VMware Workspace ONE Access – Prepare

Release date: November 15th 2021, Updated January 25th 2023

Welcome to my VMware Workspace ONE Access series. Before I start the deployment of VMware Workspace ONE Access, I need to do some preparations. VMware already have a pretty handy check-list that can be used before deploying the Workspace ONE Access Appliance: Deployment Checklists (v. 22.09). Based on my planning I will be doing the following preparations:

Fully Qualified Domain Name (FQDN)

The first thing I do is to decide the FQDN to use for my load-balancer in front of my Workspace ONE Access appliance, in my setup this will be “access.frelab.net”. This I register in our external DNS. I link this DNS-registration to one of our external IP-addresses and create a NAT-rule to allow https through the firewall in to my loadbalancer.

Network:

As I will be installing the Workspace ONE Access appliance in my DMZ, I will need the following IP-info. I make sure to register the IP address in DNS, both forward and reverse, beforehand.

• IP address
• Subnet
• Gateway
• DNS
• NTP

_{Note: When it comes to which DNS-server to use, it is important to know what needs to be resolved by the DNS Server. As my setup will be resolving the FQDN’s of my AD, Database and Horizon-servers, I will be opening for DNS through the firewall into my internal DNS-servers.}

Prepare Database:

I will be using my existing database-server in my internal network. Therefore I open the TCP port 1433 in my firewall from the DMZ ip-address of the VMware Workspace ONE Access appliance to the SQL-server. I also have to decide which authentication to use, SQL or Windows AD-integrated? In my case this will be Windows AD-integrated. I first create a user in Active Directory and make sure the password for this user doesn’t expire. VMware have prepared a nice example-query which will create the database, the schema and assign the user the necessary permissions, documented here: Create the Workspace ONE Access Service Database (v.22.09). As stated by VMware, I note the requirements for the username syntax.

To createe the database and schema, I use the query template VMware has supplied here: Confirm Microsoft SQL Database Is Correctly Configured for Workspace ONE Access (v.22.09). I replace the values withing the brackets to my linking, I adhere to the requirements stated by VMware.

I create a new query in MS SQL Server Management Studio and run this. This will create the database and schema with the correct permissions.

Running the query above unfortunately returned this error

To remediate this error, I first open up Properties on the saasdb-database

From the Permissions-section, I grant my sql-user ALL permissions on the database, OK…

Finally, I will adjust the Auto-Growth settings for my database, as described by VMware here: Change SQL Server Database Auto Growth Settings for Workspace ONE Access (v.22.09)

Download Install Media:

From MyVmware I download the following install media:

I will also be needing the VMware Workspace ONE Access Connector

Firewall Port Openings:

As VMware Digital Workspace Tech Zone has an extensive documentation of the necessary firewall port openings I will need, I wont go into details about these here, but refer to VMware here:

• Network Ports in VMware Horizon

With that, the Workspace ONE Access appliance is deployed and ready for the initial configuration, which I have described here: VMware Workspace ONE Access – Deploy Appliance

Official VMware documentation:

• Preparing to Install Workspace ONE Access (v.22.09)
• Workspace ONE Access Product Page
• VMware Workspace ONE Access Documentation

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.