Recently I was asked by a customer if it was possible to add an untrusted Domain to their current VMware Workspace deployment to easily manage access to applications that are currently being managed by Workspace.
Workspace does give you the option to add a non trusted Active Directory Domain by adding a second connector to that domain as an Identity Provider.
The following figure shows the high level architecture of both a Multi-Forest Domain and separate Active Directory Domain utilizing VMware Workspace.
The following steps document how to add a second connector to your VMware Workspace environment.
Before Installing a Second Connector
The following is required before you configure a second connector for Workspace
- Workspace is currently up and running in your environment
- Create a IP address in DNS for the second connector and make sure its using reverse lookup.
Procedure for Adding a Second Connector
- Within vCenter Deploy a new OVF Template
- Browse to the OVF file and click Next
- Confirm the OVF Details and click Next
- Accept the License Agreement and click Next
- Enter the Name of the connector and select the correct location with in vCenter and click Next
- Select the Cluster and click Next
- Select the Resource Pool and click Next
- Select the Storage and click Next
- Select the Disk Format and click Next
- Select the Network and click Next
- On this screen it is important to select Connector Only Install, enter the Network Properties and click Next
- Confirm everything is correct, select Power on after deployment and click Finish
- While the OVF is installing connect to the Admin portal of the original Workspace deployment
- Click on Settings, Identity Providers and Add Identity Provider
- Add the fully qualified domain name of the second connector and click Save
- Copy the Activation Code as you will need this during the configuration of the second connector
- In a second web browser connect to the second connector
- On the Getting Started Page click Continue
- Configure the passwords and click Continue
- Paste the Activation Code and click Continue
NOTE: If you are using self signed certificates then you will need to copy the root certificate from the first Workspace Appliance and paste it in the Root Certificate box that will show up
- Configure the new Active Directory and click Continue
- Configure the User Attributes and click Continue
- Select the users and click Continue
- Select the AD groups and click Continue
- Confirm everything is correct and click Push to Workspace
- Click Finish