Delivering Security and Scalability Across the Digital Workspace with Workspace ONE and F5 APM
Just wanted to provide an exciting update on a new document in the series for Integration/Deployment guides for F5 with VMware Products. This integration has been a long time coming and really shows F5's and VMware's joint vision of a digital workspace. I am happy to announce that the next document APM Proxy with Workspace ONE is now available to the public!
What is Workspace ONE?
VMware Workspace ONE, powered by VMware AirWatch technology, is an intelligence-driven digital workspace platform that simply and securely delivers and manages any app on any device by integrating access control, application management, and multi-platform endpoint management. With Workspace ONE, organizations can remove siloes of cloud, desktop and mobile investments, and unify management of all devices and apps from one platform.
Where does F5 Help?
When combined with Workspace ONE, the portfolio of BIG-IP’s leading ADC technologies optimizes the user experience by delivering speed, scale, and resiliency. Customers can reap several benefits from the integration, including:
- Access to Apps without Disruption - This integration helps clients non-disruptively accelerate, simplify, and secure the delivery of business applications. End users are presented with a modern workspace that increases productivity with single sign-on access. IT organizations can utilize their Workspace ONE platform to extend the same user experience to legacy or custom applications. Using identity integrations, VMware provides the platform and user experience, while F5 provides the scale and application interoperability.
- Reducing Risk Across the Entire Organization - IT now has access policies that reduce the risk of data loss across the entire organization. Policies include app access (including legacy apps), conditional access and device compliance. Workspace ONE and F5 can leverage modern authentication protocols like OAuth to offload and simplify identity and access management.
- Providing Great User Experience Across All Devices - New features in the Workspace ONE and F5 integration, like OAuth and JSON Web Tokens (JWT) help deliver a transparent user experience while support ensuring secure access across all devices including mobile, desktop and web interface.
- Consolidation of Gateways - Gateway-sprawl can lead to complexity in an environment. With this integration, IT can simplify management of gateways by consolidating them into a single platform using the Workspace ONE and F5 integration.
What does this Integration Guide Detail?
This documentation focuses on deploying F5 BIG-IP APM for with VMware Workspace ONE (Cloud or VIDM onpremise) to deliver VMware Horizon desktops and applications in a production environment. This guide will provide the necessary steps to configuring your Workspace ONE Cloud or VIDM onpremise and BIG-IP to work with the JWT Token integration that was developed and tested by VMware and F5. Once configured, access to desktops and applications will become seamless and secure through single-sign on with VMware Workspace One and BIG-IP APM.
Here is an example from the integration guide that shows the Workspace ONE network ranges "All Ranges" page with the newly added "Wrap Artifact in JWT" and "Audience in JWT" settings. This will allow the F5 BIG-IP APM to consume the JWT Token to validate a user at the perimeter (DMZ) and once validated will then pass along the SAML Artifact to the Horizon Connection Server(s) for authentication.
In the All Ranges Network Setting
- Enable the checkbox for "Wrap Artifact in JWT" on the Horizon Environment that was configured in previous steps
- Click the + under the "Audience in JWT" next to the checkbox and provide a unique name (our example is f5cpa)
- Click the Save button.
You can now download the updated step-by-step guide for APM Proxy with Workspace ONE.
Special Thanks to the VMware Workspace ONE development team for all of their assistance putting this together!