ARCHITECTURAL OVERVIEW REVISED 6 NOVEMBER 2018

Similar documents
REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: UNIFIED ACCESS GATEWAY ARCHITECTURE

REVISED 6 NOVEMBER 2018 COMPONENT DESIGN: VMWARE IDENTITY MANAGER ARCHITECTURE

PROVIDING SECURE ACCESS TO VMWARE HORIZON 7 AND VMWARE IDENTITY MANAGER WITH THE VMWARE UNIFIED ACCESS GATEWAY REVISED 2 MAY 2018

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

INSTALLATION AND SETUP VMware Workspace ONE

VMWARE HORIZON CLOUD WITH VMWARE IDENTITY MANAGER QUICK START GUIDE WHITE PAPER MARCH 2018

REVISED 4 JANUARY 2018 VMWARE WORKSPACE ONE REFERENCE ARCHITECTURE FOR SAAS DEPLOYMENTS

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

INTEGRATING OKTA: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

REVIEWERS GUIDE NOVEMBER 2017 REVIEWER S GUIDE FOR CLOUD-BASED VMWARE WORKSPACE ONE: MOBILE SINGLE SIGN-ON. VMware Workspace ONE

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Configuring Single Sign-on from the VMware Identity Manager Service to Bonusly

MANAGING ANDROID DEVICES: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Horizon Workspace Administrator's Guide

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

A: SETTING UP VMware Horizon

EXPLORING MONITORING AND ANALYTICS VMware Horizon

Deploying VMware Workspace ONE Intelligent Hub. October 2018 VMware Workspace ONE

TECHNICAL WHITE PAPER DECEMBER 2017 VMWARE HORIZON CLOUD SERVICE ON MICROSOFT AZURE SECURITY CONSIDERATIONS. White Paper

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

Guide to Deploying VMware Workspace ONE with VMware Identity Manager. SEP 2018 VMware Workspace ONE

VMware Identity Manager Administration

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

PRINTED 13 APRIL 2018 NETWORK PORTS IN VMWARE HORIZON 7

VMWARE HORIZON 7. End-User Computing Today. Horizon 7: Delivering Desktops and Applications as a Service

Configuring Single Sign-on from the VMware Identity Manager Service to Trumba

Configuring Single Sign-on from the VMware Identity Manager Service to Vizru

Configuring Single Sign-on from the VMware Identity Manager Service to Exterro E-Discovery

Configuring Single Sign-on from the VMware Identity Manager Service to Marketo

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Setting Up Resources in VMware Identity Manager 3.1 (On Premises) Modified JUL 2018 VMware Identity Manager 3.1

Cloud Pod Architecture with VMware Horizon 6.1

Integrating VMware Workspace ONE with Okta. VMware Workspace ONE

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

VMware AirWatch and Office 365 Application Data Loss Prevention Policies

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Service Description VMware Workspace ONE

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Workspace ONE UEM Integration with RSA PKI. VMware Workspace ONE UEM 1810

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

USING PRODUCT PROVISIONING TO DELIVER FILES TO WINDOWS 10: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Microsoft Intune App Protection Policies Integration. VMware Workspace ONE UEM 1811

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

VMware AirWatch Content Gateway Guide for Linux For Linux

VMware AirWatch Content Gateway Guide for Windows

Integrating AirWatch and VMware Identity Manager

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Setting Up Resources in VMware Identity Manager (On Premises) Modified on 30 AUG 2017 VMware AirWatch 9.1.1

TECHNICAL WHITE PAPER AUGUST 2017 REVIEWER S GUIDE FOR VIEW IN VMWARE HORIZON 7: INSTALLATION AND CONFIGURATION. VMware Horizon 7 version 7.

Workspace ONE UEM Certificate Authority Integration with JCCH. VMware Workspace ONE UEM 1810

NETWORKING AND ACTIVE DIRECTORY CONSIDERATIONS ON MICROSOFT AZURE FOR USE WITH VMWARE HORIZON CLOUD SERVICE. VMware Horizon Cloud Service

CONFIGURING AD FS AS A THIRD-PARTY IDP IN VMWARE IDENTITY MANAGER: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Workspace ONE UEM Recommended Architecture. VMware Workspace ONE UEM 1811

Service Description VMware Horizon Cloud Service on Microsoft Azure

Table of Contents HOL VWS

VMware Enterprise Systems Connector Installation and Configuration

Configuring Single Sign-on from the VMware Identity Manager Service to Collibra

Installing and Configuring VMware Identity Manager. Modified on 14 DEC 2017 VMware Identity Manager 2.9.1

VMware AirWatch Workspace ONE Send Admin Guide Configuring and deploying Workspace ONE Send

VMware Identity Manager Integration with Office 365

VMware Identity Manager Administration

VMware Enterprise Systems Connector Installation and Configuration. Modified 29 SEP 2017 VMware AirWatch VMware Identity Manager 2.9.

VMware Workspace ONE UEM Recommended Architecture Guide

Mobile Secure Desktop Implementation with Pivot3 HOW-TO GUIDE

VMware Identity Manager Integration with Office 365

Installing and Configuring VMware Identity Manager. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

INTEGRATING WITH DELL CLIENT COMMAND SUITE: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Installing and Configuring VMware Identity Manager for Linux. Modified MAY 2018 VMware Identity Manager 3.2

Setting Up Resources in VMware Identity Manager

VMware Tunnel on Linux. VMware Workspace ONE UEM 1811

VMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION

Installing and Configuring VMware Identity Manager

Installing and Configuring the Connector

Integrating VMware Horizon Workspace and VMware Horizon View TECHNICAL WHITE PAPER

VMware Content Gateway to Unified Access Gateway Migration Guide

Junos Pulse Secure Access Service Supported Platforms Guide

VMware Enterprise Systems Connector Guide for SaaS Customers ACC Installation and Integration for SaaS

Unified Access Gateway Double DMZ Deployment for Horizon. Technical Note 04 DEC 2018 Unified Access Gateway 3.4

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

AirWatch Container. VMware Workspace ONE UEM

Horizon Air 16.6 Release Notes. This document describes changes to Horizon Air for version 16.6

VMWARE HORIZON CLOUD SERVICE HOSTED INFRASTRUCTURE ONBOARDING SERVICE SILVER

VMware AirWatch Content Gateway Guide for Windows

IMPLEMENTING SINGLE SIGN-ON (SSO) TO KERBEROS CONSTRAINED DELEGATION AND HEADER-BASED APPS. VMware Identity Manager.

How VMware Mirage Complements and Extends Microsoft System Center Configuration Manager TECHNICAL WHITE PAPER

VMware vcloud Air Network Program License Key Volume Q1 2016

VMware AirWatch File Storage Setup Guide Setting up file storage for AirWatch functionality

Citrix Workspace. Lausanne Laurent Strauss Christophe Beaugrand

VMware AirWatch Integration with Microsoft ADCS via DCOM

VMware AirWatch Google Sync Integration Guide Securing Your Infrastructure

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Transcription:

REVISED 6 NOVEMBER 2018

Table of Contents Architectural Overview Workspace ONE Logical Architecture GUIDE 2

VMware Workspace ONE Cloud-Based Reference Architecture - Architectural Overview Architectural Overview A VMware Workspace ONE design uses several complementary components and provides a variety of highly available services to address the identified use cases. Before we can assemble and integrate these components to form the desired service, we first need to design and build the infrastructure required. The components in Workspace ONE, such as VMware Identity Manager, VMware Workspace ONE UEM (powered by VMware AirWatch ), and VMware Horizon are available as on-premises and cloud-hosted products. For this reference architecture, the approach taken is to use the cloud-hosted offerings of VMware Identity Manager and Workspace ONE UEM (AirWatch) and to utilize VMware Horizon Cloud Service on Microsoft Azure. Workspace ONE Logical Architecture The Workspace ONE platform is composed of VMware Identity Manager and Workspace ONE UEM. Although each product can operate independently, integrating them is what enables the Workspace ONE product to function. VMware Identity Manager and Workspace ONE UEM provide tight integration between identity and device management. This integration has been simplified in recent versions to ensure that configuration of each product is relatively straightforward. Although VMware Identity Manager and Workspace ONE UEM are the core components in a Workspace ONE deployment, you can deploy a variety of other components, depending on your business use cases. For example, and as shown in the following figure, you can use VMware Unified Access Gateway to provide the VMware Workspace ONE Tunnel or VPN-based access to onpremises resources. For more information about the full range of components that might apply to a deployment, refer to the VMware Workspace ONE UEM documentation. GUIDE 3

Figure: Sample Logical Architecture of a Workspace ONE Deployment Using Horizon Cloud Service on Microsoft Azure Following is a description of the components shown in the Workspace ONE architecture diagram: VMware Workspace ONE UEM SaaS tenant Cloud-hosted instance of the Workspace ONE UEM service. Workspace ONE UEM acts as the mobile device management (MDM), mobile content management (MCM), and mobile application management (MAM) platform. VMware Identity Manager SaaS tenant Cloud-hosted instance of VMware Identity Manager. VMware Identity Manager acts as an identity provider by syncing with Active Directory to provide SSO across SAML-based applications, VMware Horizon based apps and desktops, and VMware ThinApp packaged apps. It is also responsible for enforcing authentication policy based on networks, applications, or platforms. Horizon Cloud Control Plane A control plane that VMware hosts in the cloud for central orchestration and management of VDI desktops, RDSH-published desktops, and RDSHpublished applications. Because VMware hosts the service, feature updates and enhancements are consistently provided for a software-as-a-service experience. Horizon Cloud Administration Console The cloud control plane also hosts a common management user interface, which runs in industry-standard browsers. This console provides IT administrators with a single location for management tasks involving user assignments to and management of VDI desktops, RDSH-published desktops, and RDSH-published applications. Horizon Cloud Node VMware software deployed to a supported capacity environment, such as Microsoft Azure cloud. Along with access to the Horizon Cloud Administration Console, the GUIDE 4

service includes the software necessary to pair the deployed node with the cloud control plane and deliver virtual desktops and applications. Workspace ONE native mobile app OS-specific versions of the native app are available for ios, Android, and Windows 10. The Workspace ONE app presents a unified application catalog across VMware Identity Manager resources and native mobile apps, allows users to easily find and install enterprise apps, and provides an SSO experience across resource types. VMware Enterprise Systems Connector Combination of two different services (the former AirWatch Cloud Connector and VMware Identity Manager Connector) bundled within a single Windows-based installer. The Enterprise Systems Connector connects resources located in different security zones (namely, the DMZ and the LAN). AirWatch Cloud Connector (ACC) component Runs in the internal network, acting as a proxy that securely transmits requests from Workspace ONE UEM to the organization s critical back-end enterprise infrastructure components. Organizations can leverage the benefits of Workspace ONE UEM Mobile Device Management, running in any configuration, together with those of their existing LDAP, certificate authority, email, and other internal systems. VMware Identity Manager Connector component Performs directory sync and authentication between an on-premises Active Directory and the VMware Identity Manager service. This component is available as either a Windows installer or a Linux-based virtual appliance. Secure email gateway Workspace ONE UEM supports integration with email services, such as Microsoft Exchange, GroupWise, IBM Notes (formerly Lotus Notes), and G Suite (formerly Google Apps for Work). You have three options for integrating email: VMware Secure Email Gateway Requires a server to be configured in the data center. PowerShell integration Communicates directly with Exchange ActiveSync on Exchange 2010 or later or Microsoft Office 365. G Suite integration Integrates directly with the Google Cloud services and does not need additional servers. Content integration The Workspace ONE UEM Mobile Content Management solution helps organizations address the challenge of securely deploying content to a wide variety of devices using a few key actions. An administrator can leverage the Workspace ONE UEM Console to create, sync, or enable a file repository. After configuration, this content deploys to end-user devices with VMware Workspace ONE Content. Access to content can be either read-only or read-write. VMware Unified Access Gateway Virtual appliance that provides secure edge services and allows external access to internal resources. Provision of Workspace ONE UEM Per-App Tunnels and the Tunnel Proxy to allow GUIDE 5

mobile applications secure access to internal services Access from Workspace ONE Content to internal file shares or SharePoint repositories by running the Content Gateway service Reverse proxying of web servers Single sign-on access to on-premises legacy web applications by identity bridging from SAML or certificates to Kerberos Secure external access to Horizon 7 desktops and applications GUIDE 6

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 Fax 650-427-5001 www.vmware.com Copyright 2017 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents. VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback