Hi,
we have installed a multi-tentant installation of vmware view (horizon version 5.2) for multiple customers.
we have connected all domains with a trust to our root cloud domain.
is it possible to disable the domain selection on the view client login screen???
thats very bad because everyone who wants to login can look on the domain selection and could see all domains (and so all other customers who are on the cloud)
Is there a possiblity to disable this selection??
best regards,
bernd
Yes, you do that on the connection broker with the vdmadmin-command:
Here are some examples:
Add the domain FARDOM to the search exclusion list for the View Connection Server instance csvr1.
vdmadmin -N -domains -search -domain FARDOM -add -s csvr1
Add the domain NEARDOM to the exclusion list for a View Connection Server group.
vdmadmin -N -domains -exclude -domain NEARDOM -add
Display the domain search configuration on both View Connection Server instances in the group, and for the group.
C:\ vdmadmin -N -domains -list Domain Configuration ==================== Cluster Settings Include: Exclude: Search : FARDOM DEPTX Broker Settings: CONSVR-1 Include: (*)Exclude: YOURDOM Search : Broker Settings: CONSVR-2 Include: Exclude: Search :
View Manager limits the domain search on each View Connection Server host in the group to exclude the domains FARDOM and DEPTX. The characters (*) next to the exclusion list for CONSVR-1 indicates that View Manager excludes the YOURDOM domain from the results of the domain search on CONSVR-1.
Display the domain filters in XML using ASCII characters.
vdmadmin -N -domains -list -xml -n
Display the domains that are available to View Manager on the local View Connection Server instance.
C:\ vdmadmin -N -domains -list -active Domain Information (CONSVR) =========================== Primary Domain: MYDOM Domain: MYDOM DNS:mydom.mycorp.com Domain: YOURDOM DNS:yourdom.mycorp.com Domain: FARDOM DNS:fardom.mycorp.com Domain: DEPTX DNS:deptx.mycorp.com Domain: DEPTY DNS:depty.mycorp.com Domain: DEPTZ DNS:deptz.mycorp.com
Display the available domains in XML using ASCII characters.
vdmadmin -N -domains -list -active -xml -n
Remove the domain NEARDOM from the exclusion list for a View Connection Server group.
vdmadmin -N -domains -exclude -domain NEARDOM -remove
Remove all domains from the inclusion list for the View Connection Server instance csvr1.
vdmadmin -N -domains -include -removeall -s csvr1
hi,
thanks for the fast reply.
is it, after that, possible to log in with a user of the excluded domain?!
i want to login with users of the customer domain but i dont want that the domain is displayed in the client login screen...
i think there should be a option like "DOMAIN \username" or "username@DOMAIN" in the username-field and do not display the domain-selection field...
best regards...
could anybody help me?!
is it possible to login with a user of an excluded domain?!
Did you found any solution for this case? I am facing the same challenge to hide customers domain name but allow them to login with a multi tenant environment.
I'm currently on leave, I will read my mail when I'm back February 2. 2015
Øystein Bøhler
This post is old, but I will answer anyway - I found this post via Google and would have been happy to find the answer. Took me five minutes to test it out: YES you can login to excluded domains with user@domain.
Correct. But you have to configure everything before adding the domain to the exclusion list. Otherwise you are not able to select the OU for the VDI's in the child domain. (because of the pull-down menu's) make it a combo box would resolve this problem.
The steps are:
Log in is succesful with single sign-on to the VDI located in the Child domain
Regards
Ok I see. But the exclusion is per Connection Server. So I could use one CS without exclusion where I would be able to select the Domains when creating pools, right?
edit: I checked this and it doens't work. No matter on which server you use the web interface, the domain is invisible.
Yes i think that is possible. I made the exclusion per Connection server group because i don't want to waste a connection server.
I see i made a mistake in my earlier comment. What i meant is when removing the child before creating the pool you are not able to entitle AD group form child because of the pull-down menu.
In the OU selection you can enter a OU manually so that is working, same for the Composer account. I think when using CLI to create the VDI pool you can leave the child in the exclusion. Will test that later on. I have also asked VMware if this is a supported way to do.
edit. TI think you have edited per connection server group instead of per Connection server?
Regards.
Ah now I got your point regarding the entitltement.
Yes maybe I did it per group. Will check that out tomorrow. Enough for today