Release date: November 15th 2021
Welcome to my VMware Workspace ONE Access series. Before I start the deployment of VMware Workspace ONE Access, I need to do some preparations. VMware already have a pretty handy check-list that can be used before deploying the Workspace ONE Access Appliance: Deployment Checklists (v. 21.08). Based on my planning I will be doing the following preparations:
Fully Qualified Domain Name (FQDN)
The first thing I do is to decide the FQDN to use for my load-balancer in front of my Workspace ONE Access appliance, in my setup this will be “access.frelab.net”. This I register in our external DNS. I link this DNS-registration to one of our external IP-addresses and create a NAT-rule to allow https through the firewall in to my loadbalancer.
As I will be installing the Workspace ONE Access appliance in my DMZ, I will need the following IP-info. I make sure to register the IP address in DNS, both forward and reverse, beforehand.
- IP address
Note: When it comes to which DNS-server to use, it is important to know what needs to be resolved by the DNS Server. As my setup will be resolving the FQDN’s of my AD, Database and Horizon-servers, I will be opening for DNS through the firewall into my internal DNS-servers.
I will be using my existing database-server in my internal network. Therefore I open the TCP port 1433 in my firewall from the DMZ ip-address of the VMware Workspace ONE Access appliance to the SQL-server. I also have to decide which authentication to use, SQL or Windows AD-integrated? In my case this will be Windows AD-integrated. I first create a user in Active Directory and make sure the password for this user doesn’t expire. VMware have prepared a nice example-query which will create the database, the schema and assign the user the necessary permissions, documented here: Create the Workspace ONE Access Service Database As stated by VMware, I note the requirements for the username syntax.
I replace the values withing the brackets to my linking, I adhere to the requirements stated by VMware.
I create a new query in MS SQL Server Management Studio and run this. This will create the database and schema with the correct permissions.
Download Install Media:
From MyVmware I download the following install media:
I will also be needing the VMware Workspace ONE Access Connector, BUT, as this will be used with VMware Horizon, I adhere to the documentation and download the VMware Identity Manager connector (Windows) 19.03.0.1 version
Firewall Port Openings:
As VMware Digital Workspace Tech Zone has an extensive documentation of the necessary firewall port openings I will need, I wont go into details about these here, but refer to VMware here:
With that, the Workspace ONE Access appliance is deployed and ready for the initial configuration, which I have described here: VMware Workspace ONE Access – Deploy Appliance
Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.