Solved: View Horizon 7 & RSA

agough · ‎11-01-2016

Hi there, i'm designing the architecture for our new smallish scale Horizon deployment that has the requirement for external access using 2FA and RSA tokens. I've had a Horizon 6.2 pod running for a while, and we use 2 Security servers and 4 Connection servers to facilitate access. 2 Connection servers have RSA enabled, and are paired with the Security servers, then the 2 others have RSA off for internal users.

Reading the reference architecture, it went into the new(ish) Access Point appliance that doesn't require pairing with connection servers, so how does this work from an RSA perspective. Does the RSA move to the Access Point in this architecture, or do you still have to tie down to given Connection servers to allow RSA for external connections only?

Hope the Q makes sense

alienjoker · ‎11-01-2016

Hi there,

It's pretty straight forward, the access points authenticate directly with the RSA Securid servers so the 2FA takes place exclusively in the DMZ (assuming that's where you site the access points). There is no longer a requirement to configure the Connection servers to handle the RSA authentication so you can use the same Connection servers for both internal and external connectivity.

I would strongly recommend you take a read of Mark Bensons deployment guide as currently the Powershell method of deployment is the only supported method of deploying the access points with the RSA options you will require.

Using PowerShell to Deploy VMware Access Point

Best of luck

Andrew

View solution in original post

alienjoker · ‎11-01-2016