VMware Workspace ONE Community
janhosselaer
Contributor
Contributor
Jump to solution

External access to Horizon Desktops via IDM through UAG

Hi,

I have the following use case:

External users should authenticate to identity manager and when authenticated they can start their Horizon desktops through UAG.

The current setup is the following:

- 3 IDM appliances behind a netscaler in DMZ, with connectors in LAN.

- 2 UAG's behind a netscaler in DMZ.

- Users authenticate to IDM with/without radius based on security group membership.

Is there a way to force users to use identity manager and not directly connecting to the UAG's?

Is this achievable? And how?

1 Solution

Accepted Solutions
ryancostello
Contributor
Contributor
Jump to solution

This can be achieved by enabling workspace one mode on the connection servers.

VMware Horizon 7.2 Workspace ONE mode - YouTube

View solution in original post

Reply
0 Kudos
5 Replies
ryancostello
Contributor
Contributor
Jump to solution

This can be achieved by enabling workspace one mode on the connection servers.

VMware Horizon 7.2 Workspace ONE mode - YouTube

Reply
0 Kudos
janhosselaer
Contributor
Contributor
Jump to solution

Thank you for your answer. You are right.

I discussed this also with Peter Bjork and it is indeed the way to go.

I tried to avoid having dedicated connection servers with  Workspace One mode enabled, but unfortunately this is not possible (at least when you need to access these connection servers directly with the Horizon client).

Reply
0 Kudos
ggovek
Enthusiast
Enthusiast
Jump to solution

Hi,

I enabled Worspace ONE mode and I access to IDM trought UAG.

The connection to the desktop does not work, because the horizon client can not find the server from external network. In IDM I have added view connection server and when I login to IDM from internal network I have acces to the desktop, it does not only work from an external network.

How can I access the desktop through IDM from an external network?

Reply
0 Kudos
pbjork
VMware Employee
VMware Employee
Jump to solution

VMware Identity Manager do not tunnel the traffic. Horizon must be externally accessible. In VMware Identity Manager you can create network ranges. Each range you specify correct FQDN for clients to use to access Horizon.

ggovek
Enthusiast
Enthusiast
Jump to solution

I found and set this up and now works

https://docs.vmware.com/en/VMware-Identity-Manager/3.2/vidm-resource.pdf (page 49)

Thank you for help.

Reply
0 Kudos