VMware Workspace ONE Access for Linux 20.01 | January 2020 | Build 15509389
VMware Workspace ONE Access Connector (Windows) 20.01 | January 2020 | Build Workspace ONE Access Connector 20.01.0 Installer.exe
Release date: January 30, 2020
What's in the Release NotesThis release note covers the following topics:
- What's New in 20.01
- Compatibility, Installation, and Upgrade
- Known Issues
VMware Workspace ONE Access formerly VMware Identity Manager
VMware Workspace ONE Access is the new name for what was called VMware Identity Manager. No functionality has been removed as a result of this name change.
Revised Connector and Connector Management
- Ability to install connector components individually. The three components are
- Directory Sync service - Syncs users from Active Directory or LDAP directories to the Workspace ONE Access service.
- User Auth service - Provides Password (cloud), RSA SecurID (cloud), and RADIUS (cloud) deployments.
- Kerberos Auth service - Provides Kerberos authentication for internal users.
- Improved and simplified connector configuration and life cycle management
- Directory Sync service and the auth method service functional configuration is moved to the Workspace ONE Access service. Configuration for Directory Sync is in the Identity & Access Management > Directories page. Configuration of User Auth and Kerberos Auth methods is in Identity & Access Management > Enterprise Authentication Methods page in the Workspace ONE Access console. No configuration details are stored in the connector.
- You can easily add and remove connectors as needed.
- Directory Sync
- Improved stability and reduced resource needs.
- Directory Sync is now driven from the Workspace ONE Access service. Users can easily add more Directory Sync nodes in the Directory Configuration page in the console for Sync high availability.
- The ability to perform a dry run of the sync has been removed.
- Test Directory button is removed. When the directory configuration is saved, the Directory Sync service tests the directory configuration in Active Directory.
- Two sync options are now available in the UI, sync with safeguards and sync without safeguards. These actions can be performed from either the list of directories in the Identity & Access Management > Directories page, or from a specific directory landing page.
- When an IWA directory is created, only the domain saved to the database in the directory's Domains tab is shown. The admin must select the refresh button to see all the domains that have two-way trust relationship with the base domain.
- The directory's Group tab shows the Group DNs that are saved and the mapped groups from the DB. Calls are not automatically made to the Directory Sync service to fetch additional details, such as the number of groups in the container. You must explicitly click the Select button to run the Active Directory query to fetch the number of groups for the specific group DN.
- Saving the user attribute mapping, user DNs, group DNs, safeguards, and sync schedule configurations is not sent to the Directory Sync service on the connector. These configurations are saved in the Workspace ONE Access service DB because the Directory Sync service is stateless.
Streamlined disaster recovery setup leveraging VMware Site Recovery Manager
- Support to leverage VMware Site Recovery Manager for automated failover between primary and secondary sites. See the Installing and Configuring VMware Workspace ONE Access 20.01 guide.
Support for service migration from Windows 19.03 to Linux 20.01
- Assisted migration of configuration from Windows 19.03 to Linux 20.01.
- VMware Identity Manager Windows service will reach End of General Support (EOGS) on November 24, 2020. See End of General Support KB article, 2961184.
Support for Hub Catalog on premises, supporting Workspace ONE Intelligent Hub app
- Hub Catalog will be default ON for the web browser view.
- Customers who upgrade to 20.01 have the option to toggle off the new experience and go back to the Workspace ONE browser experience with the legacy catalog. To turn off the Hub Catalog, go to the Catalog > Hub Configuration page to launch the Hub Services console. On the Customization page that appears, toggle off the Hub Browser Experience radio button.
- If you are going to use the Hub Catalog after you upgrade, if you customized the Workspace ONE catalog page and log in screen in the VMware Identity Manger service, after the upgrade, you will need to go to the Hub Services console and customize the branding page to add your logo and colors. See the Using Hub Catalog in Workspace ONE Access Deployments.
- Allows for migration from legacy Workspace ONE application to the modern catalog within Workspace ONE Intelligent Hub.
Workspace ONE Access Appliance Settings UI Change
- The Appliance Setting tab manages SMTP, License and Telemetry configuration.
- VA configuration is moved to the System Diagnostics dashboard. You click VA Configuration on an appliance listed in the dashboard to log into the VA Configuration console for that appliance.
VMware Workspace ONE Access 20.01 is available in the following languages.
- Simplified Chinese
- Portuguese (Brazil)
VMware vCenter™ and VMware ESXi™ Compatibility
VMware Workspace ONE Access appliance supports the following versions of vSphere and ESXi.
- 6.5 U3, 6.7 U2, 6.7 U3
Windows Server Supported
- Windows Server 2008 R2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
Web Browser Supported
- Mozilla Firefox, latest version
- Google Chrome 42.0 or later
- Internet Explorer 11
- Safari 6.2.8 or later
- Microsoft Edge, latest version
- MS SQL 2012, 2014, 2016, 2017
Directory Server Supported
- Active Directory - Single AD domain, multiple domains in a single AD forest, or multiple domains across multiple AD forests.
- OpenLDAP - 2.4.42
- Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (18.104.22.168.0)
- IBM Tivoli Directory Server 6.3.1
VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon 7.
For system requirements, see the VMware Workspace ONE Access Installation guides for 20.01 on the Workspace ONE Access documentation center.
Upgrading to VMware Workspace ONE Access 20.01 (Linux)
The VMware Identity Manager appliance must be at 19.03 to upgrade to Workspace One Access 20.01.
Upgrade VMware Identity Manager 3.3 to version 19.03 before upgrading to Workspace One Access 20.01.
Before You Upgrade
- Before upgrading, to ensure that Elasticsearch data is not deleted, prepare Elasticsearch for the upgrade. See Prerequisites for Online Upgrade in the Upgrading to VMware Workspace ONE Access 20.01 guide.
To upgrade to Workspace ONE Access for Linux 20.01, see Upgrading to VMware Workspace ONE Access 20.01 (Linux) in the Workspace ONE Access documentation center. During the upgrade, all services are stop; plan the upgrade with the expected downtime in mind.
After You Upgrade
- Make sure you go to the Workspace ONE UEM page in the Workspace ONE Access console and click Save in the Workspace ONE UEM Configuration section to populate the Device Services URL. If you do not update the Device Services URL, new device enrollments with UEM will fail. See the Save the Workspace ONE UEM Configuration section in the Post-Upgrade Configuration topic in the Workspace ONE Access Upgrade guide.
Migrating VMware Identity Manager for Windows to Workspace ONE Access on Linux 20.01
Starting with version 20.01, the Workspace ONE Access service is available on-premises solely on Linux.
To migrate a Windows machine to the Workspace ONE Access appliance for 20.01, see the Migrating Windows to Linux for VMware Workspace ONE Access 20.01 guide in the Workspace ONE Access documentation center, to guide you through the migration steps.
VMware Identity Manager on Windows must be at the 19.03 version of Windows to migrate to the Workspace ONE Access on Linux 20.01
After you migrate to 20.01
- If Certificate (Cloud Deployment) authentication is being used, after you migrate, update the runtime-config.properties file to continue to use certificate authentication. See Step 4 in Workspace ONE Access 20.01 Post-Migration Configuration.
VMware Workspace ONE Access Connector 20.01.0.0 (Windows)
The VMware Workspace ONE Access connector is an on-premises component of VMware Workspace ONE Access that integrates with your on-premises infrastructure. The connector is a collection of enterprise services that can be installed individually or together on windows servers. The following service components can be installed.
- Directory Sync service to sync users from your enterprise directories
- User Auth service that includes Password (cloud), RSA SecurID (cloud), and RADIUS (cloud)
- Kerberos Auth service for Kerberos authentication
Migrating to Workspace ONE Access 20.01 Connectors
When you upgrade to Workspace ONE Access, to use the new Workspace ONE Access 20.01 connectors, you install one or more 20.01 connectors and then migrate your existing directories and authentication methods from the 19.03 connectors to the new connectors.
The Windows servers for the 20.01 connectors must be separate from your legacy connector servers. During the migration process, you will switch between using the older connectors and the new connectors to test the migration. The 19.03 legacy connector servers must be running during the migration process. Do not uninstall the 19.03 connectors until the migration is complete.
You cannot upgrade older connector versions to 20.01.
Before You Migrate
- Make sure that all legacy connectors are at 19.03 version
- Before migrating RSA SecurID Authentication to the 20.01 connector, make sure to clear the Node Secret on the RSA Security console.
The Workspace ONE Access 20.01 connector does not support Virtual Apps (Citrix, Horizon, Horizon Cloud, and ThinApp integrations). If your environment includes Virtual Apps or you plan to use Virtual Apps in the future, do not migrate to Workspace ONE Access 20.01 connectors.
To use virtual apps with Workspace ONE Access 20.01, you must use VMware Identity Manager connector version 19.03.
- VMware Identity Manager Integration Broker 19.03 | April 2019 | Build 13221855 works only with VMware Identity Manager connector version 19.03.
To use VMware ThinApp with Workspace ONE Access 20.01, you must use VMware Identity Manager Linux-based connector appliance version 2018.8.1. If you use ThinApp packages do not upgrade to the 19.03 or the 20.01 version of VMware Workspace ONE Access connector.
- VMware Identity Manager Desktop 3.2 | March 2018 | Build 7952055 is used with ThinApp packages
The VMware Workspace ONE Access 20.01 documentation is in the VMware Workspace ONE Access Documentation Center.
- Configuring RSA SecurID Authentication Method Intermittently Fails
When you try to save your SecurID configuration in the Workspace ONE Access console, you get an error stating that RSA Auth was not set up.
1. Try to save the configuration again after you see the error. (Retry saving the configuration several times.)
2. If this does not work, restart the connector where the User Auth service is installed.
- Directory Type Other Directory (AirWatch Cloud Connector) Cannot be Deleted From the Workspace ONE Access 20.01 Connector
When you click Delete Directory to delete a directory of type "Other" (usually AirWatch Cloud Connector directory) from the Workspace ONE Access console, the progress bar keeps moving, but the directory is not deleted.
Contact Support for an API to delete the directory.