Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

So, you want to use RSA SecurID with APM’s PCoIP Proxy Module…

Justin_Venezia_
Cirrus
Cirrus

on ‎26-May-2015 09:41

Customers who leverage Access Policy Manager (APM) for remote access to VMware Horizon 6 (formerly known as VMware View) typically have some level of two-factor authentication (2FA) as an added layer of authentication. It’s especially important when users may be accessing Horizon resources from untrusted devices or networks. 

One challenge I have found, especially when using F5’s VMware Horizon iApp, is that the iApp requires some settings to be pre-configured to support SecurID for 2FA. This blog post will walk you through the pre-configuration and subsequent iApp setup of RSA SecurID with APM’s PCoIP Proxy using the native RSA integration capabilities of APM.

Shout-out to the peeps from VMware’s OneCloud team – big thanks to Simon Long and Aresh Sarkari for helping put this together!

The Authentication Flow

Let’s start with a quick recap of the authentication flow.

  1. Joe User will connect to the F5 virtual server’s public IP using the Horizon client or with F5’s WebTop.
  2. Next, he’ll be prompted to enter their RSA SecurID username and the passcode.
  3. BIG-IP APM will authenticate the username and passcode against the RSA Server.
  4. Once Joe has been validated through the RSA authentication server, he is then prompted for their Active Directory username and password.
  5. APM sends the Active Directory username and password to a domain controller.
  6. Once the final authentication step is completed, BIG-IP APM will enumerate the authorized desktops and applications through the Horizon Client or F5 WebTop.
  7. Joe then securely launches his apps and desktops, all proxied through the APM PCoIP Proxy.

Here’s a picture of what the RSA integration looks like with APM in the mix:

0151T000003d6XWQAY.png

Setting Up APM and RSA for PCoIP Proxy

Now, let’s get down to business. Here’s a quick list of things we’ll assume are already configured:

  • BIG-IP installed and configured
  • RSA Authentication servers installed and configured
  • RSA tokens activated
  • Firewall rules and routing between the BIG-IP and the RSA Authentication servers in place

We’ll also focus on the key areas of the VMware Horizon iApp (version 1.2.0) that you will need to change in order to support RSA SecurID - I’ll actually cover the complete setup of the APM PCoIP Proxy with the VMware Horizon iApp in an upcoming blog post and instructional video.

Click Here to download the documentation for setting up RSA SecurID with APM PCoIP Proxy.

As always, feel free to send any feedback or ideas to our VMware Alliance team at vmwarepartnership@f5.com!

Labels:
0 Kudos
Version history
Last update:
‎26-May-2015 09:41
Updated by:
Cirrus
Contributors
Copyright © 2023 Khoros, LLC