VMware Workspace ONE Access – Configure Appliance

Release date: November 15th 2021, Updated January 25th 2023

Welcome to my VMware Workspace ONE Access series. In this session I will describe how I did my initial configuration of the Workspace ONE Access appliance, which includes the following:

  • Setting passwords for the admin, root and sshuser users
  • Configuring the database-connection

In addition I will configure the following settings:

  • SSL trust between the load balancer and the appliance
  • Setting the Workspace ONE Access FQDN
  • Time sync settings

Once the appliance is deployed, I power it up and open the VMRC. I open the URL as described in the Console below

I open the URL from the Console-window above. It is important to use FQDN otherwise there will be problems configuring the SQL-settings later. The Workspace ONE Access Appliance Setup wizard launches, CONTINUE…

I set the passwords for system accounts in accordance with the password requirements described by VMware here: Manage Your Workspace ONE Access Appliance Passwords. As there is obviously something wrong with the coding of this User Interface, make sure to first enter the “Confirm Password” field before typing the Password field, otherwise you will most likely run into problems, once done, CONTINUE…

Next i enter the JDBC URL, the database username and password. As I’m using the internal FQDN of my SQL server, this JDBC URL won’t work without a DNS resolution of this host name. I click Test Connection, once successful, CONTINUE…

Now that the setup is finished, I select Appliance Configurator to complete my additional settings

I will start out by establishing the SSL Trust between the Load Balancer and Workspace ONE Access. As described in the Official VMware documentation, Apply Workspace ONE Access Root Certificate to the Load Balancer, I need to copy the Workspace ONE Access root certificate to my HAProxy server.

I provide the SAN names and save the pem-file. As I will be adding another IDM later, I will also add the FQDN for this to the SAN names field.

The content of my horizon_workspace_rootca.pem file

I copy the content of the horizon_workspace_rootca.pem file into HAProxy as shown below.

sudo nano /usr/local/share/ca-certificates/horizon_workspace_rootca.pem
sudo openssl x509 -outform der -in horizon_workspace_rootca.pem -out horizon_workspace_rootca.crt
sudo update-ca-certificates

I also need to add the Load Balancer (=HAProxy)’s root certificate to the Workspace ONE Access appliance, as described in VMware’s documentation here: Apply Load Balancer Root Certificate to Workspace ONE Access

Once the services are up and running, I change the Workspace ONE Access FQDN to my public host name

I also adjust the NTP settings to guarantee the correct time on the Workspace ONE Access appliance, which is critical for operations and synchronizations, Save…

After a reboot of both the HAProxy load balancer and the Workspace One Access virtual appliance, I verify that the configuration is in good working order

With that, the configuration of the Workspace One Access appliance is complete. I’m now ready to set up a connector in order to connect both Active Directory av Virtual Apps, which I have described here: VMware Workspace ONE Access – Set up Connector

Official VMware documentation:

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: