Duo is Cisco's user-friendly, scalable access security platform that can be configured in the UAG appliance providing a second source of validation.ĭUO Authentication Proxy can be installed on the following supported OSs:
If the UAG appliance is installed in your VMware Horizon infrastructure, the Two-Factor Authentication makes the connection more secure avoiding unauthorized accesses. I probably could have read the guides and help information a bit more closely.īut all in all, now that I'm familiar with it, it is pretty straight forward.To add an extra layer of security to VMware UAG appliance, the authentication process can be enforced using a Two-Factor Authentication procedure with solutions such as Duo Authentication Proxy. So a good reminder is to configure the UAG's IP and URLs for PCOIP, Blast, and Tunnel. I also incorrectly had the Blast External URL and the Tunnel External URL incorrectly configured as the Connection Server's URL https:FQDN:443 rather than the UAG's URL https:FQDN:443. This was caused by an incorrect configuration in my UAG Horizon Settings where I initially had the PCOIP External URL configured as the Connection Server's IP:4172 rather than the UAG External IP:4172. I then had one final issue when selecting a Desktop in the Horizon Client, where the connection was attempted but then closed with the error "The connection to the remote computer ended". Menu->Configure SSL.->Do not verify server identity certificates. I'll need to get a trusted cert for my Connection Server and import it to the UAG as well, but the certificate issues can be ignored by accessing the settings menu in the Horizon Client while disconnected from a server. I successfully connected to my UAG with the Horizon Client and it displayed all of my Connection Server Desktop Pools.
It seems like the non-FIPS version has more capability and manual configuration options available. Interesting enough, the non-FIPS version of UAG has all the manual configuration options available whereas the FIPS version had most of them grayed out. At this time, I don't think I have a requirement to use the FIPS deployment so I should be fine. My Connection Server was most likely deployed in a non-FIPS configuration as well. I had to redeploy my UAG Appliance using the non-FIPS version in order for the UAG to be registered as a Gateway Server in the Connection Server.
0 kommentar(er)
