EUCbackup Default chapterEDITED WITH NEW INTRO: Getting Started - Workspace ONE Access & Workspace ONE UEM SaaS Instance

EDITED WITH NEW INTRO: Getting Started - Workspace ONE Access & Workspace ONE UEM SaaS Instance

Part 1 Overview

This week you will work closely with a company called EUC LIVEFIRE to implement a complete Workspace ONE digital transformation solution. A team of Architects from your organisation recently conducted multiple design workshops and proposed a SaaS only VMware Workspace ONE solution. EUC LIVEFIRE is excited and ready to start their digital workspace journey. Their employees are expecting a solution that will let them access their productivity apps from any device and without the need to remember multiple passwords. 

The organisation has key drivers around security, availability, mobility, and business continuity. They have an existing infrastructure with multiple authentication services such as OKTA, Active Directory, ADFS etc. and would like to integrate without any major changes or development effort.  

The organisation has recently started migrating from on premise exchange to Office 365. They want to achieve 100% migration without compromising on security and implement higher Data loss prevention capabilities to ensure corporate data is protected. 

As a delivery consultant your objective this week will be to integrate with existing On-premise and SaaS resources with Workspace ONE solution to provide a true digital workspace to EUC LIVEFIRE users. 

Overview of the proposed solution: 

  1. Workspace ONE Access required to perform access management to applications.
  2. Workspace ONE UEM will provide endpoint and application management capability. 
  3. Provision users from On premise Active Directory to Access. Access to provision users to UEM. 
  4. Federate O365 domain with Acces as IDP. 
  5. Integrate Access with OKTA as third party IDP for BambooHR application. 
  6. Integrate with Citrix on premise infrastructure with Access. 
  7. Integrate Access with ADFS as third party IDP. 
  8. Implement Single Sign ON capability for Android, iOS and Windows. 
  9. Implement intelligence reporting. 
  10. Implement Dev-Ops automation use case using Workspace ONE UEM APIs. 

Overview of our On-premise and SaaS resources

1. On-premise resources

The following resources in your lab environment are representative of what the EUC-Livefire organisation "On-premise' resources.

  1. Active Directory Domain Controller and DNS services.
  2. Citrix XenApp server.
    We have a Citrix XenApp server with Storefront and legacy applications published to Citrix XenApp server name is Citrix.euc-livefire.com. A dedicated server for the integration broker called Citrixbroker.euc-livefire.comand a server called citrixrdsh.euc-livefire.com
  3. Connector Server
    A dedicated Windows server called ws1.euc-livefire.com, this is dedicated for the Workspace ONE Access connector which will have to be installed.

2. Cloud SaaS resources

As part of the final solution the following are SaaS resources. 

  1. A SaaS Instance of Workspace ONE Access (formerly known as VMware Identity Manager)
  2. A SaaS Instance of WorkspaceONE UEM (formerly known as VMware AirWatch)

In a later part of the labs you will register with the following SaaS services with a view to building a complete EUC solution.

  1. Office 365 tenant which will federate with Workspace ONE Access
  2. A Salesforce tenant with Workspace ONE Access
  3. A BambooHR application

Part 2 : Registration of your SaaS Tenants for Workspace ONE Access and Workspace ONE UEM

This section takes you through the registration process for your lab resources. You will login to a SaaS tenant of Workspace ONE Access and Workspace ONE UEM.  

In addition you will login and gain access to what will represent your on-premise  components.

These include the Microsoft Windows Workspace ONE Access Connector, your Windows 10 Test Virtual machine and your Citrix Farm

 

1. To Register for the course (Digital Workspace Livefire) by clicking on the unique lab registration link found on www.vmware.com/go/euclivefire that takes your to mylearn.vmware.com 

2. Click on Start This Course

3. You will notice that a new Windows will open that allows you to Access the VLP (VMware Learning Platform) from which you will interact with your on-premises components. We will come back to these later in the lab.

4. At this time check your e-mail and you should have received an e-mail from svc.labadmin@vmware.com.

NOTE: Check your JUNK folder

5. This e-mail contains the unique tenant for your vIDM SaaS instance. Click on the TENANT URL to launch the VIDM Admin Console.

Use the credentials provided to login : Username: Administrator Password: VMware1!

6. Now that you are signed in, change from the catalog view to the admin console by navigating to the top right and clicking on Tenant Admin and selecting Administration Console from the drop-down.

7.  You should now see the Workspace ONE Access Admin Console to which we will return in a later lab.

8. Open a browser and navigate https://cn-livefire.awmdm.com

9. Use the e-mail address you signed up to the course with as the User Name (Eg sfrank@vmware.com) and the password: VMware1! Click Log In

10. Now set a security question and answer and a four digit Pin

11. You should now be on the Getting started window of the UEM console which is the default landing page.

Part 3. Integrating with Workspace ONE Intelligence

This part of the lab will take you through how to activate your WorkspaceOne Intelligence Trial environment from the UEM console.

1. IF you aren't already, log into the Workspace ONE UEM console by opening a browser to https://cn-livefire.awmdm.com

2. Login using your e-mail as username and password: VMware1!

3.  Select Monitor on your left of the Workspace ONE UEM pane and then select Intelligence and click GET STARTED

 

4. It will now give you the information as to what Intelligence will collect from your UEM environment.

Click the check box next to  "Opt In" and select Next at the bottom of the page.

5. You will now need to fill in your details and select ACCEPT. Note: The form values can be fictitious.

6. You will now be re-directed to the Intelligence server.

You now have access to the WorkspaceOne Intelligence platform.

We will setup the WorkspaceOne Intelligence integration with Workspace ONE Access. this will allow us to begin aggregating information based on logins to Workspace ONE UEM and AppLaunch.

1. On the left of the pane, navigate to and select the dropdown next to Settings , and select Integrations select SET UP under Workspace ONE Access

2. Select GET STARTED on the the wizard page

3. On the Authorize: Workspace ONE Access page select Provide Credentials and next to Tenant Domain* type your unique vIDM tenant URL for this course.
e.g https://aw-livefirerplaston.vidmpreview.com

4.  Select CONNECT TO WORKSPACE ONE ACCESS

5. On the Workspace ONE Intelligence Integration window select  ACCEPT

6. On Workspace ONE Access authorised successfully window select FINISH

This concludes the the setup of our VMware WorkspaceOne tenants needed for the remainder of the labs.

You may now move on to the next lab

Part 4. Configuring domain trust

1. On your ControlCenter Desktop, Select the Start Button to launch the Start Menu and select Administrative Tools

  1. Select Active Directory Domains and Trusts shortcut
  2. In Active Directory Domain and Trusts mmc select and right-click Active Directory Domains and Trusts [ControlCenter2.euc-livefire.com]
  3. Select Properties
  4. Under the UPN Suffixes Tab under Alternative UPN suffixes type your custom domain name. the example we have in this lab is tokyo01.euc-livefire.com
  5. Select Add , select OK to close the window, close the Active Directory Domains and Trusts Window.

 

2.

  • On your ControlCenter Desktop close Active Directory Domain and trusts.
    1. In the Administrative tools folder select Active Directory Users and Computers shortcut and select open
    2. Under the euc-livefire.com domain, expand the Corp > Marketing Organisational Units
    3. You will notice we have Users 1 to 4. Select and right-click User1 and select Properties
    4. Select the Account tab, to the right of User logon name: select the drop down arrow and select your custom domain
    5. Repeat these tasks for all 4 users. Close the Active Directory Users and Computers window

Part 5. Configuration of a Custom Test Account

In this part you'll be creating your test user for the salesforce lab.

  1. Open Active Directory User & Computers. Expand the EUC-livefire.com domain, expand the Corp OU and expand the Marketing OU
  2. On the Marketing OU select and right-click the Marketing OU and select New User. Fill in the unique user details,
    • First Name: User xxxxx {your student number + {the first letter of your city and country abbreviation}} eg {for San jose, Costa Rica User33SCR}
    • Last Name: {the first letter of your city and country abbreviation} eg. SCR
    • Username: FirstName@customdomain.euc-livefire.com, eg. User33SCR@Sanjose33.euc-livefire.com}
  • Select Next
  • In the New Object - User, type your password VMware1!
  • select the Password never expires checkbox, select Next, select Finish
  • Select your custom user and select and go to properties, on the General Tab type in the email address eg.user35AK@utrecht35.euc-livefire.com
  • Select the Member Of tab select Add, in the Enter the object names box type Marketing and select Check Names, select OK, select` OK

0 Comments

Add your comment

E-Mail me when someone replies to this comment