VMware Horizon

VMware Horizon authentication using AzureAD (with multifactor) – Part 5: TrueSSO Setup

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup TrueSSO setup We are almost there! So far we have created our sub-CAs, setup certificate templates, installed the enrollment server and configured the SAML authentication. At this point, Connecting to the UAG will… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 5: TrueSSO Setup

VMware Horizon authentication using AzureAD (with multifactor) – Part 4: SAML Setup

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup SAML setup In the next part, we will set up the SAML authentication. This consists of 3 steps: First, we need to create the SAML application on Azure, then we will configure the… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 4: SAML Setup

VMware Horizon authentication using AzureAD (with multifactor) – Part 3: Enrollment Servers

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup Enrollment server(s) Repeat all steps in this part on both enrollment/sub-CA servers! On the enrollment/sub-CA server, open the local machine certificate manager: Right-click the Personal node, choose All Tasks > Request New Certificate… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 3: Enrollment Servers

VMware Horizon authentication using AzureAD (with multifactor) – Part 2: Certification Template

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup Certification Template The way TrueSSO works is it is using a certificate issued for the user after a successful SAML authentication and authenticates against AD using a smartcard type logon with that certificate.… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 2: Certification Template

VMware Horizon authentication using AzureAD (with multifactor) – Part 1: Setup sub-CA(s)

This is part of a series of post for setting up VMware Horizon authentication using AzureAD. Part 1: Setup sub-CA(s) Part 2: Certificate Template Part 3: Enrollment Servers Part 4: SAML Setup Part 5: True SSO Setup Sub-CA(s) First, we are going to set up a subordinate certification authority on our 2 servers. I’m using Windows server 2022, but 2019 or 2016 also works fine. By using a sub-CA, all… Read More »VMware Horizon authentication using AzureAD (with multifactor) – Part 1: Setup sub-CA(s)

VMware Horizon authentication using AzureAD (with multifactor)

Securing external connections to your VMware Horizon environment is not always easy. However, you might already have all the tools necessary to allow external users to access your VMware Horizon environment in a secure way, by which I mean, using multi-factor authentication. If you have: A VMware Horizon environment using Unified Access Gateway for external access A MS 365 or Office 365 subscription AzureAD synced with on-premises AD MFA set… Read More »VMware Horizon authentication using AzureAD (with multifactor)

HAProxy health checks for VMware Horizon & AppVolumes

A while ago I wrote a blog post about using HAProxy and Keepalived to make VMware Horizon connection servers and AppVolumes managers high available. The load balancing config used in that post was a basic one who just checked if the connection servers or appvolumes managers were running by checking if the webserver on the servers responded. The drawback of this is when you set a connection server “disabled”, the… Read More »HAProxy health checks for VMware Horizon & AppVolumes

OneDrive grey cross with Horizon Instant Clones, AppVolumes and FSLogix

Some time ago, I encountered two similar cases using OneDrive on a non-persistent VDI environment. Both environments were already using AppVolumes for most applications, Dynamic Environment Manager for user profiles and FSLogix Office container for Outlook cache. After installing OneDrive using the machine-wide installation option /allusers, I was able to configure OneDrive using the users’ credentials so there was no need to provide an additional user and password. However, once… Read More »OneDrive grey cross with Horizon Instant Clones, AppVolumes and FSLogix

VMware Horizon/AppVolumes LB with HAProxy and Keepalived on PhotonOS

At the time of writing, VMware Horizon provides a built-in “Load-Balancer/High-Availability” option only for the Unified Access Gateway. Unfortunately if you want your Horizon Connection servers or your AppVolumes managers to be “Load-Balanced/High-Available” you have to rely on other VMware or 3rd party solutions. For my homelab I wanted to have the same experience of having “Load-Balanced/High-Available” for my connection servers and appvolume managers, so I could get hands-on experience… Read More »VMware Horizon/AppVolumes LB with HAProxy and Keepalived on PhotonOS

My first VMware homelab

Some of you might be surprised by the title of this blog post, but yes, this is a post about my first real VMware homelab I set up during the final days of the soon-to-forget year of 2020. So how can an experienced VMware engineer get all his experience if he doesn’t even have a homelab to play with? Well, in the past years, I’ve always had a test environment… Read More »My first VMware homelab