To add a pod federation, you first add all the pods that belong to the pod federation, then add the pod federation details, specify a global launch URL for global entitlements, sync entitlements, and set client access URLs for specific network ranges.

Prerequisites

Procedure

  1. In the administration console, click the Catalog tab.
  2. Click Manage Desktop Applications and select View Application.
  3. In the Pods and Sync tab, select the Enable View Pools checkbox, if it is not already checked.

    Enable View pools


  4. Add all the View pods that are part of the cloud pod federation, one at a time.
    1. Provide the View pod details.

      Option

      Description

      Connection Server

      Enter the fully qualified domain name (FQDN) of the View Connection Server instance, for example, pod5server.example.com. The domain name must match the domain name to which you joined the View Connection Server instance.

      Username

      The administrator user name for the pod. The user must have the Administrators role in View.

      Password

      The administrator password for the pod.

      Using Smart Card Authentication with Third-Party Identity Provider

      If users use smart card authentication to sign in to this View pod instead of passwords, select the checkbox.

      Suppress Password Popup

      This option only applies to Horizon versions that support the True SSO feature.

      When True SSO is configured in View, users do not require a password to log into their Windows desktops. However, if users are logged into VMware Identity Manager using a non-password authentication method such as SecurID, when they launch their Windows desktops, they are prompted for a password. You can select this option to prevent a password dialog box from being shown to users in that scenario.

      Sync Local Entitlements

      If local entitlements are configured for the pod, select this checkbox.

      For example:



      View pod


    2. Click Add View Pod and add the next pod.
    3. Repeat these steps until you have added all the pods in the cloud pod federation.
  5. Click Save.

    Replicated servers in each pod are displayed.

  6. Click the Federation tab and select the Enable CPA Federations checkbox.

    Federation tab


  7. In the Federation Name field, type the name of the cloud pod federation.
  8. In the Launch URL field, type the global launch URL to be used to launch globally-entitled desktops or applications. For example, federationA.example.com.

    The launch URL is typically the global load balancer URL of the cloud pod federation. You can customize the launch URL for specific network ranges later in the configuration process.

  9. Select a pod that belongs to the cloud pod federation.
    All the pods that you added in the Pods and Sync tab are listed in the drop-down list.

    Federation page


  10. Click Add Pod and select all the pods that are part of the cloud pod federation, one at a time.
  11. Click Save.
  12. Click the Pods and Sync tab, scroll to the bottom of the page, and set the deployment and sync options for your configuration.

    Option

    Description

    Deployment type

    Select how View resources are made available to users in the user portal.

    • User-Activated: VMware Identity Manager adds View resources to the Catalog page in the user portal. To use a resource, users must move the resource from the Catalog page to the Launcher page.

    • Automatic: VMware Identity Manager adds the resources directly to the Launcher page in the user portal for users' immediate use.

    The deployment type that you select here is a global setting that applies to all user entitlements for all the resources in your View integration. You can modify the deployment type for individual users or groups per resource, from the resource's Entitlements page.

    Setting the global deployment type to User-Activated is recommended. You can then modify the setting for specific users or groups per resource.

    For more information about setting the deployment type, Setting the Deployment Type for View Entitlements.

    Do not sync duplicate applications

    Select this option if you want to prevent duplicate applications from being synced from multiple servers. When VMware Identity Manager is deployed in multiple data centers, the same resources are set up in the multiple data centers. Selecting this option prevents duplication of the desktop or application pools in your VMware Identity Manager catalog.

    Configuring 5.x Connection Server

    Select this check box if any of the View Connection Server instances that you have configured on this page is version 5.x.

    Selecting this option enables an alternative way of syncing resources that is required for View 5.x.

    Note:

    If you select the Perform Directory Sync option, the Configuring 5.x Connection Server option is also automatically selected as both options rely on the alternative way of syncing resources.

    Perform Directory Sync

    Select this check box if you want directory sync to be performed as part of View sync when any users and groups that are entitled to View pools in the View Connection Server instances are missing in the VMware Identity Manager directory.

    The Perform Directory Sync option only applies to local entitlements. It does not apply to global entitlements. If users and groups with global entitlements are missing in the VMware Identity Manager directory, directory sync is not triggered.

    Users and groups synced through this process can be managed like any other users added by VMware Identity Manager directory sync.

    Important:

    View sync takes longer when you use the Perform Directory Sync option.

    Note:

    When this option is selected, the Configuring 5.x Connection Server option is also selected automatically as both options rely on an alternative way of syncing resources.

    Choose View pool Sync Frequency

    Select how often you want View resources and entitlements to sync. You can set up a regular sync schedule or choose to sync manually. If you choose Manually, you must return to this page and click Sync Now whenever there is a change in your View resources or entitlements.

    Select Default Launch Client

    Select the default client in which to launch View applications or desktops. Select Browser to launch resources in a Web browser or Client to launch resources in Horizon Client.

    This setting applies to all users and all resources in your View integration but end users can override this setting when they launch View desktops or applications in the Workspace ONE portal by selecting the Launch in Browser or Launch in Client option.

  13. Click Save.
  14. Click Sync Now.

    Each time you change information in View, such as add an entitlement or add a user, a sync is required to propagate the changes to VMware Identity Manager.

    Note:

    Each time you click Save to save settings on this page, you must click Sync Now next to sync, otherwise existing resources will not launch.

  15. At the top-right of the page, click Admin Console.
  16. Click the Identity & Access Management tab and click Setup on the right of the page.
  17. Click the Network Ranges tab.
  18. Customize launch URLs for specific network ranges. For example, different launch URLs are typically set for internal and external access.
    1. Select a network range. You can select an existing network range or create a new one. You can also edit the default ALL RANGES network range.
      The Edit Network Range page is displayed. The View CPA federation section lists the global launch URL of the pod federation you added in the Federation tab. If you added multiple pod federations, all are listed. The View Pod section lists all the View pods from the Pods and Sync tab that have the Sync Local Entitlements option selected.

      Network Range page


    2. In the View CPA federation section, for the global launch URL, specify the fully-qualified domain name of the server to which to direct launch requests for global entitlements that come from this network range. This is typically the global load balancer URL of the View pod federation deployment.

      For example: lb.example.com

      The global launch URL is used to launch globally-entitled resources.

    3. In the View Pod section, for each of the View pod instances, specify the fully-qualified domain name of the server to which to direct launch requests for local entitlements that come from this network range. You can specify a View Connection Server instance, a load balancer, or a security server. For example, if you are editing a range that provides internal access, you would specify the internal load balancer for the pod.

      For example: lb.example.com

      The client access URL is used to launch locally-entitled resources from the pod.