One of the most commonly asked questions amongst customers and partners are how-to setup Kerberos Single-Sign-On (SSO) into Horizon Workspace. Therefore I decided I should create this detailed step-by-step blog post on how to configure Kerberos in Horizon Workspace version 1.0 and 1.5.
Configuring Kerberos SSO into Horizon Workspace greatly enhances the end-user experience. If the end-user login to their domain joined desktop and access the Horizon Workspace web portal they will not be asked to sign-in once more, but are allowed access based on their Kerberos token. The Horizon Client version 1.5.2 also makes use of Kerberos SSO. Seamless to the users the Horizon Client will try to authenticate to the Horizon Workspace using Kerberos. If successful no further interaction from the end-user is required. This is especially useful in a Horizon View environment using non-persistent floating desktop pools.
If you are new to Horizon Workspace and want to get kick started sing-up for the VMworld 2013 Hands-on Lab, now available online. In this 101 Lab you will gain hands-on experience with data sharing, SAML integration and other useful features.
Sing-up here: http://labs.hol.vmware.com
The Lab’s name is: HOL-MBL-1304 – Horizon Workspace – Explore and Deploy
By Gerald Cheong, contractor, End-User Computing Solutions Management, VMware, and
Manrat Chobchuen, Solutions Architect, End-User Computing Solutions Management, VMware
One of the challenges in enterprise application management is the large number of applications that the average enterprise user needs to access. Single sign-on (SSO) is an effective way to make access more convenient for the user and at the same time more secure for the enterprise.
Some SSO solutions are based on integrated Active Directory (AD) on the corporate intranet. One big drawback of this approach is that it restricts the Web application to the corporate intranet. This results in lack of flexibility in deployment options as well as certain security compromises.
VMware Horizon Workspace uses the Security Assertion Markup Language (SAML) 2.0 standard to support SSO. This support allows more flexibility and better security than an integrated AD solution. This article describes SAML concepts and shows how to set up a sample Web application in Horizon Workspace with SAML, so you can see SSO in action. It also discusses the considerations and integration points for a Web application to support SAML 2.0 integration with Horizon Workspace.
Are you a fan of SSH vs. virtual console access? I am. I much prefer to access a Linux/Unix vApp via SSH than via the remote console as this allows me to use Terminal on my Mac vs. opening a remote session to a virtual Windows system to then run the vSphere Infrastructure Client (VIC). It’s a personal preference, I admit. But enabling SSH does allow for direct SCP access as well.
Here’s how to enable SSH for the Horizon vApps.
With VMware Horizon Workspace, there are a couple of environmental prerequisites to be aware of which, without knowing about can cause some minor frustration during implementing of Horizon Workspace 1.0.
As mentioned in other Blog posts around VMware.com, Horizon Workspace 1.0 is now released! For those wishing to walk through their own review and proof of concept, the Horizon Workspace Reviewers Guide by VMware’s own Rory Clements and Muthu Somasundaram goes into excellent detail on the items needed in your lab for installing Horizon Workspace 1.0 and getting it working properly with some of your existing applications and VMware Horizon View 5.2.
Here’s a simple process for hooking your ThinApp Factory appliance into your Horizon environment.