Highlighted
Contributor
Contributor

External access to Horizon Desktops via IDM through UAG

Jump to solution

Hi,

I have the following use case:

External users should authenticate to identity manager and when authenticated they can start their Horizon desktops through UAG.

The current setup is the following:

- 3 IDM appliances behind a netscaler in DMZ, with connectors in LAN.

- 2 UAG's behind a netscaler in DMZ.

- Users authenticate to IDM with/without radius based on security group membership.

Is there a way to force users to use identity manager and not directly connecting to the UAG's?

Is this achievable? And how?

1 Solution

Accepted Solutions
Highlighted
Contributor
Contributor

This can be achieved by enabling workspace one mode on the connection servers.

VMware Horizon 7.2 Workspace ONE mode - YouTube

View solution in original post

0 Kudos
5 Replies
Highlighted
Contributor
Contributor

This can be achieved by enabling workspace one mode on the connection servers.

VMware Horizon 7.2 Workspace ONE mode - YouTube

View solution in original post

0 Kudos
Highlighted
Contributor
Contributor

Thank you for your answer. You are right.

I discussed this also with Peter Bjork and it is indeed the way to go.

I tried to avoid having dedicated connection servers with  Workspace One mode enabled, but unfortunately this is not possible (at least when you need to access these connection servers directly with the Horizon client).

0 Kudos
Highlighted
Contributor
Contributor

Hi,

I enabled Worspace ONE mode and I access to IDM trought UAG.

The connection to the desktop does not work, because the horizon client can not find the server from external network. In IDM I have added view connection server and when I login to IDM from internal network I have acces to the desktop, it does not only work from an external network.

How can I access the desktop through IDM from an external network?

0 Kudos
Highlighted
VMware Employee
VMware Employee

VMware Identity Manager do not tunnel the traffic. Horizon must be externally accessible. In VMware Identity Manager you can create network ranges. Each range you specify correct FQDN for clients to use to access Horizon.

Highlighted
Contributor
Contributor

I found and set this up and now works

https://docs.vmware.com/en/VMware-Identity-Manager/3.2/vidm-resource.pdf (page 49)

Thank you for help.

0 Kudos