I recently came across a bug that impacted apps accessed via Horizon RDSH from a Type 2 kiosk where Fast User Switching was enabled, so the “Type 3” Imprivata agent was installed on the RDSH side as well. If the application allowed disconnects/reconnects (no immediate logoff on disconnect) and the RDSH session was disconnected from […]
The Journey to Workspace ONE Access 21.08 Connectors – Tips, Tricks, and Gotchas
Workspace ONE Access 21.08 is here, and we finally get Connectors that support Virtual Apps (with some exceptions, see “caution” section here)! One of the best things about this version is that we no longer have the need for Integration Brokers, making Citrix integrations far easier. Each Connector now has this built-in, so no more […]
Integrating Workspace ONE Access and UAG with JWT
If you’re leveraging Workspace ONE Access with Horizon and allowing external access, you are likely leveraging multifactor authentication for additional security from the outside. When combined with UAG, a common scenario is to separate out Connection Servers and place them in Workspace ONE mode and setting SAML to required, like this: When pointing the UAG […]
Logoff Sessions Pending Image in Horizon
I recently received a request from a follower, asking if it is possible to script logoffs for any Instant Clone desktops that are pending an image update. Currently they have to manually go through the admin portal and log them all off, not a quick task when dealing with thousands of sessions. We can certainly […]
Automatically Switch App Volumes Managers in Multi-Site Deployment
Typically in a multi-site VDI scenario, you would have a global load balancer URL that would resolve to the App Volumes VIP in the local datacenter, preventing you from having to crack open the golden image each time you update your pools on each side. Sometimes having a global URL that only resolves to the […]
Use the Same Image for Type 1 and Type 2 Imprivata Desktop Pools
Imprivata is heavily used across many healthcare industries today due to their tap-and-go and EPCS functionalities. If you have used Imprivata before, you are likely aware of the difference between “Type 1” (Single User) and “Type 2” (Shared Kiosk) agents and workflows. When it comes to VDI, Type 1 is sometimes also paired with a […]
Visualize Horizon Data with Power BI – Part 1: The Basics
Rarely do you hear the terms “Horizon” and “Power BI” within the same sentence. Because Horizon basically pumps everything into the Events database, you can get some pretty cool statistics that can be visualized with Power BI. This includes user logins, reconnects, and even admin events like desktop restarts. I’m going to talk about these […]
Bad True SSO Template Causes Horizon Launches to Fail
Recently I ran into an issue where a misconfigured True SSO template caused Horizon launches to fail when launching through Workspace ONE Access. The error looked similar to this: The desktop agent logs were not reporting any errors whatsoever, and SAML was succeeding just fine because we were able to authenticate into the Connection Server. […]
Load Balancing Kerberos with Workspace ONE Access
There are a lot of good posts and documents on how to setup Kerberos on your Connectors to function appropriately with Workspace ONE Access. However, many of them are inaccurate when it comes to load balancing your Connectors for Kerberos. Load balancing is the only way to ensure your Kerberos authentication mechanism is highly available […]
Workspace ONE Access – Duo RADIUS MFA without True SSO
So you went through the process of getting Workspace ONE Access setup for MFA/RADIUS authentication. You sign into WSO-A, get MFA’d, and you jump for joy! But when you launch a virtual app, you are prompted for your password again… The prompt is happening because RADIUS is not recognized as a valid method for password […]