HID VMware View and AAA User Manual

Download

ActivIdentity® 4TRESS™ AAA

VMWARE® View 5.1

Radius Integration Handbook

Document Version 1.0 | Released | August 8, 2012

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 2

Table of Contents

Table of Contents ....................................................................................................................................................... 2

1.0 Introduction ....................................................................................................................................................... 3

1.1 Scope of Document .................................................................................................................................... 3

1.2 Prerequisites .............................................................................................................................................. 3

2.0 VMWARE View configuration ........................................................................................................................... 4

2.1 Procedure 1 : Create New Radius Server Instance ................................................................................... 4

2.2 Procedure 2: Additional Configuration Options .......................................................................................... 6

3.0 ActivIdentity 4TRESS AAA Configuration ......................................................................................................... 7

3.1 Procedure 1: Configure VMWARE Gate .................................................................................................... 7

3.2 Procedure 2: Assigning Group(s) to the VMWARE Gate ........................................................................... 9

4.0 Sample Authentication .................................................................................................................................... 11

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 3

1.0 Introduction

VMware View is a desktop virtualization solution that simplifies IT manageability and control while delivering the highest fidelity end-user experience across devices and networks. By encapsulating the operating systems, applications, and user data into isolated layers, IT organizations can deliver a modern desktop.

WMWARE has extended View to support RADIUS authentication as an option in the latest release.

The ActivIdentity solutions that work with VMWARE View solutions with versatile, strong authentication that is flexible, scalable, and simple to manage. ActivIdentity offers two solutions:

 ActivIdentity® 4TRESS™ AAA Server for Remote Access—Addresses the security risks

associated with a mobile workforce remotely accessing systems and data.

 ActivIdentity 4TRESS™ Authentication Server (AS)—Offers support for multiple authentication

methods that are useful for diverse audiences across a variety of service channels (SAML, Radius, etc.), including user name and password, mobile and PC soft tokens, one-time passwords, and transparent Web soft tokens.

1.1 Scope of Document

This document explains how to set up ActivIdentity 4TRESS AAA radius authentication with VMWARE View. Use this handbook to enable authentication via an ActivIdentity token (Hard token, soft token, SMS token) for use

with a VMWARE View connection.

1.2 Prerequisites

 The ActivIdentity 4TRESS AAA Server is up-to-date (v6.7) with LDAP users and groups already

configured.

 VMware View 5.1 or higher, fully functioning using standard authentication, then start the Radius

integration configuration.

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 4

2.0 VMWARE View configuration

This chapter describes how to manage VMWARE View in radius context. When a user signs into the VMWARE View client, the VMWARE View server forwards the user’s credentials to this authentication server to verify the user’s identity. You will create one authentication server (an ActivIdentity 4TRESS AAA RADIUS Server) to validate the user’s one-time password generated by an ActivIdentity token.

2.1 Procedure 1 : Create New Radius Server Instance

1. On the VMware View Administrator (from a Web browser, access View Administrator on the Connection Server using https://hostname/admin and log in) select View Configuration, then

Servers, select the Connection Servers tab and then Edit to bring up the Edit View Connection Server Settings and select the Authentication tab.

2. Under Advanced Authentication choose, for 2-factor authentication, the RADIUS tab.

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 5

3. Under Select Authenticator select Create new Authentication, this opens the Add RADIUS Authenticator screen, this allows a Primary and Secondary RADIUS authentication servers to be configured, enter the following:

 Label: A label shown to clients

4. Under Primary Authentication Server section :

 Hostname/Address: IP address of the 4TRESS AAA  Authentication Type: select RADIUS authentication type, use PAP for initial setup.  Shared secret: The shared secret, the same as entered on the 4TRESS AAA server

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 6

5. Complete the configuration for the RADIUS server and select Next

6. If there is a secondary RADIUS server then complete the settings for the secondary server and select

Finish.

2.2 Procedure 2: Additional Configuration Options

1. After authenticating to RADIUS, you may get another prompt if the RADIUS server responded with a supported Access Challenge. Full generic RADIUS challenge/response is not supported, but a limited access challenge for a string token code is supported (for SMS authentication for example).

For details on how authenticating with an Out-Of-Band SMS works, please refer to ActivIdentity 4TRESS AAA documentation.

2. In the admin configuration of RADIUS authentication under Advanced Authentication, if Enforce 2factor and Windows user name matching is ticked then the Windows login prompt after RADIUS

authentication will force the username to be the same as the RADIUS username and the user will not be able to modify this.

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 7

3.0 ActivIdentity 4TRESS AAA Configuration

This chapter describes how to configure the ActivIdentity 4TRESS AAA Authentication Server.

3.1 Procedure 1: Configure VMWARE Gate

A gate for the ActivIdentity 4TRESS AAA Server is a group of Network Access Servers (NAS) that is used to simplify administration. For configuration details, refer to ActivIdentity 4TRESS AAA Server technical documentation.

1. In the left pane of the Administration Console, expand the Servers line.

2. Right-click on the server to which you want to add a gate, and then click New Gate.

1. Enter a Gate name (can be any string).

2. Select the option, RADIUS, corresponding to the protocol your VMWARE uses.

3. Use the Authorized IP addresses and host names section to specify filter(s) for the gate.

4. Click Add, and then click OK.

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 8

5. The ActivIdentity 4TRESS AAA Server uses the RADIUS shared secret to encrypt data between VMWARE and the AAA authentication server. Click Shared Secret, and then modify the appropriate shared secret for your system.

6. Click OK.

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 9

3.2 Procedure 2: Assigning Group(s) to the VMWARE Gate

Note: Remember that you must have user groups created and the corresponding LDAP configured. For details,

refer to the ActivIdentity 4TRESS AAA Administration Guide.

1. To assign groups to the VMWARE Gate, in the left pane of the Administration Console, select the group that you want to assign to the gate (for example All Users).

2. Use the Group / Gate Assignments section of the page that is displayed to the right to specify gate(s) for the group’s users to utilize in order to access a protected resource.

3. Click Add.

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 10

4. Select the Gate, the AZ profile, and the AC profile.

5. Click OK.

6. Click Save (not illustrated), and then export the changes to the AAA Server(s) by clicking the flashing red button .

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 11

4.0 Sample Authentication

The VMware View client will display fields for Username and Password. The username should be entered followed by the One Time Password in the Passcode field.

If the OTP is correct the user will be prompted for his AD Password :

ActivIdentity 4TRESS and VMWARE View 5.1 | Radius Integration Handbook

P 12

Americas +1 510.574.0100 US Federal +1 571.522.1000 Europe +33 (0) 1.42.04.84.00 Asia Pacific +61 (0) 2.6208.4888 Email info@actividentity.com Web www.actividentity.com

Legal Disclaimer

ActivIdentity, the ActivIdentity (logo), and/or other ActivIdentity products or marks referenced herein are either registered trademarks or trademarks of HID Global Corporation in the United States and/or other countries. The absence of a mark, product, service name or logo from this list does not constitute a waiver of the trademark or other intellectual property rights concerning that name or logo. VMWARE and the VMWARE logo are registered trademarks of VMWARE, Inc. in the United States and other countries.The names of other third-party companies, trademarks, trade names, service marks, images and/or products that happened to be mentioned herein are trademarks of their respective owners. Any rights not expressly granted herein are reserved.

HID VMware View and AAA User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual