VMware EUC Access Point – What is it and How-To get it to work.

EUC Access Point Deployment and Config

I was working in my lab this week and decided that I needed to deploy the new EUC Access Point appliance the is available with VMware Horizon 6.2.  After a few hours of working with the deployment of the OVF and dealing with the documentation I decided to create this quick deployment and configure guide.  Note that this is not a complete how-to, but it should get you on your way.

What is Access Point ?

Access Point functions as a secure gateway for users who want to access Horizon 6 desktops and applications from outside the corporate firewall.

Access Point appliances typically reside within a DMZ and act as a proxy host for connections inside your company’s trusted network. This design provides an additional layer of security by shielding View virtual desktops, application hosts, and View Connection Server instances from the public-facing Internet.

Access Point directs authentication requests to the appropriate server and discards any un-authenticated request. The only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user. Users can access only the resources that they are authorized to access.

Access Point appliances fulfill the same role that was previously played by View security servers, but Access Point provides additional benefits:

  • An Access Point appliance can be configured to point to either a View Connection Server instance or a load balancer that fronts a group of View Connection Server instances. This design means that you can combine remote and local traffic.
  • Configuration of Access Point is independent of View Connection Server instances. Unlike with security servers, no pairing password is required to pair each security server with a single View Connection Server instance.
  • Access Point appliances are deployed as hardened virtual appliances, which are based on a Linux appliance that has been customized to provide secure access. Extraneous modules have been removed to reduce potential threat access.
  • Access Point uses a standard HTTP(S) protocol for communication with View Connection Server. JMS, IPsec, and AJP13 are not used

The following authentication mechanisms are available, and for all of these authentication mechanisms except smart card, authentication is proxied to View Connection Server:

  • Active Directory credentials
  • RSA SecurID
  • Smart cards (Note that for this release smart card authentication is a Tech Preview feature as of 09/08/2015)
  • SAML (Security Assertion Markup Language)

Continue reading