Recently I was asked by a customer if it was possible to add an untrusted Domain to their current VMware Workspace deployment to easily manage access to applications that are currently being managed by Workspace.

Workspace does give you the option to add a non trusted Active Directory Domain by adding a second connector to that domain as an Identity Provider.

The following figure shows the high level architecture of both a Multi-Forest Domain and separate Active Directory Domain utilizing VMware Workspace.

The following steps document how to add a second connector to your VMware Workspace environment.

Before Installing a Second Connector

The following is required before you configure a second connector for Workspace

1. Workspace is currently up and running in your environment
2. Create a IP address in DNS for the second connector and make sure its using reverse lookup.

Procedure for Adding a Second Connector

1. Within vCenter Deploy a new OVF Template
2. Browse to the OVF file and click Next
3. Confirm the OVF Details and click Next
4. Accept the License Agreement and click Next
5. Enter the Name of the connector and select the correct location with in vCenter and click Next
6. Select the Cluster and click Next
7. Select the Resource Pool and click Next
8. Select the Storage and click Next
9. Select the Disk Format and click Next
10. Select the Network and click Next
11. On this screen it is important to select Connector Only Install, enter the Network Properties and click Next

12. Confirm everything is correct, select Power on after deployment and click Finish
13. While the OVF is installing connect to the Admin portal of the original Workspace deployment
14. Click on Settings, Identity Providers and Add Identity Provider

15. Add the fully qualified domain name of the second connector and click Save

16. Copy the Activation Code as you will need this during the configuration of the second connector
17. In a second web browser connect to the second connector
18. On the Getting Started Page click Continue
19. Configure the passwords and click Continue
20. Paste the Activation Code and click Continue

NOTE: If you are using self signed certificates then you will need to copy the root certificate from the first Workspace Appliance and paste it in the Root Certificate box that will show up

21. Configure the new Active Directory and click Continue
22. Configure the User Attributes and click Continue
23. Select the users and click Continue
24. Select the AD groups and click Continue
25. Confirm everything is correct and click Push to Workspace
26. Click Finish