7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
VMware Identity
Manager 2.6
VMware Identity Manager 2.6 has been qualified to support Access Point 2.6.
Refer to the product release notes for the latest information about
compatibility, and refer to the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Information in the release notes and interoperability matrix supersede
information in this guide.
VMware vSphere ESXi
hosts and vCenter
Server
Access Point appliances must be deployed on a version of vSphere that is the
same as a version supported for the Horizon products and versions you are
using.
For details about which versions of your Horizon products are compatible
with which versions of vCenter Server and ESXi, see the VMware Product
Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
Horizon Client
Although VMware recommends that you upgrade to the latest version of the
clients to get new features and performance improvements, Access Point is
designed to work with all client versions that are supported with the
supported versions of Horizon servers.
Hardware Requirements
The OVF package for the Access Point appliance automatically selects the virtual machine configuration that
Access Point requires. Although you can change these settings, VMware recommends that you not change
the CPU, memory, or disk space to smaller values than the default OVF settings.
Networking Requirements
You can use one, two, or three network interfaces, and Access Point requires a separate static IP address for
each. Many DMZ implementations use separated networks to secure the different traffic types. Configure
Access Point according to the network design of the DMZ in which it is deployed.
n
One network interface is appropriate for POCs (proof of concept) or testing. With one NIC, external,
internal, and management traffic are all on the same subnet.
n
With two network interfaces, external traffic is on one subnet, and internal and management traffic are
on another subnet.
n
Using three network interfaces is the most secure option. With a third NIC, external, internal, and
management traffic all have their own subnets.
IMPORTANT Verify that you have assigned an IP pool to each network. The Access Point appliance can then
pick up the subnet mask and gateway settings at deployment time. To add an IP pool, in vCenter Server, if
you are using the native vSphere Client, go to the IP Pools tab of the data center. Alternatively, if you are
using the vSphere Web Client, you can create a network protocol profile. Go to the Manage tab of the data
center and select the Network Protocol Profiles tab. For more information, see Configuring Protocol Profiles
for Virtual Machine Networking.
Log Retention Requirements
The log files are configured by default to use a certain amount of space which is smaller than the total disk
size in the aggregate. The logs for Access Point roll by default. You must use syslog to preserve these log
entries.
Deploying and Configuring Access Point
18 VMware, Inc.