In this implementation, you integrate Access Policy Manager® (APM®) with VMware View Connection Servers and present View Desktops on an APM dynamic webtop. APM authenticates to a View Connection Server and renders the View Desktops. APM load balances the View Connection Servers for high availability.
APM supports the necessary connections with two virtual servers that share the same destination IP address.
If you want to use Access Policy Manager® (APM®) to launch a View Client from an APM webtop, you must install the standalone View Client on your client. The standalone View Client is available from VMware.
Access Policy Manager® (APM®) can be configured to support USB redirection for View desktop resources. Redirection enables a remote desktop resource to access a USB drive on the client as if it was physically present on the desktop.
Single sign-on (SSO) does not work with the VMware Horizon View HTML5 client. After logging on to and authenticating with Access Policy Manager®, a View Horizon HTML5 client must still provide credentials to connect to a View Connection Server. This limitation is due to the nature of the technology used in the client.
An iApps® template is available for configuring Access Policy Manager® and Local Traffic Manager™ to integrate with VMware Horizon View. The template can be used on the BIG-IP® system to create an application service that is capable of performing complex configurations. You can download the template from the F5® DevCentral™ iApp Codeshare wiki at https://devcentral.f5.com/wiki/iApp.VMware-Applications.ashx. A deployment guide is also available there.
When you create a remote desktop resource, Access Policy Manager® (APM®) automatically creates an allow ACL for the IP addresses and ports specified in the resource. To disallow access to any other IP addresses and ports, you must create ACLs that deny access to them and assign the ACLs in the per-session policy. F5 recommends that you create an ACL that rejects access to all connections and put it last in the ACL order.
The Logon Page is configured to display Username, RSA Tokencode, and AD Password. Logon Page Input Field #2 accepts the RSA Tokencode into the session.logon.last.password variable (from which authentication agents read it). Logon Page Input Field #3 saves the AD password into the session.logon.last.password1 variable.
You have an access policy that is configured to enable APM dynamic webtop after the appropriate authentication checks.