To ensure a successful migration, make sure you follow the requirements for migrating your Workspace ONE Access connector.
- Prepare one or more Windows servers to install the 22.09 connector. The Directory Sync, User Auth, Kerberos Auth, and Virtual App services can be installed together on one server or separately on different servers. See Installing VMware Workspace ONE Access Connector 22.09 for considerations and requirements.
You can install the 22.09 connector either on a new server or on the legacy 19.03.x connector server. However, if Kerberos authentication is configured on your legacy connector, you must install the 22.09 Kerberos Auth service on a separate server. Do not install the new Kerberos Auth service on the 19.03.x connector server. Workspace ONE Access does not support multiple instances of Kerberos on the same server.
If you plan to install the 22.09 connector on a new Windows server, see sizing guidelines and requirements in Installing VMware Workspace ONE Access Connector 22.09. If you plan to install the 22.09 connector on the 19.03.x connector server, see Migrating to Latest Connector on a Windows Server Running Workspace ONE Access 19.03.x for additional requirements and guidelines.
- If your existing installation includes Citrix virtual apps, when you install the Virtual App service make sure that you follow the requirements and prerequisites for Citrix integration described in the Installing VMware Workspace ONE Access Connector 22.09 guide. Requirements include:
- The connector server must be joined to the directory domain.
- You must specify a domain user account to use to run the Virtual App service. That domain user must also be a Citrix server Read Only administrator who is able to load the Citrix PSSnapin.
- You must install Citrix Studio on the connector server. Citrix Studio includes the Citrix PowerShell SDK, which is required for the integration between Citrix and Workspace ONE Access. The Citrix Studio version must be compatible with your Citrix deployment version.
- If your existing installation includes Citrix virtual apps, and you configured cookie-based session persistence on the load balancers used with the StoreFront servers, you must change it to source IP-based session persistence. The Virtual App service does not support cookie-based session persistence.
- For Horizon and Horizon Cloud virtual apps collections, make sure that the Horizon Connection Servers, or the Horizon Cloud tenant's underlying Horizon servers, have valid certificates signed by a trusted Certificate Authority (CA). If the Horizon servers have self-signed certificates, you must upload the certificate chain to the Workspace ONE Access connector instances on which the Virtual App service is installed to establish trust between the connectors and the Horizon servers. This is a new requirement beginning with Workspace ONE Access connector 21.08. You can upload the certificates using the connector installer. See Installing VMware Workspace ONE Access Connector 22.09 for more information. Make sure that you restart the connector services after uploading the certificates.
- During the migration process, you will switch between using the old connectors and the new connectors to test the migration. The 19.03.x legacy connector servers must be running during the migration process. Do not uninstall the 19.03.x connectors until the migration is complete.
- All existing connectors in your tenant must be version 19.03.x. If you have any older versions, upgrade them to 19.03.x first.
- All connector-based authentication methods that are enabled on the 19.03.x connectors must be configured as cloud deployment authentication methods. You do this by deploying the connector in outbound-only connection mode, and associating the connector and the authentication methods with the Built-in identity provider. See Using Outbound Connector for Authentication in Built-in Identity Providers in VMware Identity Manager Administration and Enable Outbound Mode for the VMware Identity Manager Connector in Installing and Configuring VMware Identity Manager Connector 19.03 (Windows).
- If you have an on-premises instance of the Workspace ONE Access service, upgrade the service to version 22.09 before migrating to 22.09 connectors.
- During migration, you must migrate all the directories and supported virtual apps collections in your tenant to the 22.09 connector. You cannot choose to migrate a subset of the directories or virtual apps, or choose to migrate only directories or only virtual apps.
- If you are installing the User Auth service, make sure that all the connectors on which the User Auth service is installed are version 22.09. Workspace ONE Access does not support mixing versions 22.09, 22.05, 21.08.x, and 20.x of the User Auth service.
- After migration, you can use only the new 22.09 connectors. You cannot have a mix of 19.03.x connectors and 22.09 connectors in your environment.
- Workspace ONE Access connector 22.09 supports the following types of proxies:
- Unauthenticated HTTP proxies
- Unauthenticated HTTPS (SSL) proxies
- Authenticated HTTPS (SSL) proxies
Migrating to Latest Connector on a Windows Server Running Workspace ONE Access Connector 19.03.x
When you cannot procure a new Windows server to migrate to Workspace ONE Access connector 22.09, you can install the 22.09 connector on a Windows server that is running the Workspace ONE Access 19.03.x connector. You can then migrate your legacy connector.
If you are using an existing Windows server that has the 19.03.x connector installed, make sure you follow these guidelines:
- Before you install the 22.09 connector, you must increase the CPU and memory on the server. Two versions of the connector will be running until the migration is complete.
You must increase the CPU and memory to meet the needs of both 19.03.x and 22.09 connectors. See the 22.09 Sizing Guidelines in Installing VMware Workspace ONE Access Connector 22.09.
- IMPORTANT: Take a snapshot of the machine before running the 22.09 connector installer. When you install the 22.09 connector, at the end of the installation process you might get a prompt to restart the connector host. Do not restart the host. If you do so, the migration process will fail and your 19.03.x connector will become unusable. It is critical that you do not restart the machine until the entire migration process is complete. When the migration is completed successfully, you can safely restart the machine.
- Do not stop or uninstall the 19.03.x connector until the entire migration process is complete.
After the migration is finished, you can stop the 19.03.x connector and uninstall it.