Assign Users or Groups permission to Enterprise application
Import XML on UAG and configure it
Import Identity Provider Metadata, select the file XML downloaded from the Enterprise Application data
Select the identity provider
Select More Option
And select SAML e the correct Identity provider (with SAML+PASSTROUGHT the identity token will not passed to horizon Server and it will required a new autentication)
Export Horizon Enrollment Certificate from Horizon installation and install it in to Enrollment Horizon Server
Connect to Horizon Server and export the Horizon View Certificate (The certificate with vdm.ec friendly name)
Now we import the enrollment certificate in to Horizon Enrollment server, we need import in to Certificate Computer store and add the friwndly name vdm.ec
Connect to ROOTCA or SUBCA, from MMC console and open Certificate Template snap-in
Change the validity period to a period that is as long as a typical working day; that is, as long as the user is likely to remain logged into the system.
Change the renewal period to 50%-75% of the validity period.
Install Enrollment certificate on Enrollment server
Connect to ROOTCA or SUBCA, from MMC console and open Certificate Template snap-in
From
Connect to Horizon enrollment server and install the enrollment Agent (Computer), open snap-in Certificate (select Local Computer)
Create a Windows Server 2012 R2, Windows server 2016, or Windows Server 2019 virtual machine with at least 4GB of memory, or use the virtual machine that hosts the enterprise CA. Do not use a machine that is a domain controller.
Verify that no other Horizon component, including Connection Server, Horizon Client, or Horizon Agent is installed on the virtual machine.
Verify that the virtual machine is part of the Active Directory domain for the Horizon deployment.
Verify that you are using an IPv4 environment. This feature is currently not supported in an IPv6 environment
VMware recommends that the system must have a static IP address.
Verify that you can log in to the operating system as a domain user with Administrator privileges. You must log in as an administrator to run the installer.
Download Horizon Connection Server installer and start it:
In the last months of 2020 VMware publish the new version of Horizon (2012 version aka 8.1), now in March 2021 the all Horizon 7 version will go out of support, except the 7.13. Now we have another good reason to upgrade beyond the Flash game over.
Non sono certo io a dover spiegare che parlare di security è ormai entrato nel day by day dei consulenti dei manager IT. Anche VMware da alcuni anni sta rilasciando guide di come rafforzare l’hardening degli ambienti vSphere. Ormai è da diffidare di chi considera l’installazione di ESXi e vCenter come dei semplici avanti avanti avanti ….
Riporto qui sotto il link alla guida di VMware per l’hardening degli ambienti vSphere 7 comprensivo anche dei dettagli dei parametri da configurare e dei comandi per modificarli.