VCP6-DTM Objective 6.2 – Configure VMware Workspace Portal

New Dashboard with reports – New Admin Dashboard shows all necessary reporting data – historical trends, system health, and active users and users interactions. The dashboard is dynamic and refreshes the informations automatically.

Knowledge for today's topic is:

• Configure the following:
  • High availability
  • SSL certificates
  • NTP
  • Users and groups
  • Web links and SaaS application authentication
  • VMware ThinApp access and delivery
  • Approvals

Documentation Tools

• Installing and Configuring VMware Workspace Portal
• VMware Workspace Portal Administrator’s Guide
• VMware Workspace Portal End User Guide
• VMware Workspace Admin Console

Check the previous post where we start the deployment – VCP6-DTM Objective 6.1 – Install VMware Workspace Portal. From there, if you want more details before we'll continue with today's topics, check the AD part below as it needs some specific attributes to look at…..

01. Look at my Administrator’s account’s properties (Attribute editor – the DistinguishedName field)

02. I had to modify the properties of that account to include First and Last name, because those were blank and I had an error like this:

Note also that I used different port than the default one. The 3268 is used in my case. It’s because the AD server is also a Global Catalog then the default port listed in the setup (389) won’t work. So in case you’re using an AD/GC server, change the port to 3268 (or 3269 if using SSL).

The wizard walks you with all the steps and finishes (or should finish) like this.

You can then login into the Workspace by entering the Bind DN user name and password that you entered when you set up the connection to Active Directory.

The Workspace VM did not come up with latest VMware tools installed, but even if it’s linux appliance, all you have to do is just right click > Guest > Install/update VMware tools and the tools gets updated automatically. All Green now !!

High availability

Add additional identity provider instances to your Workspace deployment for high availability purposes. By adding and configuring identity provider instances to your Workspace deployment, you can provide high availability, support additional user authentication methods, and add flexibility in the way you manage the user authentication process based on user IP address ranges.

Deploy Workspace with a single Active Directory domain during the proof-of-concept phase of your deployment, then prepare additional identity provider instances for your Workspace.deployment.

Log in to the Workspace Admin Console and Select Settings > Identity Providers > Click Add Identity Provider. This option prompts you for information that enables Workspace to register an existing third-party identity provider instance. Edit the identity provider instance settings.

Click Edit Order of Identity Providers > Use the up and down arrows to move an identity provider instance to the appropriate location > Click Save.

SSL certificates

When the Workspace appliance is installed, a default SSL server certificate is automatically generated. You can use this self-signed certificate to test Workspace. VMware strongly recommends that you generate and install commercial SSL certificates when Workspace is used in a production environment.

What is CA?

A certificate of authority (CA) is a trusted entity that guarantees the identity of the certificate and its creator. When a certificate is signed by a trusted CA, users no longer receive messages asking them to verify the certificate.

You can download the Workspace root CA from

https://workspacehostname.com/horizon_workspace_rootca.pem

Appliance Configurator > Install Certificate page. You can also add the load balancer's root CA certificate on this page as well.

Apply Public Certificate Authority to Workspace

Some enterprises use certificates generated by their own company or other certificate authorities. These certificates are not included in the trusted certificate authority list.
You can add new certificates to Workspace.

If Workspace FQDN points to a load balancer, the SSL certificate is applied to the load balancer.

Generate a Certificate Signing Request (CSR) and obtain a valid, signed certificate from a CA. If your organization provides SSL certificates that are signed by a CA, you can use these certificates.

Workspace Admin Console, click Settings and select VA > Click Manage Configuration > Log in to the Appliance Configurator with the Workspace administrator password > Select Install Certificate > In the Terminate SSL on Workspace appliance tab, paste the complete certificate chain and private key > Ensure that the certificate includes the Workspace FQDN hostname.

Save the SSL certificate. Check if you can log in

NTP

You must turn on time sync at the ESX host level using an NTP server. Otherwise, a time drift will occur between the virtual appliances.

Users and groups

In order to sync with Microsoft AD, you'll have to base setup a base DN as the point from where to search for users. This search includes all users. To restrict the number of users that sync with
Workspace, you can create user-attribute-based search filters to exclude specific types of users.

Web links and SaaS application authentication

VMware ThinApp access and delivery

The URL to directly log in to the admin console is

https://WorkspaceFQDN/SAAS/admin

This includes setting up the integration to the View connection server, ThinApp repository, and Citrix published applications resources. From these pages you can also check directory sync status and alerts. You log in as the Workspace administrator, using the user name admin and the admin password you created when you set up Workspace. A link to the Connector Services Admin pages can be found at

https://Workspace_FQDN .com:8443

enter an admin as a user name.

Approvals

Select Settings > Approvals to enable or disable license approval. Enabling license approval applies when you integrate your license-management system with Workspace.

Check the whole Study page for VCP6-DTM certification exam here.