Horizon Air Hybrid-Mode

Delivering a Seamless Digital Workspace Experience with Horizon Cloud

VMware Workspace ONE integrates with VMware Horizon Cloud to provide a simple and secure enterprise platform that allows end users to access their applications, data and services from any device, anywhere. Both platforms were built to integrate with each other, which provides a single user interface (UI) through the Workspace ONE enterprise catalog, to deliver applications to end users.

Explore Workspace ONE further in a Hands-on Lab.

About Workspace ONE

Workspace ONE combines identity, real-time application delivery and mobility management to provide a digital workspace to your end users. This digital workspace delivers Software-as-a-Service (SaaS) applications, public native mobile applications—and when integrated with Horizon Cloud, virtual applications and desktops—all from a single, unified application store.

About Horizon Cloud

Horizon Cloud enables the delivery of cloud-hosted or on-premises virtual desktops and applications. With Horizon Cloud, you can leverage a cloud-based management plane and even infrastructure, instead of deploying an entire infrastructure to support VDI desktops and RDS applications traditionally. Your IT organization can focus on delivering applications and desktops, instead of spending time maintaining the infrastructure.

Benefits of Integration

The integration of Workspace ONE and Horizon Cloud provides a number of benefits:

Single Sign-On

One of the primary advantages that Workspace ONE and Horizon Cloud provide is secure, single sign-on (SSO) to both desktops and applications. This provides simplicity and ease of access while maintaining security. Users can utilize either the Workspace ONE web-based portal from any HTML 5 web browser or the Workspace ONE mobile application. And when used with an iOS-based device, users can utilize touch ID for SSO.

Two-Factor Authentication

Workspace ONE provides multiple multi-factor authentication methods, such as RSA, Radius, Certificate, Kerberos, and VMware Verify to protect your environment beyond the basic user ID and password. Workspace ONE also provides two-factor authentication (2FA) for Horizon Cloud to secure your Digital Workspace.

In addition, you can utilize step-up authentication, which allows additional multi-factor authentication beyond the initial authentication into Workspace ONE when accessing a desktop or application. This increases the security by requiring two-factor authentication to access a specific desktop or application, even if you don&#rsquo;t require it to access Workspace ONE.

Three Integration Options

Both Horizon Cloud and Workspace ONE have a cloud hosted option and an on-premises option. You can integrate the Horizon Cloud options with the Workspace ONE options in the following configurations:

Figure 2: Possible Integration Configuration Options

Although the two types of deployment have unique architecture requirements, both require an on-premises component. The on-premises component can be a virtual appliance or a Windows server, based on the type of deployment. For more information on the different deployments and their architecture, see VMware Workspace ONE Documentation.

Integration 1: Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud

Horizon Cloud with Hosted Infrastructure supports only Workspace ONE Cloud.

Figure 3: Integration 1: Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud

The following Figure 4 illustrates the integration option for Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud. The VMware Identity Manager Connector (a) is deployed on-premises in your data center. This integrates with your Active Directory and synchronizes the resources between Horizon Cloud and Workspace ONE, along with desktop and application entitlements. This synchronization between the VMware Identity Manger Connector and Horizon Cloud occurs over the VPN or Direct Connect (b), which connects your data center to your Horizon Cloud tenant (c). The VMware Identity Manager Connector then synchronizes the resources and entitlements to the VMware Identity Manager (IDM) Cloud service (d).

Figure 4: Integration 1: Horizon Cloud with Hosted Infrastructure and Workspace ONE Cloud

Integration 2: Horizon Cloud On Premises and Workspace ONE On Premises

Horizon Cloud with On-Premises Infrastructure supports both the on-premises and cloud versions of Workspace ONE.

Figure 5: Integration 2: Horizon Cloud On-Premises and on-premises version of Workspace ONE

You can use Horizon Cloud with On-Premises Infrastructure to run desktops and applications in their data center using Hyper Converged Infrastructure (HCI) Appliances, but with abut with a cloud base control plane.

Figure 6 illustrates the integration option for Horizon Cloud On-Premises Infrastructure and on-premises version of Workspace ONE. VMware Identity Manager (a) is deployed as a virtual appliance in your data center. This provides integration with your Active Directory (b) and also performs the synchronization of the resources between Horizon Cloud and Workspace ONE (c), along with desktop entitlements.

Figure 6: Integration 2: Horizon Cloud On-Premises and on-premises version of Workspace ONE

Integration 3: Horizon Cloud On Premises and Workspace ONE Cloud

Horizon Cloud with On-Premises Infrastructure supports both the on-premises version of Workspace ONE and Workspace ONE Cloud.

Figure 7: Integration 3: Horizon Cloud On Premises and Workspace ONE Cloud

For Workspace ONE Cloud, the VMware Identity Manager Connector (a) is deployed on-premises in your data center (b). This provides integration with your Active Directory and also performs the synchronization (c) of the resources between Horizon Cloud and Workspace ONE, along with desktop entitlements. The VMware Identity Manager Connector then synchronizes the resources and entitlements to the IDM Cloud service (d).

Figure 8: Integration 3: Horizon Cloud On Premises and Workspace ONE Cloud

Tips on How to Integrate

To integrate Horizon Cloud with Workspace ONE, you deploy VMware Identity Manager or VMware Identity Manager Connector on-premises with one of the Horizon Cloud Service options described earlier. To start the integration, ensure that VMware Identity Manager or VMware Identity Manager Connector is configured and integrated with your Enterprise Directory.

For more information, see the VMware Horizon Cloud Service Documentation or VMware Workspace ONE Documentation.

Enable Horizon Cloud Desktops and Applications in VMware Identity Manager

With a Horizon Cloud and Workspace ONE integration, you can use the VMware Identity Manager Administration Console, a component of Workspace ONE, to enable desktops and applications.

  1. Log in to the VMware Identity Manager Administration Console.
  2. In the Catalog tab, select Manage Desktops and Applications > Horizon Cloud.
  3. Select Enable Horizon Cloud Deployments and Applications.
  4. Enter the following information for your environment:
  5. Click Save.
  6. Click Sync now to sync Desktop and App entitlements from the Horizon Cloud environment.

Configure SAML Authentication

You should configure a a SAML authentication between Horizon Cloud and VMware Identity Manager, the identity provider, to enable trust between the two. To establish trust, you first create a Federation Artifact for Horizon Cloud, then set up custom user ID mapping, and finally configure SAML authentication.

Create Federation Artifact for Horizon Cloud

To enable trust between Horizon Cloud and VMware Identity Manager, you create the Federation Artifact in the VMware Identity Manager Administration Console and add a SAML authentication in the Horizon Cloud Administration Console.

  1. In the VMware Identity Manager Administration Console, click the arrow on the Catalog tab and select Settings.
  2. In the left pane, select Horizon Cloud.
  3. Enter the following information for your Horizon Cloud environment:
  4. Click the Accept Certificate link next to the Tenant Appliance URLs.
  5. Click Save.

After creating a federation artifact, set the custom User ID mapping.

Custom User ID Mapping

You can use custom User ID Mapping to customize the user ID that is used in the SAML response when users launch Horizon Cloud Desktops and Applications. You can resolve SSO launch failures that are caused by a mismatch of the user ID attribute between VMware Identity Manager and Horizon Cloud.

  1. In the VMware Identity Manager Administration Console, click the arrow on the Catalog tab and select Settings.
  2. Click Horizon Cloud on the left.
  3. In the Horizon Cloud page, specify the name ID format to use.
  4. Click Save.

After setting the custom User ID mapping, configure the SAML authentication.

Configure SAML Authentication in Horizon Cloud

To configure SAML authentication in Horizon Cloud:

  1. In the VMware Identity Manager Administration Console, click the arrow on the Catalog tab and select Settings.
  2. In the left pane, click SAML Metadata.
  3. Click the Identity Provider (iDP) metadata link.
  4. Make a note of the URL from the browser&#rsquo;s address bar, such as https://VMwareIdentityMangerFQDN/SAAS/API/1.0/GET/metadata/idp.xml
  5. Log in to the Horizon Cloud Tenant.
  6. Navigate to Settings > General Settings > Edit.
  7. In the VMware Identity Manager section, enter the following required information:
  8. Click Save.

Enforce User Authentication through Workspace ONE Portal

You can set Horizon Cloud to enforce end user authentication through the Workspace ONE portal, requiring SAML-based authentication.

Figure 13: Enforcing User Authentication

  1. In the Administration Console, navigate to Settings > General Settings, and click Edit.
  2. In the User Account Configuration section, make selections according to your organization’s needs.
    • Force Remote Users to vIDM – When set to Yes, users that are trying to access their desktops from locations outside of your corporate network must log in to their Workspace ONE portal and access desktops and applications from that portal.
    • Force Internal Users to vIDM – When set to Yes, users that are trying to access their desktops from locations within your corporate network must log in to their Workspace ONE portal and access desktops and applications from that portal.
  3. Click Save to confirm the configuration to the system.

After you verify that user authentication is enforced, your users can launch desktops and applications securely from Workspace ONE.

Launch a Desktop or Application using Horizon Client or Supported Browser

Your end users can use either the Horizon Client or any supported HTML 5 browser to launch desktops and applications.

  1. In the Workspace ONE portal, click Bookmarks
  2. Double-click the desktop or application to launch.

To Wrap this up….

Step-by-step documentation on how to integrate Horizon Cloud with VMware Identity Manager can be found in the VMware Horizon Cloud Service Documentation and VMware Workspace ONE Documentation. If you want to try configuring the integration yourself, but do not have a Horizon Cloud or Workspace ONE environment yet, you are in luck. At VMworld, we are releasing a Hands-on-Labs for Horizon Cloud, which contains an entire module that walks you through the configuration of the integration. Make sure to check out HOL-1856-ADV-1 in the Hands-on-Labs at VMworld in Las Vegas!

 

The post Delivering a Seamless Digital Workspace Experience with Horizon Cloud appeared first on VMware End-User Computing Blog.

Read more..

Horizon Cloud Service with Hosted Infrastructure – July 2017 Technical Updates

There are several technical updates to the VMware Horizon Cloud Service with Hosted Infrastructure this quarter. The updates for this release focus on expanding capabilities from the initial release in February. VMware will contact all customers individually to schedule the upgrade of their tenant(s) to the new release (17.1). For more details on this release, see the Horizon Cloud with Hosted Infrastructure 17.1 Release Notes.

New Data Center Availability Added!

VMware is continuing its partnership with IBM to bring VMware Horizon Cloud Service to more regions. Since Februrary, we have added capabilities to host Horizon Cloud in the United Kingdom (May), Germany (June) and in California (July). We now have three data centers in the U.S., one in Japan, and two in Europe. The Horizon Cloud team will continueto add more data centers in the next few months. Stay tuned!

Native Applications with App Volumes Technology Is Generally Available

In February, we enabled a few select customers to use VMware App Volumes technology to create and leverage AppStacks in Horizon Cloud. This feature is now generally available to any customer who requests it. Note that add-on storage is required to use this feature. If you are a HorizonCloud customer and would like to use Native Applications powered by App Volumes technology, consult with your VMware sales team.

Smart Policies Support

You can now leverage Smart Policies in Horizon Cloud. Smart Policies allow you to have fine-grain control over a user&#rsquo;s desktop experience. You can dynamically enable, disable, or control access to user features in Horizon Cloud based on who the user is, and how they are accessing Horizon Cloud. Smart Policies were released as an integration between VMwareHorizon 7 and VMware User Environment Manager in 2016.

For example, with Smart Policies, an administrator can decide to disable access to USB devices or to cut-and-paste from within the Horizon Client if a user is attempting to access the HorizonCloud environment from an untrusted or external network. You can also dynamically control display-protocol configurations based on the type of device that is being used.

Smart Policies in Horizon Cloud work the same as they do in Horizon 7. VMware Senior Product Line Manager Aaron Black wrote an excellent blog post pointing out some great use cases for Smart Policies. If you want to try out Smart Policies in your Horizon Cloud deployment, download the Reviewers Guide for View in VMware Horizon 7: Smart Policies.

Windows Server 2016 Support

Horizon Cloud continues to provide support for customers wanting to use the latest editions of Windows operating systems. With this release, Horizon Cloud with Hosted Infrastructure now supports Windows Server 2016 for RDSH hosts and for skinned Windows Server based virtual desktops. For full details on OS support in Horizon Cloud with Hosted Infrastructure, see the Horizon Cloud with Hosted Infrastructure Service Description document, which can be found in the Horizon Cloud Service with Hosted Infrastructure Terms of Service page.

Horizon Virtualization Pack for Skype for Business Support

Full support for the Horizon® Virtualization Pack for Skype for Business isreleased for Windows clientswith Horizon Cloud. This solution enables customers to use Skype for Business within Horizon desktops to make optimized audio-video calls and telephony features using the native Skype client. Please note that this functionality is only available on VDI desktops today, but will be made available on RDSH desktops / apps in the future. Details on what features are supported with this release can be found in the release notes for Horizon 7.2.

Enhanced Troubleshooting Capabilities through Console Access (BETA)

We have added more troubleshooting features to the Horizon Air Console Access - HACA tool. HACA, which is currently in Beta,gives administrators direct access to individual desktop consoles for troubleshooting purposes. The tool has been enhanced to allow administratorsthe abilitytotroubleshootvirtual machines that get stuck during the Windows OS startup process, before the Horizon Agent starts.

Horizon Agent 7.2 / Client 4.5 Support

Horizon Cloud with Hosted Infrastructure supports the latest Horizon clients and agents. Organizations can take advantage of new feature enhancements in the latest clients including enhanced security with Blast Extreme with support of SHA-256 encryption. You can download the latest clients from the Horizon Clientdownload page.

The post Horizon Cloud Service with Hosted Infrastructure - July 2017 Technical Updates appeared first on VMware End-User Computing Blog.

Read more..

Horizon Cloud Service with On-Premises Infrastructure May 2017 Release Updates

There are several technical updates this quarter to VMware Horizon Cloud Service with On-Premises Infrastructure. For more details on this release, see the Horizon Cloud with On-Premises Infrastructure Release Notes.

Support for Cloud-Based Workspace ONE

With this release, we now support cloud-based deployments of VMware Workspace ONE. End users can access their VMware Horizon Cloud virtual desktops from the Workspace ONE application catalog and utilize single sign-on for authentication. We previously supported only on-premises deployments of Workspace ONE.

 

New Desktop Configuration – Performance (Enterprise Plus)

We have added a new desktop configuration option to better suit the needs of your power users. With Horizon Cloud with On-Premises Infrastructure, you can now deliver Performance (Enterprise Plus) Desktops, with an 8 vCPU and 16 GB vRAM configuration.

Smart Policies Support

You can now leverage Smart Policies in Horizon Cloud. Smart Policies allow you to have fine-grain control over a user&#rsquo;s desktop experience. You can dynamically enable, disable, or control access to user features in Horizon Cloud based on who the user is, and how they are accessing Horizon Cloud. Smart Policies were released as an integration between VMware Horizon 7 and VMware User Environment Manager in 2016.

For example, with Smart Policies, an administrator can decide to disable access to USB devices or to cut-and-paste from within the Horizon Client if users are attempting to access the Horizon Cloud environment from an untrusted or external network. You can also dynamically control display-protocol configurations based on the type of device that is being used.

Smart Policies in Horizon Cloud work the same as they do in Horizon 7. VMware Senior Product Line Manager Aaron Black wrote an excellent blog post pointing out some great use cases for Smart Policies. If you want to try out Smart Policies in your Horizon Cloud deployment, download the Reviewers Guide for View in VMware Horizon 7: Smart Policies.

vSphere 6.5 Support

We have added support for VMware vSphere 6.5 on certified vSAN Ready Nodes. For details on supported hardware models from partners, see the Horizon Cloud with On-Premises Infrastructure page.

SmartNode Consolidation

We have consolidated the management tier of a Horizon Cloud with On-Premises Infrastructure deployment into a single virtual appliance. The Horizon Cloud Node appliance manages all of the critical functions including App Volumes, Instant Clone creation, and communication with the Horizon Cloud control plane. This change was made to keep the Horizon Cloud Node footprint small and efficient. For more details, see Horizon Cloud with On-Premises Architecture.

Summary

With this release of Horizon Cloud with On-Premises Infrastructure, new features include

  • Support for cloud-based Workspace ONE
  • New desktop configuration: Performance (Enterprise Plus)
  • Smart Policies support
  • vSphere 6.5 support
  • Multi-region management
  • SmartNode consolidation

Horizon Cloud with On Premises Infrastructure continues to add new functionality on a regular basis. For more information, see Horizon Cloud Service with On-Premises Infrastructure.

The post Horizon Cloud Service with On-Premises Infrastructure May 2017 Release Updates appeared first on VMware End-User Computing Blog.

Read more..

[Podcast] VMware End-User Computing on Frontline Chatter

What&#rsquo;s next for VMware End-User Computing (EUC)? Pat Lee, vice president of product management for cloud apps and desktops at VMware, recently talked about this and much more on EUC podcast Frontline Chatter.

&#rsquo;We&#rsquo;re always going to be improving and making constant changes each quarter to address customer concerns, figure out the use cases and provide a competitive and truly strong solution in the marketplace.&#rdquo;

Listen to the episode on SoundCloud to hear Pat&#rsquo;s thoughts on the evolution of VMware EUC, his favorite VMware projects and the crazy world that is the Internet of Things:

Pat talks about how VMware has evolved desktop transformation:

&#rsquo;In the last 36 months, we had a foundation in place that was good, but we really needed to scale it to be more successful in the market. We focused on some key areas. One, how do we deliver that end-user PC experience to as many users as possible? Early on, when you saw VDI, it was a great tactical solution when security, compliance and call centers were required, but it didn&#rsquo;t give you all the things you expected from a user experience: seamless web cam use, seamless local storage access, etc. All those things have to come into play so you can provide that native PC experience remotely. We made a big focus on: How can we expand our client story? How can we expand all the things that are required to deliver that rich user experience?&#rdquo;

[Read more: The Next Horizon! Introducing Horizon 7.1, Horizon Apps & Horizon Cloud]

On Blast Extreme, Pat explains how trends, such as increased mobility, drove the project:

&#rsquo;Our goal was to look at how things were changing. Most display protocols that we&#rsquo;d been working with and going up against were designed for the LAN, for a well secured corporate network. Sure there&#rsquo;s some remote access that happens with it, but a lot of it&#rsquo;s really designed around LAN delivery, network on-prem delivery. As we looked at how things were changing, desktop-as-a-service was becoming more viable. So public internet is coming into play—a lot more public internet usage is happening to connect the desktops. A lot more mobility—iOS, there&#rsquo;s Android. How do we give you a good experience for cases where I need to work on a laptop in a coffee shop for hours at a time, where battery life matters? From a codec perspective, what can we do to maximize the battery life of the client so you can work with mobility? … How do we focus Blast Extreme when the world is changing—more mobile, public internet, wireless delivery—and with more portable devices where battery life matters? So we sat down and said, if we can leverage things like industry-standard codecs, like H.264—which every device you have today, even refrigerators in your house, have a H.264 decoder in them—we can do hardware offloads, we can get maximum battery life … We were able to have a 10-hour desktop session on an iPad using Blast Extreme because we&#rsquo;re leveraging hardware … Those types of things bring a whole new level into what you can do when you look at mobility.&#rdquo;

[Read more: VMware Horizon 7 Blast Extreme Primer—Everything an Admin Needs to Know]

On the future of VMware EUC, Pat talks about strategically leveraging the cloud:

&#rsquo;How do we move to a cloud-centric vision for EUC? That doesn&#rsquo;t mean everything goes in the cloud but leveraging the cloud to solve critical problems, and for people that want to go all-in on the cloud, to give them a great cloud solution. We introduced Horizon Air Hybrid-Mode last year, the ability to have a cloud-managed, local delivery of VDI, and that was Phase One … With Horizon Air Hybrid-Mode, you see the first step in how we can deliver an on-prem solution that gives you a fast, low latency, high performance solution, but with you getting out of the infrastructure management game … If we can simplify the mundane tasks of delivery so you can focus on what you really care about—&#lsquo;how do I get that desktop to the user, or the app to the user&#rsquo;—in the simplest way, we will have done our job.&#rdquo;

[Read more: Here Comes … Horizon Cloud]

Catch the complete conversation here.

The post [Podcast] VMware End-User Computing on Frontline Chatter appeared first on VMware End-User Computing Blog.

Read more..

Go Que Newsroom Categories