vmguru

Hello I'm setting up VMware Horizon with Unified Access Gateway (UAG) and looking for clarification on authentication options, particularly regarding Smartcard authentication and SAML requirements. From my understanding, UAG typically acts as a SAML Service Provider (SP) and relies on an external Identity Provider (IDP) for authentication. However, I want to know: Is SAML strictly necessary between the UAG and Horizon Connection Server, or can a setup work without exchanging SAML metadata? If using Smartcard authentication, does this eliminate the need for SAML between UAG and Horizon, or is SAML still required in some form? Can Smartcard authentication be handled directly at the UAG level, or does it always require an external IDP? What’s the recommended configuration for Smartcard authentication in a Horizon + UAG setup? The VMware documentation isn’t very clear on whether a SAML-free setup is possible, especially when using Smartcards. If anyone has experience with Smartcard authentication in Horizon with UAG, I’d appreciate any insights on best practices and required configurations. Thanks!

It is available since a long time! https://docs.omnissa.com/bundle/AppVolumesInstallGuideV2306/page/IntroductiontoAppVolumes.html Target Computer A VDI desktop, physical client computer, Remote Desktop Services (RDS) Host or Citrix XenApp Server where users log in to access their applications delivered from the Package. The target computer must have the App Volumes agent installed and configured to connect to the App Volumes Manager. But take Care! "Yes. App Volumes 2.9 and later support delivering AppStacks and writable volumes to physical machines under the following conditions: • A constant network connection must be available. • Automatic Windows updates must be disabled. • The operating system on the physical endpoint must be nonpersistent, streamed, or both. (IE Citrix PVS) • Updates to the operating system cannot be performed with AppStacks or writable volumes attached" I think with latest releases it possible also on persistent devices Release Notes of 2406 https://docs.omnissa.com/bundle/AppVolumesReleaseNotesV2406/page/AppVolumes-ReleaseNotes.html What’s New Persistent Desktop Support Expanded Use Cases: New support for classic Windows desktop environments, a significant enhancement to our Apps Everywhere strategy. This new feature extends our efficient one-to-many provisioning model, previously available only for non-persistent desktops, to persistent virtual desktop environments. I have not tested yet

-

I think this is not possible! maybe someone knows better Br

For those who use Omnissa Horizon with Hashtag#AppVolumes Writable Volumes and FSLogix, Inc. Office or Profile Containers leveraging CloudCache Mode. There is a nasty Showstopper mentioned in the Known Issues Section of the actual (2406) Release Notes of Hashtag#AppVolumes: https://docs.omnissa.com/bundle/AppVolumesReleaseNotesV2406/page/AppVolumes-ReleaseNotes.html "When a Writable Volume and FSLogix Office Container are deployed together in a VDI, the FSLogix Office Container VHD is not created on an SMB file share. This issue occurs only when the Cloud Cache feature is enabled. [2791414]" Workaround: Deactivate the Cloud Cache feature of FSLogix Office Container. I'm happy to introduce you to a better workaround to get things working! Let's go: 1. Turn on the Instant Clone template/full clone of the desktop where you want to get the feature mentioned above be enabled (AppVolumes Agent and FSlogix Agent should be installed) 2. Go to C:\Program Files (x86)\CloudVolumes\Agent\Config\Default in File Explorer 3. Open the corresponding (or modify all) Snapvol.cfg File in the Subfolder for the Type of Writable used in your Environment: uia = User installed Applications uia_plus_profile = User installed Applications with profile profile = User Profile Hint: Think about it again - Do you really want to use fslogix in the last 2 scenarios (uia_plus_profile and profile) 😉 ? 4. In the File system Section in the Snapvol.cfg File add these two lines to prevent the Overlay interference between FSLogix and AppVolumes writable Volumes(after virtualize=\): exclude_path=\ProgramData\FSLogix exclude_process_name=\Program Files\FSLogix\Apps 5. Save File 6. Reboot the Full Clone or make Snapshot of the Template and schdeule a secondary image for the Instant Clone Pool. 7. Enjoy AppVolumes Writables with FSLogix Office/Profile Containers with CloudCache enabled

Your welcome!

I think you need only one certificate with these properties: CN = appvolbalance.mydomain.local DNS= appvol01.mydomain.local DNS= appvolbalance.mydomain.local DNS= appvol02.mydomain.local br