Configure Horizon Pods and Pod Federations in Workspace ONE Access

Workspace ONE Access is an Identity as a Service (IDaaS) offering, providing application provisioning, self-service catalog, conditional access controls and Single Sign-On (SSO) for SaaS, web, cloud and native mobile applications.

You can integrate the following types of resources with Workspace ONE Access:

  • Web applications
  • VMware Horizon Cloud Service applications and desktops
  • VMware Horizon desktop and application pools
  • VMware ThinApp packaged applications
  • Citrix-published resources

In this lesson you will configure Workspace ONE Access for integration to an existing, on-premises VMware Horizon pod.

Integrate Horizon Cloud Pod Architecture Pod Federations with Workspace ONE Access

The Horizon Cloud Pod Architecture (CPA) feature links together multiple Horizon pods to form a single, large desktop and application brokering and management environment called a pod federation. A pod federation can span multiple sites and data centers.

While CPA is outside the scope of this lab, note that WS1 Access can be integrated with both single Horizon pods as well as CPA pod federations.

Integrate an Independent Horizon Pod with WS1 Access

To integrate Horizon pods in WS1 Access, you create one or more virtual apps collections in the WS1 Access administration console. The collections contain the configuration information for the Horizon Connection Servers as well as sync settings.

Open a New Tab in Chrome

  1. Open a New Tab in the Chrome browser.
  1. Select WS1 from the shortcut menu
  2. Select VIDM-01 Admin

Choose System Domain

  1. Click the drop-down menu to select a domain
  2. Select System Domain
  3. Clear the checkbox for Remember this setting
  4. Select Next

The System Directory is a local directory that is automatically created in the service when WS1 Access is initially set up. This directory has the domain System Domain. You cannot change the name or domain of the System Directory, or add new domains to it. Nor can you delete the System Directory or the System Domain.

The local administrator user that is created when you first set up the WS1 Access appliance is created in the System Domain of the System Directory.

The System Directory is typically used to set up a few local administrator users to manage the service. In the following step you will authenticate with a local administrator account called admin.

Sign In to Workspace ONE as Admin

  1. username = admin
  2. password = VMware1!
  3. Select Sign in

Create Virtual Apps Collection

You can integrate Horizon desktops and applications, Horizon Cloud desktops and applications, Citrix published resources, and ThinApp applications with WS1 Access.

  1. Select the Catalog tab, being sure to click on the down arrow
  2. Select Virtual Apps

Note: The Virtual Apps page may take several seconds to load the first time. If the list of apps does not show up within several seconds, please refresh the Chrome browser window.

View the Virtual Apps Catalog

Workspace ONE Access is not integrated with any Horizon Pod

  1. Select the Catalog tab, being sure to click on the down arrow
  2. Select Virtual Apps Collection

Add Virtual Apps for Horizon

  1. Select NEW

Select Source Type

  1. Click SELECT to choose the type Horizon

Configure Horizon Collection

There are a number of configurable options when configuring Horizon Collection. Only some of these will be used for this lab. Any options not specified in the lab manual should be left as default.

Connector
  1. In the Name field, enter Horizon
  2. Verify the Connector selected is conn-01.corp.local
  3. Click NEXT
Pod and Federation - Add Pod
  1. Click ADD A POD
  1. Connection Server = horizon-01.corp.local
  2. Username = Administrator@corp.local
    This is a domain account with administrative privileges in Horizon
  3. Password = VMware1!
  4. Check the box for Sync Local Entitlements
  5. Click ADD

Local Entitlements refer to the desktop and application entitlements for a given Horizon pod. Global Entitlements refer to desktop and application entitlements across Horizon pods in a Cloud Pod Architecture (multiple pod) implementation.

In this lab you are working with a single Horizon pod so all entitlements are local.

The Connection Server field must use the FQDN of one of the Horizon Connection Servers.

In production Horizon implementations, it is common to configure a load-balancer virtual IP (VIP) in front of your Connection Servers. Do not use the VIP for this configuration step. You will configure the Client Access URL with the load-balancer VIP in a later exercise.

Complete Pod and Federation
  1. Click NEXT
Configuration
  1. Click NEXT
Summary
  1. Click SAVE & CONFIGURE NETWORK RANGE
Success

Sync Horizon Resources to Identity Manager

  1. Click FINISH

Sync

  1. Select Horizon
  2. Select Sync to begin syncing Horizon desktops, apps, and user entitlements from Horizon to Identity Manager

Wait for Sync

It may take several minutes for the Calculating Sync Actions step to complete.

Begin Sync of Horizon Resources

  1. Notice the desktop and entitlement that will sync. 

Success

Sync Completed

Review the success message.

Refresh Virtual Apps Collections

  1. Note the sync status is Started
  2. Refresh the Virtual Apps Collections

Sync Complete

  1. Verify the sync is Completed

Review Changes to Virtual Apps Catalog

Workspace ONE Access is now syncing Horizon resources from two independent Horizon implementations. WS1 Access creates a single catalog of desktop and application resources that can be distributed to end users.

  1. Select the arrow next to Catalog
  2. Select Virtual Apps

New Applications in Virtual Apps Catalog

  1. Note the Apps now available

Leave the Workspace ONE Management Console Open

Leave the Workspace ONE Management Console tab open in Chrome, as you will use it in the next lesson.