Workspace One Cloud Deployment For On Premises Horizon Access

This is a collection of resources that illustrate the setup of a Workspace One cloud deployment for enhanced access to an on premises Horizon environment.  To begin with,  there's links to posts I've recently put together on deploying SaaS instances of Workspace One UEM (AirWatch) and vIDM. Then, there's some of my favorite graphics on the subject, along with some commentary.  Finally, I've embedded some youtube videos that demonstrate access to this type of environment. 

Posts On Workspace One SaaS For On Premises Horizon


General Deployment:
     Workspace One UEM (AirWatch) Integration with AD
     vIDM Integration With AD
     vIDM Integration With On Premises RADIUS


Horizon Integration:
     vIDM Integration With On Premises Horizon
     Workspace One And Mobile SSO For iOS
     Conditional Access Based On Device Compliance




Workspace One SaaS And Horizon


Below, you have cloud based tenants of vIDM and Workspace One UEM (AirWatch) and an on premise instance of Horizon.   AD information from the on premise environment is provided to vIDM and AirWatch through there respective connectors that are installed on premise.   While AD integration is a key component of these connectors, they also enable integration with on premise services like email, certificate authorities, RADIUS and Horizon.  In the image below, the vIDM connector is used to integrate with AD, RADIUS and Horizon. 



VMware Identity Manager Connector


Directly below is a wonderful graphic illustrating the functionality of a VMware Identity Manager Connector.   While integration with AD is one of it's primary roles, it allows for integration with on premise Horizon and Citrix environments.   Further, it can be utilized for integrations with RSA and RADIUS solutions. 




AirWatch Cloud Connector 


Similar to the vIDM Connector, the primary function of the AirWatch Cloud Connector is integration with on premises AD environments.   However, just as with the vIDM Connector, it assists with integration of other on premises solutions like certificate authorities or email. 




Unified Access Gateway


While the connectors discussed so far play key roles in the back end integration of on premisses servers, UAG plays a critical role in providing access to on premises services from external endpoint devices.   On it's initial release, UAG was focused on proxying connections to on premises Horizon environments for external devices.  Over the years that functionality has expanded to include support for AirWatch services like Per-App VPN and Content Locker.  Recently, it's developed advanced reverse proxy capabilities, including identity bridging.




Demo Videos


Here's a demo of conditional access based on device compliance when accessing a horizon desktop.  



Here's a demo that illustrates access from the both Intelligent Hub and older Workspace One App.   




No comments:

Post a Comment