I’m working on a project where we are integrating VMware View, the Workspace Portal and AirWatch for a very interesting mobility storey.
For this deployment a device managed by AirWatch is considered to be a trusted device. The AirWatch browser is set to use the Workspace Portal as it’s home page. Workspace then provides access to internal web sites and View applications.
The interesting behaviour is when I use an iPad connected from the Internet. I login to the Workspace using the AirWatch browser, this is the red line in the diagram. Then launch my View desktop from the Workspace Portal, this is the blue line. The desktop launches from my iPad and I am a happy user.
The funny thing is that workspace uses the internal connection server (CX-I in the diagram) so only requires username and password for authentication. The View client on my iPad then connects through the Security Server, which is paired with the external connection server (CX-E). The external connection server is setup to require two factor authentication using RADIUS. Neither AirWatch nor Workspace require two factor authentication. It is this mismatch in authentication requirements that surprised me, I wasn’t expecting the desktop to launch.
One of the important parts of making this work is that Workspace has awareness of subnets and aligning the View URL with the subnet where the client resides. All of the internal subnets are defined as using the internal connection server and any unknown subnet uses the security server.
© 2015, Alastair. All rights reserved.
RSS - Posts