadership
Leadership
Jump to solution

Yes its possible but you need to have another pair of connection brokers since this setting is per connection broker.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".
kermic
Expert
Expert
Jump to solution

To expand Linjo's answer a bit:

Whether 2'nd authentication factor should be used is a connection server's property and applies to all sessions passing through this connection server.

To achieve your goal you would need to make sure that internal and external connections use different Connection Servers. The connection servers that are paired up with Security Servers have RADIUS enabled and the Connection Servers intended to serve internal / LAN sessions only (not paired with any Security Servers) have RADIUS disabled. And then make sure that whenever user starts a session from internal network, the request is sent to the "internal" CS.

Hope this helps.

BenFB
Virtuoso
Virtuoso
Jump to solution

Depending on your RADIUS server you might be able to bypass certain users. If it needs to be enforced externally for all users and bypassed internally for all users you will need to deploy separate connection server(s).

See my response to a similar question.

Is 2 Factor at the Pool Level Possible in VDI?

If you aren't aware Horizon View 6.x went end of general support on 2019/06/19. You need to move to 7.x as soon as possible to maintain support and get access to security/bug fixes and new features.

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/pdf/support/product-lifecycle-matrix.p...

Edit: This showed up as having recent activity.

Reply
0 Kudos