Allow specific clients to connect

john_its · ‎12-17-2018

Hello,

We want to allow some users to connect to our existing Horizon VDIs while outside the company.

The difficult part is that we want to configure somehow, so you cannot simply download the VMware Horizon Client and connect to our UAG/Horizon, but rather have some kind of check to see if other apps are running or something similar , so we can be able to not allow the user to have, lets say snipping tool open, while connecting to our environment.

Is there a way to do this?

Thank you

techguy129 · ‎12-18-2018

You are looking for some type of endpoint compliance check. See this article.

Endpoint Compliance Checks for Horizon

For restricting apps to some users you can (without compliance check) setup a pair of connections for external use (using tagging) and publish apps/desktops with entitlements to just those users.

I think your best fit would to use some 3rd party VPN solution with compliance checks. Once VPN, those users can access the connection servers for their applications.

BenFB · ‎12-18-2018

I came here to echo what techguy129 said. Be aware that starting with UAG 3.4 you now need a Horizon Enterprise license for Endpoint Compliance Checks.

What's New Unified Access Gateway 3 4 - YouTube

I know that F5 APM and products from other vendors offer endpoint compliance functionality but they come at a cost. At some point if you are allowing your users to have remote access you need to have the appropriate agreements in place and trust them.

john_its · ‎01-03-2019

Thanks, techguy129

I will take a look at it and sign up for a trial.

Do you happen to use it?