Skip to end of metadata
Go to start of metadata


Welcome to the Digital Workspace blog! 

The blog is focused on interesting things around End User Computing (EUC), primarily VMware Workspace One platform.

Horizon Security Audit
Hello! Long summer past, and time to blog some more. One of our customers has decided to make a security audit of Horizon View. So we sat together with their specialist and started to go over how Connection Server works with users. And he found a surprise for me: I never thought about the details of user management and believed it all came from Active Directory. And I was wrong - Connection Server does have several "cached" accounts: one of them is the account used to work with vCenter,…
A common issue with every installation of AirWatch is AWCM external/internal certificate. It is simple logic that every connection to AWCM should be certificate-signed. With a valid (not self-signed!) certificate. But on the internal side we have some local FQDN which is usually different from how AirWatch "Device Services+AWCM" host (also called Front-End Server or FE) is published on the external network. So the formal way is to issue a separate certificate for the internal connections,…
The current situation with virus and people evacuating to work remotely from home has brought a renaissance in the world of VDI. This gave an opportunity for some new companies to try reinvent the wheel, by taking what is available in open source community - KVM hypervizor, SPICE protocol, Openstack / OpenNebula orchestrator, some scotch tape and legendary free beer - and mix this together to create the "new breed of VDI". Does it work? - it does (if constructed correctly).…
This week I had several requests "can we control our very special SAP app with MDM?" So SAP once had their own MDM called SAP Afaria, and the fact they dropped it did not change the fact that they are quite diligent in supporting MDM topic as a whole in their apps. You can't always find it easily in their docs, but usually it works. A few things I found myself searching: SAP BI - <Corporate Connections> - https://help.sap.com/viewer/212f7e2a40ca490a81dc70b7a71f2b94/6.6/en-US/1c86a7b6b0ab45bea0b0b8358a4d9325.</Corporate>…
This week I had some "good old days" experience with Horizon deployment at a customer site. For the last couple of years all I did were AirWatch pilots, so it was a refreshing thing to check out what's up in the latest Horizon by myself. As always, it all starts with sending deployment requirements to the customer, and usually they say "we prepared everything" and in reality ignore 95% of what you ask them to do upfront. This time I had more or less a responsible customer,…
In short - yes, you do! But what's going on here anyway? We are trying to notify a mail client from our on-prem Exchange, that there is a fresh new EMail for him to pick up. To do this, we need to send a PUSH message to the device using a platform-vendor cloud (APNs for Apple, FCM for Google). MS Exchange cannot send PUSH messages itself, so VMware have built a special server for this - the ENSv2. It goes to Exchange, impersonating the EMail user, looks for new EMail,…
AirWatch applications and SDK check the system for compromised (jailbreak/root) status. When they uncover by some symptoms that the device was compromised, this status is transmitted to the Console, and an action is taken. Or not. There is a switch tucked away in the depths of settings, which allows AirWatch to ignore Compromised devices. It is in Settings → Apps → Settings and Policies → Security Policies. Compromised.…
LetsEncrypt public certificates from Mozilla Foundation are cool, but updating every 3 months can be a pain. There are several ways to automate, and the latest I discovered is to outsource this procedure: turns out there is a DNS-provider https://porkbun.com/ https://porkbun.com/ who do the procedure for you. Just download the brand new certificates every 3 months and insert them where they should be, without additional fuss.…



Disclaimer

My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions.

Tags

Loading tagcloud ...