VMware Horizon authentication using AzureAD (with multifactor) – Part 5: TrueSSO Setup

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup TrueSSO setup We are almost there! So far we have created our sub-CAs, setup certificate templates, installed the enrollment server and configured the SAML authentication. At this point, Connecting to the UAG will… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 5: TrueSSO Setup

VMware Horizon authentication using AzureAD (with multifactor) – Part 4: SAML Setup

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup SAML setup In the next part, we will set up the SAML authentication. This consists of 3 steps: First, we need to create the SAML application on Azure, then we will configure the… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 4: SAML Setup

VMware Horizon authentication using AzureAD (with multifactor) – Part 3: Enrollment Servers

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup Enrollment server(s) Repeat all steps in this part on both enrollment/sub-CA servers! On the enrollment/sub-CA server, open the local machine certificate manager: Right-click the Personal node, choose All Tasks > Request New Certificate… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 3: Enrollment Servers

VMware Horizon authentication using AzureAD (with multifactor) – Part 2: Certification Template

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup Certification Template The way TrueSSO works is it is using a certificate issued for the user after a successful SAML authentication and authenticates against AD using a smartcard type logon with that certificate.… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 2: Certification Template

VMware Horizon authentication using AzureAD (with multifactor) – Part 1: Setup sub-CA(s)

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup Sub-CA(s) First, we are going to set up a subordinate certification authority on our 2 servers. I’m using Windows server 2022, but 2019 or 2016 also works fine. By using a sub-CA, all… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 1: Setup sub-CA(s)

VMware Horizon authentication using AzureAD (with multifactor)

Securing external connections to your VMware Horizon environment is not always easy. However, you might already have all the tools necessary to allow external users to access your VMware Horizon environment in a secure way, by which I mean, using multi-factor authentication. If you have: A VMware Horizon environment using Unified Access Gateway for external access A MS 365 or Office 365 subscription AzureAD synced with on-premises AD MFA set… Read More »VMware Horizon authentication using AzureAD (with multifactor)

Cannot complete customization…

A while ago I was experimenting with Packer to automate the creation and updating of my VMware Horizon master images. More details about this in a next post. During my testing however, I needed to clone a Windows VM and apply a customization to it using sysprep. If I tried that using Packer, I got the error “cannot complete customization”. The same error message appeared in the vCenter. To be… Read More »Cannot complete customization…

vExpert

Why and how I became a VMware vExpert

What is the VMware vExpert program? I first found out about the VMware vExpert program at the end of 2019. As many others I guess, I first thought of the vExpert program as a program for people who have deep technical knowledge about VMware products. What else would “expert” mean? But after reading a bit more about the program, I quickly found out deep technical knowledge was not a requirement… Read More »Why and how I became a VMware vExpert

HAProxy health checks for VMware Horizon & AppVolumes

A while ago I wrote a blog post about using HAProxy and Keepalived to make VMware Horizon connection servers and AppVolumes managers high available. The load balancing config used in that post was a basic one who just checked if the connection servers or appvolumes managers were running by checking if the webserver on the servers responded. The drawback of this is when you set a connection server “disabled”, the… Read More »HAProxy health checks for VMware Horizon & AppVolumes

PRTG Powershell class for custom sensor results

I’ve been working with PRTG a lot over the last years for monitoring IT infrastructure. One of the cool features of PRTG is that you have almost unlimited possibilities to create your own custom scripts to monitor almost anything. If you are able to return a numeric value, you can show it in PRTG. Over the past years I’ve created a few dozen custom Powershell scripts for monitoring various IT… Read More »PRTG Powershell class for custom sensor results