Hey Everyone, three part question –
1. Was trying out a SAML Config with our Azure AD with MFA and it works great, however.. I’m going to get a lot of grief about needing to enter the users password twice after authenticating to Azure’s SSO. Is there a way to enable “Seamless” SSO for this? I did some research and it looked like TrueSSO was the solution, but i couldn’t find any good articles on if that was included with Horizon Advanced, or if i needed WorkSpace One. I did enable the ” Match Windows Username” on my UAG’s but it doesn’t seem to be working as i thought it would?
2. With regard to UAG’s and Load Balancers… I put a pair of UAG’s into HA for redundancy, but is there a need to put a load balancer infront of the UAG’s? and then another load balancer infront of the Connection hosts? I’m not sure how heavily this is going to get used, but we want to make sure it provides the best experience right out of the gate. However, we don’t have a load balancer currently, so i would be doing a HAProxy install which wouldn’t be the worst thing in the world. Just not sure what everyone else runs or if its really recommend. (the var that did my horizon install at my last place of employment didn’t use our load balancer and only used a USG)
3. In terms of secured tunnels/urls – I have my USG’s configured like this -[https://imgur.com/a/5l1IpLx](https://imgur.com/a/5l1IpLx) which from research seems to be the right way, i think. But on the connection servers, i disabled all the secured tunnels, to allow the USG administration over them? Is that correct and the best security method? Should i make 2 connection servers for “inside” tagged (requests that came from inside our network) requests and two connections servers for “outside”(requests that came from outside the firewall) request tagged resources? or just 2 “allow all tags” connection servers to handle all the requests?
Thanks for any advice or lessons anyone has learned while rolling out Horizons!
View Reddit by SubbiesForLife – View Source