Load Balancing VMware's Workspace Portal/Identity Manager with F5 BIG-IP Local Traffic Manager (LTM)

What is VMware Identity Manager (formerly known as VMware Workspace Portal)?

VMware Identity Manager is a service that extends your on-premises directory infrastructure to provide a seamless Single Sign-On (SSO) experience to Web, Mobile, SaaS, and legacy applications. Simply put, it's a service aggregator and identity provider for your IT resources. One single login to Identity Manager gains you access to Citrix XenApp, Horizon, Web, SaaS, and ThinApp resources. You can find more about Identity Manager at https://www.vmware.com/products/identity-manager/.

BIG-IP can provide intelligent traffic management, high availability and monitoring through the use of BIG-IP Local Traffic Manager (LTM) and BIG-IP DNS (Global Traffic Management). BIG-IP's Access Policy Manager (APM) can also provide secure access to the apps and resources accessible through the Identity Manager portal as well as the actual Identity Manager portal itself. In this article, we'll focus on building a highly available Identity Manager implementation using BIG-IP LTM.

You can download the updated step-by-step load-balancing guide for VMware Workspace Portal/Identity Manager here. What's also cool is you can do a walk through of this very setup in the VMware Hands-On-Lab at VMworld 2015 (Look for HOL-MBL-1659) or by clicking the following link - http://labs.hol.vmware.com/HOL/catalogs/lab/2078.

Special thanks to Bryan Salek, Matt Mabis, and Mosa Emamjomeh for helping put this together!

Stay tuned for a future post on how to securely access Workspace Portal/Identity Manager using BIG-IP Access Policy Manager (APM), which includes proxying Citrix XenApp, Horizon, and Web Application resources.

WorkspaceOne/Identity Manager 2.6 Update:

When changing the FQDN of VMware Identity Manager there is an additional (and new) step that needs to be done. After changing the FQDN, log back into the Workspace One Admin UI using a local account and click Catalog --> Settings.

Next, select New End User Portal UI and click Enable New Portal UI.

Once completed, log out and you should now be able to login using a domain account.

Published Sep 30, 2015
Version 1.0
  • Hi Justin, Any update on providing access to workspace/identity manager using APM?
  • At this point, there is no ETA on when we will have it completed for release on DevCentral. Are you looking for PCoIP, Web Apps, Citrix XenApps, or HTML5 access for Horizon?
  • Is there any update on integrating this into APM? There's lots of blogs saying it is possible, but I can't find a single resource on what is required past the LTM configuration.

     

  • Matt_Mabis_2949's avatar
    Matt_Mabis_2949
    Historic F5 Account

    Hey @alex.4 - There are some integrations coming in the next release, this will allow APM to sit in front of IDM as the IDP, where you can launch Horizon VDI/RDSH via PCoIP or Blast Extreme via Native Client.

     

    Is there something you are specifically looking for in features as Justin asked earlier? Just wanted to get some incite of what you might be looking for.

     

    Thanks Matt

     

  • Hey guys,

     

    I´m trying to integrate IDM as IDP to a scenario that works APM and VMware Connection Servers, is it possible? There is some article that shows how to do? If not, what is correct? Something new about the integration in the next release?