Part-4: Horizon 8 Initial Configurations

The previous post (Part-3). I have covered installation of Horizon 8 Replica Server, in this section (Part-4) I will go through the Initial configurations of Horizon 8.

Horizon 8 Initial Configurations

Before starting the Configurations make sure the following prerequisites are in place.

  1. Active Directory Account created with required permission for vCenter Server Integration with Horizon
  2. Domain User account assigned with required privileges for instant clones, this user account should have rights to joining the Instant clone Virtual Machines to the Active Directory Domain.

Note: In this lab setup I am using the single domain user account which is assigned the vCenter Server Integration and Instant Clone admin privileges, for the production deployment refer the VMware documentations.

Look at the below video to understand the configurations.

In the upcoming post (Part-5) I will cover the Horizon’s Events Database Configuration.

Happy Reading!

Kaliyan

Part-3 VMWare Horizon Replica Server Installation

In the previous post (Part -2) Covered the installatoin of Horizon 8 Connection (Standard) Server, in this section (Part 3) I will cover installation of Horizon 8 Replica Server.

Horizon Replica Server Overview:

Horizon Connection Server first installation instance is called Standard Server, to have high availability and load balancing we need to have more than a connection server in a pod, we can have maximum of 7 connection servers in a single pod.

Horizon Replica server Hardware system requirements same as Horizon Connection server, the only requirement is, you must install the replica server instance in the same physical location (data Center) of the connection Server instance installed. in case your requirement to deploy Horizon 8 span across multiple data Center it is recommended to make use of the Cloud Pod Architecture feature.

Watch the below video to understand Horizon 8 Replica server installation steps.

Click here to watch the Part – 4: Horizon 8 Initial configurations.

Regards
Kaliyan

Part-2 VMWare Horizon 8 (2212) Connection Server Installation (On-Premises)

In the previous post (Part -1) I have covered the high level Horizon 8 architecture and core components specifications, in this section (Part – 2) I will cover installation of Horizon 8 Connection Server.

Horizon 8 Connection Server Prerequesites.

Before starting the installation of first connection server (Standard Server) make sure that required prerequisites are in place. Such as supported version of Active Directory, Service accounts, Static IPs, network ports are open, Horizon Installer, Licenses etc.

for more details about the horizon 8 requirement refer VMwrae’s offical system requirement page.

Watch the below video to understand the Horizon Connection Server installation steps.

Next post (Part -3) VMware Connection Replica Server Installation click here

Regards
Kaliyan

Part 1: VMware Horizon 8 (2212) Hight Level Architecture Overview

Introduction:
The following blog post intent to cover the basic step by step of installation and configuration of VMware Horizon 2212 on-premises LAB environment to understand core components of VMware Horizon 8.

The installation steps are broken into multiple parts, this part cover the high-level architecture and components involved.

1. High Level Horizon 8 Architecture Overview.

2. Horizon 8 VDI infrastructure core components and specification.

The following servers and configuration used in my lab setup, Production deployment refer the VMware’s documentation.

Sl No Name of Server IP Address Qty Configuration Core Service Version Remarks
01 BITLABADC01 192.168.44.100 01 2vCPU, 4GB vRAM, 60GB HDD Active Directory, DNS, DHCP, file share, PKI Windows Server 2012 R2 STD Domain Controller
02 BITLABESXI01 192.168.44.102 01 16 vCPU, 32GB vRAM, 400GB HDD ESXi Server 7.0.3 Horizon Management Servers hosting
03 BITLABESXI02 192.168.44.103 01 16 vCPU, 32GB vRAM, 150GB HDD ESXi Server 7.0.3 VDI Workloads Hosting
04 BITLABVCSA01 192.168.44.104 01 2vCPU, 12 GB RAM, vCenter Appliance 7.0.3.01300 vCenter Appliance
05 BITLABCS01 192.168.44.105 01 2 vCPU, 4GB vRAM, 60GB HDD Horizon Connection Server Windows 2019 STD Connection Server Standard
06 BITLABRCS02 192.168.44.106 01 2 vCPU, 4GB vRAM, 60GB HDD Horizon Replica Server Windows 2019 STD Connection Server Replica
07 BITLABAPV01 192.168.44.107 01 4GB vRAM, 2vCPU, 50GB vDisk App Volumes Manager Windows 2019 STD App Volumes Manager
08 BITLABDEM01 192.168.44.112 01 2 vCPU, 4GB vRAM, 60GB HDD VMware Dynamic Environment Manager Windows 2019 STD Dynamic Environment Manager
09 BITLABSQL01 192.168.44.114 01 2 vCPU, 4GB vRAM, 60GB HDD SQL Server Database MS SQL 2017 STD Horizon Events DB, App Volume DB
10 BITLABWIN10-Master DHCP 01 2 vCPU, 2GB vRAM, 40GB vDisk Windows 10 VM Windows 10 x64 Windows 10 Master Image
11 BITLABWIN10-REF DHCP 01 2vCPU, 2GB vRAM, 40GB vDisk Windows 10 VM Windows 10 x64 Windows 10 Refence VM for App Stack Capturing

Note:
The above server configuration used in my LAB environment deployment, for production environment deployment follow the VMware’s official sizing recommendations and do through assessment of your environment to have get VDI experience.

I hope you will get basic useful idea from this Lab deployment series, stay tuned for next post Part-2 Installation of Horizon Connection Server.

Thanks,

Kaliyan

My Home LAB Specifications

The following Hardware / Software, I am using in my lab environment to experiment the new technologies to get my self familiarizes during my free time.

Sl No

Quantity

Hardware Model

Processor Type

Configurations

Software installed

Model Photo

01

1

Dell Precision T7610 2 x Intel Xeon CPU E5-2660 v2 @ 2.20GHz each 10 Cores 128GB DDR3 RAM, 256GB SSD, 4TB HDD, Nvidia Quadro 4000 2GB DDR5 Windows 10 Professional, VMware Workstation 15 Pro.

Nested Virtualization:
2X ESXI Ver 6.7 with vCenter 6.7.

Running the following workload VMs.
1. VMware Horizon VDI
2. VMware vRealize Operations Manager.
3. VMware Workspace ONE

02

1

Dell Precision 5530 Intel(R) Core(TM) i7-8850H CPU @ 2.60GHz 32GB RAM, 1TB SSD, NVIDIA Quadro P1000. Windows 10 Enterprise.

VMware Workstation 15 Pro

Workspace ONE UEM (SaaS) LAB Setup – Part 1

Introduction: The following blog post aim to cover the basic evaluation of VMWare Workspace ONE UEM, Workspace ONE Access integration and configuration in LAB environments. To deploy in production environment, recommended to refer VMWare Workspace ONE Documentation.

  1. The following design architecture, I am planned to setup in my LAB.


  1. The following Prerequisites required:
  2. VMWare Workspace One UEM, Workspace ONE Access

    We can also make use of 30days trail subscription of Workspace ONE UEM SaaS Tenant, Workspace ONE Access SaaS Tenant.

    In my case I am using VMWare sandbox Tranent as below:

Workspace ONE UEM https://cn5xx.awmdm.sg UEM Console version:
21.1.0.2 (2101)
Workspace ONE Access https://td-as1kalyan-4axxx.vidmpreview.com Console Version:
  1. On-Premises Servers Requirement:
Sl No Server name Server Role OS Version vCPU vRAM (GB) vDisk (GB) IP Address Remarks
01 RWSDC01 ADCS, DNS, PKI.
Airwatch Cloud Connector
Windows Server 2012 R2 2 2 50 192.168.44.100 I have installed Airwatch Cloud Connector on AD DS Server.
Note:
Production setup recommend having separate server.
02 LABWS1ACC01 WS1 Access Connector 2 2 50 192.168.44.11

Note: Airwatch Cloud Connector,
WS1 Access Connector Servers sizing based on my lab requirements.

Production deployment recommended to follow the VMware recommended Architecture hardware sizing Guidelines.

  1. I have selected the following Endpoint Devices for testing:
Device Type OS Version Qty Remarks
Android 10 1 Samsung Galaxy S10+
iOS 14.4 1 Apple Phone 7+
Windows 10 Education Edn. 1809
(OS Build 17763.1697)
1 Virtual Machine
macOS Catalina 10.15.5 1

Let’s get start the installations of ACC step by step.

  1. Installation and Configuration.

C(1): Install and Configure the Airwatch Cloud Connector

  1. Login to Workspace ONE UEM Console https://cn51x.awmdm.sg

  2. From the main menu, navigate to Groups & Settings— > All Settings– > System— > Enterprise Integration –> Cloud Connector.
  3. Select Override.

  4. Select Enable for Enable Airwatch Cloud Connect Setting.
  5. Select Enable for Enable Auto Update (Note. This is LAB setup I have selected Auto Updates, Production environment you need to consider your organisation upgrade policy)
  6. Click the Advanced tab and ensure that Use External AWCM URL is highlighted

  7. Click Save and wait for the certificate to be populated
  8. Click the General tab and click Download Airwatch Cloud Connector Installer

  9. You will get a prompt to key in the download password, enter password: xxxxxx (minimum 6 characters long)
  10. Click Download

  11. Click Save File
  12. After the Download finishes.

  13. Copy the installer file to Airwatch Cloud Connector Server

  14. Rick click Airwatch Cloud Connect 21.1.0.0 Installer and Select Run as an Administrator
  15. Click Next

  16. Select the check box for I accept the terms in the license agreement and click Next

  17. Accept the default installation path and click Next. (Note. Production installation you may have to select different path based on your IT Policy)

  18. For the certificate password, Enter password: xxxxxx
  19. Click Next
  20. Verify the check box for Outbound Proxy? I am not using proxy, so I deselected and Click Next.

  21. Click Install


  22. Installer prompt to inform that TLS 1.2 registry keys were added, Click OK.

  23. Click Finish

  24. You may receive a prompt to restart the Server, Click Yes to continue
  25. Login to Server and Verify that the AirWatch Cloud Connector service is running.

  26. Airwatch Cloud Connector installation log available at below location.

  27. Let’s switch to WS1 UEM Console, Open the Cloud Connector Page to test the connector Connection test.
  28. Main Menu navigate to Groups & Settings– > All Settings– > System– > Enterprise Integration– > Cloud Connector

  29. Click Test Connection

    Airwatch Cloud Connector Installed successfully.

C(2): Configure Active Director Service in Workspace ONE UEM Console.

The following steps need to be done in WS1 UEM Console to configure AD Services:

  • Integrate WS1 UEM Environment with AD Service
  • Configure Filter Searches to identify Users and User Groups.
  • Configure the Setting to Auto-Merge and Synchronize changes between WS1 UEM groups and AD Service Groups.
  • Map attribute values between WS1 UEM user attributes and AD attributes.

Let’s start the AD and WS1 UEM integration Configurations:

  1. Login to Workspace ONE UEM Console


  2. Click on Groups & Settings, Select All Settings


  3. Click on Systemà
    Enterprise Integrationà
    Directory Services


  4. Select Server tab, Select Current Setting set to Override
    1. Select Directory Type: LDAP – Active Directory
    2. DNS SRV select Disabled
    3. Server: RWSDC01.LABDC.COM (enter Active Directory FQDN name)
    4. Encryption Type: NONE
    5. Port: 389
    6. Protocol Version: 3
    7. Use service account Credentials: Disabled
    8. Bind authentication Type: GSS-NEGOTIATE
    9. Bind user name: labdc\uemsync
    10. Password: xxxxxx
    11. Domain: LABDC.COM
    12. Click Test Connection to verify the connectivity
    13. Click Save


  5. On the Directory Services page, Click the User tab and type the User Settings
    1. Click + sign next to the Base DN Box.
    2. In the Base DN menu Select DC=labdc,DC=com
    3. Click Save


  6. On the Directory Services page, Click the Group tab and type the Group Settings
    1. Click + sign next to the Base DN Box.
    2. In the Base DN menu Select DC=labdc,DC=com
    3. Group Object Class: group
    4. Organizational Unit Object Class: organisationalUnit
    5. Expand > Advanced to display additional settings
    6. Make sure that “Auto Sync Default and Auto Merge Default Selected


Notes:
I. Selecting the Auto sync and Auto merge option settings automatically adds or removes users in WS1 UEM configured user groups based on their membership in Active Directory Services and automatically applies synchronization changes without requiring an admin’s approval.

II. Adjust the Maximum allowable changes limit as per your requirement.

  1. Scroll down to the Attribute / Mapping Value Section
  2. Change the mapping value for Organizational Unit to cn
  3. Click Save
  4. Click Test Connection to
    verify the Configuration and click by clinging X at the top right corner.



Now the directory Service user / groups attributes mapping configuration completed. Next will enable Directory Authentication Enrollment.

C(3): Enable Directory Authentication Enrollment.

  1. Login to Workspace ONE UEM Console: https:cn5xx.awmdm.sg
  2. Goto Groups & Settings
    à
    All Settingsà
    Devices & Users
    à Generalà
    Enrollmentà
    Authentication.
    1. Current Setting: Select Override
    2. Authentication Modes, Select Basic and Directory
    3. Click Save

  1. Click on Grouping tab
    1. Current Setting: Click Override
    2. Group ID Assignment Mode: Select Default
    3. Click Save


  1. After saving successful click on X mark to close the setting page.

C(4): Configuration of Importing a user group.

This configuration required to import the user groups from existing Active directory into Workspace ONE UEM.

  1. Workspace ONE UEM Console navigate to Accountà Users Groupà
    List ViewàAddà
    Add User Group


  1. Add User Group page:
    1. select Type: Directory
    2. External Type: Group
    3. Search Text type” group name and click Search



  1. Select Group name in my case “awusers
  2. Click Save
  1. Select imported group name “awusers” and click on More Action and Select Add missing Users


  1. Verify the user’s part the group added into UEM


  1. We can see the about 10 users have been added from AD group to UEM



  1. Click on pencil mark near the Group name


  1. In General tab Select Add Group Members Automatically to Enabled


  1. Click Save

We have successfully synchronized the Active Directory users accounts to Workspace ONE UEM.

Next part 2 will focus on installation and configuration of Workspace ONE Access connector. Stay tune for next post soon.

Thanks for visiting my blog post.