VMware Workspace ONE Access | 09 JUN 2022

VMware Workspace ONE Access Connector (Windows) (for Cloud only) 22.05 | 09 JUN 2022 | Build Workspace ONE Connector 22.05.0

Check for additions and updates to these release notes.

What's New in the May FedRAMP Release

Connector Support for Horizon Cloud Service on Microsoft Azure with Single-Pod Broker (Workspace ONE Access Cloud only)

The 22.05 release of the Workspace ONE Access Connector will include support for integrating with Horizon Cloud Service on Microsoft Azure with Single-Pod Broker and Horizon Cloud Service on IBM Cloud. This will allow for the legacy connectors that are used for virtual apps to be migrated from version 19.03 or 19.03.0.1 to version 22.05 connector. Both directories and virtual apps collections must be migrated together during this one-time process.

FIPS Mode Support for the Connector (Workspace ONE Access Cloud only)

The 22.05 Workspace ONE Access Connector will have an option to enable FIPS mode during installation. FIPS mode will set the connector to run with data and encryption that is secure at a level of compliance encouraged by the United States government. The algorithms used are FIPS 140-2 compliant algorithms.

Workspace ONE Access Connectors with FIPS mode enabled will not support integrating with Citrix, Horizon, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, or Horizon Cloud Service on IBM Cloud. A Workspace ONE Access Connector with FIPS mode enabled will support integrating virtual apps that are running in Horizon Cloud Service on Microsoft Azure with Universal Broker.

Note:

  • The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.
  • If you enable FIPS mode in the connector, to disable FIPS mode, you must reinstall the connector.

Resolved Issues in May

  • HW-151085. Fixed an issue where the wrong application display name was displayed on Horizon applications.
  • HW-155731. The computer object is no longer retrieved from Active Directory when syncing group memberships.
  • HW-126664. Resolved issues with the Workspace ONE Access connector retrying to establish a connection.

Compatibility, Installation, and Upgrade for Workspace ONE Access Cloud Releases

Component Compatibility

Windows Server Supported

  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Web Browser Supported

  • Mozilla Firefox, latest version
  • Google Chrome, latest version
  • Safari, latest version
  • Microsoft Edge, latest version

Database Supported

  • MS SQL 2012, 2014, 2016, 2017, 2019
  • Important: Microsoft SQL server 2012 and 2014 must be updated with the Microsoft SQL patch to support TLS 1.2.

Directory Server Supported

  • Active Directory - Single AD domain, multiple domains in a single AD forest, or multiple domains across multiple AD forests.
  • OpenLDAP - 2.4.42
  • Oracle LDAP - Directory Server Enterprise Edition 11g, Release 1 (11.1.1.7.0)
  • IBM Tivoli Directory Server 6.3.1

Virtual Apps Compatibility

The Workspace ONE Access 22.05 connector (for Workspace ONE Access Cloud tenants only) supports Virtual Apps with the new Virtual App service. This allows integration with Horizon, Horizon Cloud Service on IBM Cloud, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, and Citrix Virtual Apps.

The following versions of Citrix are supported: Citrix Virtual Apps and Desktops 7 1912 LTSR, XenApp and XenDesktop 7.15 LTSR, and XenApp and XenDesktop 7.6 LTSR.

The 22.05 connector supports the Citrix StoreFront API and does not support the Citrix Web Interface SDK.

If you use ThinApp packages, do not upgrade to newer versions of the Workspace ONE Access connector.

Requirements for RSA SecurID Authentication Method

The RSA SecurID integration has the following new requirements:

In the RSA Security console, the Workspace ONE Access connector must be added as an authentication agent using the fully qualified domain name (FQDN). For example, connectorserver.example.com. If you have already added the connector as an authentication agent using the NetBIOS name instead of the FQDN, add another entry using the FQDN. Leave the IP address field empty for the new entry. Do not delete the old entry.

If you deployed multiple instances of the RSA Authentication Manager server, you must configure them behind a load balancer. See Workspace ONE Access Requirements for RSA SecurID Load Balancer for more information.

Compatibility Matrix

VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware products and components, such as VMware vCenter Server, VMware ThinApp, and Horizon 7.

Upgrade

VMware Workspace ONE Access Connector 22.05 (Cloud only upgrade)

The VMware Workspace ONE Access connector is an on-premises component of VMware Workspace ONE Access that integrates with your on-premises infrastructure. The connector is a collection of enterprise services that can be installed individually or together on windows servers. The following service components can be installed.

  • Directory Sync service to sync users from your enterprise directories
  • User Auth service that includes Password (cloud), RSA SecurID (cloud), and RADIUS (cloud)
  • Kerberos Auth service for Kerberos authentication

Workspace ONE Access cloud tenants can upgrade Workspace ONE Access connector versions 20.01.x, 20.10.x, 21.08.x to version 22.05.

Note: The FIPS mode option is not available when you upgrade to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.

See the Upgrading to VMware Workspace ONE Access Connector 22.05 guide for information.

Migrating to Workspace ONE Access 22.05 Connectors (Cloud only)

From Workspace ONE Access connector version 19.03 and 19.03.0.1, a migration path to version 22.05 is available. The process includes installing new 22.05 connectors and migrating your existing directories and Horizon, Horizon Cloud Services on IBM Cloud, Horizon Cloud Service on Microsoft Azure with Single-Pod Broker, and Citrix Virtual Apps collections to the new connector. Migration is a one-time process, and you must migrate directories and virtual apps collections together.

Note: The FIPS mode option is not available when you migrate to a 22.05 connector. The option to enable FIPS mode is supported only in new connector installations.

After the migration is complete, you no longer need the Integration Broker for Citrix integrations. The required functionality is now part of the Virtual App service component of the Workspace ONE Access connector.

Important: All legacy connectors must be version 19.03.x before you can migrate.

See Migrating to VMware Workspace ONE Access Connector 22.05 guide for information.

Certificate Requirement for Horizon Virtual Apps Collections

Ensure that the Horizon Connection Servers have valid certificates signed by a trusted Certificate Authority (CA). If the Horizon Connection servers have self-signed certificates, you must upload the certificate chain to the Workspace ONE Access connector instances on which the Virtual App service is installed to establish trust between the connectors and the Horizon Connection servers. This is a new requirement starting with the Workspace ONE Access connector 21.08. You upload the certificates using the connector installer. See Installing Workspace ONE Access Connector for more information.

Documentation

Workspace ONE Access documentation for FedRAMP can be found in the Workspace ONE Access Cloud section in the VMware Workspace ONE Access Documentation Center.

check-circle-line exclamation-circle-line close-line
Scroll to top icon