My environment is using Horizon Connection server 7.10 and UAG 3.7. Each user is delegated a VD and connect using Horizon Client 4.5.3. Blast protocol used.
For some specific users, we have to restrict their login from corporate device.
I can gather the client information from VD registry. How can I make use of these to restrict the access, may be by UAG or UEM policy, etc?
- Client IP address
- Network / Wireless Adapter MAC address
- Client computer name
- Client computer login ID
You can achieve all these using DEM conditions:
Those parameters can added into condition set. In Smart policies, the settings are only allow/disallow Drag&Drop, Printing, client drive/USB redirection.
But how to take action for restricting / disallowing access to VD when the user login using unauthorized machine (e.g. client computer name mismatch) Thanks,
There is no such default settings in View/DEM to restrict complete VDI access from a specified client IP. You can may be restrict it at the external firewall level using network ACL to block access from a specified set of client IP address.
In another way, does UAG support client certification authentication?
Did you figure this out? i am also trying to prevent access from any device but the device we provide the user. which currently the users that have remote access can connect from ANY device.. not just company provided devices.
Hello
You could think of integrating the UAG with Azure AD and configuring conditional access and eventually enabling the MFA. If you want some details I can give it to you.
Bye Fabio
Hi,
I'm also trying to find solution to prevent access from any device (home PC) and allow remote VDI users to access Horizon only from Tera2 Zero Clients (not Win based client) through a UAG. The Device Certificate authentication could be the solution, but we already use RADIUS as Azure MFA (which is mandatory). But both x509 and Radius authentication are not supported by UAG.
@fabio1975maybe there is an option to manage with Azure AD conditional access era2 Zero Client as well?
Maybe anyone has other recommendations on how to implement this?
Ciao @tsajauka
I work with horizon infrastructures that used Tera2 (Teradici PCoIP) Thin Client, but only one I try to use MFA without success, and I find this Teradici KB.
To use Azure conditional access I suppose we need to use SAML to dialogue to UAG, and Tera2 Thin Client I remember it does not support SAML.
@fabio1975 could you point to mentioned Teradici KB