This is part 1 of a 7 part series that details an integration between cloud based vIDM, cloud based AirWatch and a traditional Horizon on premise deployment. The ultimate aim is to simplify and secure mobile access for Horizon users with features like a unified access portal, automated device configuration, SSO and conditional access based on device compliance.
SaaS instances of vIDM and AirWatch integrate with a customers environment through the deployment of special connectors on premise. System requirements for these connectors are negligible, and more importantly, their network requirements are incredibly simple. To communicate with SaaS instances of AirWatch and vIDM, connectors only need 443 outbound access to them. So, typically, they can communicate with these cloud environments without any firewall changes. For display protocol connectivity to the Horizon environment, Unified Access Gateway (UAG) is used to proxy connections from the outside world to the internal instance of Horizon.
Getting It Done
I've created 6 separate posts that detail the process for integrating traditional on premises Horizon deployments with cloud instances of AirWatch and vIDM. With the SaaS instances already provisioned and prerequisites lined up properly, you could get these procedures completed in an afternoon. Here are the different procedures in the order I would recommend their execution:
Integrating A Cloud Instance Of Workspace One UEM (AirWatch) With Active Directory
Integrating A Cloud Instance Of VMware Identity Manager With Active Directory
Integrating A Cloud Instance Of VMware Identity Manager With On Premise Horizon
Integrating Cloud Instances Of Workspace One UEM (AirWatch) And VMware Identity Manager
Configuring Mobile SSO For iOS In Workspace One UEM (AirWatch)
Securing Access To Horizon Through AirWatch Based Device Compliance
The deployment detailed in these posts uses Horizon 7.5, the September 2018 release of VMware Identity Manger Cloud and Workspace One UEM 1810. Through the use of connectors we're able to integrate both the Workspace One UEM (AirWatch) and vIDM SaaS instances with on premise environments. For Workspace One UEM, we'll use the AirWatch Cloud Connector for AD integration. For vIDM, were going to use the vIDM connector for integration with both AD and Horizon on premises environment. After completing the deployment and configuration of the 2 connectors, we'll integrate the vIDM and AirWatch environments by populating vIDM with API keys and certificates for the AirWatch tenant. Then we'll enable features like the unified app catalog and device compliance. To get started, proceed with this first recipe, Integrating A Cloud Instance Of Workspace One UEM (AirWatch) With Active Directory.