Workspace ONE Access Horizon Args

I had an interesting customer use case last week that called for some ingenuity with how we establish Horizon app launch URIs in Workspace ONE Access. In short, a 3rd party agency required management access to retail location IoT devices on a closed network. These contractors were road warriors of sorts; sometimes onsite, but more often than not, out in the field servicing other customers of their own. We call this the “managed aisle” use case in my world, referencing a common retail arrangement where 3rd party vendors manage certain retail product aisles in a store (i.e. beverages). The customer was already using Workspace ONE as the unified app catalog for their enterprise and third party MSPs, publishing an assortment of management and enterprise tools that could only be accessed when on the intranet. They also had an existing Horizon RDS farm deployed with the same management suite for badged resources to perform similar functions on company-owned equipment. So the question became, how could we breadcrumb the user experience in such a way that a contractor could continue consuming applications […]

Workspace ONE and Azure AD: Part 2

Opening Part 1 of this series opened with the business aspects of making investments in Workspace ONE and Microsoft 365, as well as how to integrate both platforms for adopting new use cases. Part 2 will cover how to create the unified app catalog, providing each of our personas with an “any app, any device, at any time” experience. This function is what enables the vast array of personas to consume a common set of resources from their preferred platform, all with dynamic forms of single sign-on to maintain a healthy security posture. It’s also one of the four key value adds from Workspace ONE Advanced. Architecture Very quickly, let’s remind ourselves of the architecture we’re working from in this series: To quote the excerpt from Part 1: Take notice that the end users begin consuming various services and applications by first launching the Workspace ONE app catalog, regardless of the federated architecture. The value add from this flow is that our users can go to one location, the Unified App Catalog, to consume any application or resource across the […]

NSX-T LBaaS with Workspace ONE Access

Opening A few homelab versions back, I exclusively ran NSX-v LBaaS for all things “edge”. I’ve since had the opportunity to shift over to F5 BIG-IP, and now Avi Networks (welcome to the VMware family!), but still asked on numerous occasions to provide guidance on how to load balance Workspace ONE Access with NSX. Let me just say, the world is moving to NSX-T; it’s time you do the same. So without further ado, let’s dig into the recipe for how to load balance Workspace ONE Access with NSX-T. Pre-Requisites Only a handful of things to account for here: Functional NSX-T 2.4 Environment – For the below, I am using a highly available NSX-T 2.4.0 Manager cluster, with dual ‘large’ sized virtual Edge Nodes Functional Workspace ONE Access Node – I’m using an on-premises 1903 cluster below. Keep in mind, to implement a functional cluster, you will need to change the FQDN which won’t be possible without the below implemented. For now, start with one node, then follow the instructions for establishing a 3 node cluster. Here’s a great document […]

Workspace ONE and Azure AD: Part 1

Opening Often times when working with customers, I get the impression that there is a strong sense of confusion when discussing the integration of a platform such as Microsoft 365 with 3rd party ecosystems. After all, an investment in M365 comes with many features and functions, so where do platforms like Workspace ONE fit in? My friends, welcome to my day job and one true passion in life. Remember the saying, “do what you love and you’ll never work a day in your life.” This mini-series is aimed at breaking down the often encountered silos so that you can articulate and deliver a best-in-class end user experience using the analogous functions from two best-in-class platforms: Workspace ONE and Azure AD. We’ll briefly cover the major use cases of stitching these two ecosystems together, and why this fabric is critical to adoption and value realization. Note to reader: The scope of this mini-series will be limited to what you are capable of doing with these platforms today. The partnership announcement will most certainly have a positive impact on the below, and […]

WS1 UEM SCIM Adapter

Today is an exciting day. It’s my first experience developing a VMware Fling, and it’s is the GA release of what Joe Rainone and I put hours of laborious love into. Identity is not only our day job, but also an area that we are both very passionate about. Our belief is that this Fling, while unsupported, answers a question that many of our customers ask when designing production Workspace ONE deployments. Take a look, play around, and please provide feedback here! What is the Fling about? The SCIM protocol is quickly modeling after what SAML brought to identity management almost 15 years ago: a common way to establish resource identity in a service-to-service architecture. Gone are the days where LDAP and Active Directory are the primary systems of record. This concept is particularly enhanced as EUC platforms like Microsoft Azure, VMware Workspace ONE, and others provide native directory services while maintaining a common identity among themselves and their relying parties. Furthermore, the burden of maintaining ‘connector’-like infrastructure for the sole purpose of identity synchronization not only diminishes the value […]