A security team is implementing VMware Identity Manager to have a central point for authentication to facilitate access to its company's applications.
The team would like to have users to authenticate to VMware Identity Manager before being able to connect to a Horizon View Desktop.
What can be done to ensure that users who try to authenticate to the Horizon View Connection brokers are forced to first authenticate to VMware Identity Manager?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
The security team wants to ensure that users authenticate to VMware Identity Manager before accessing Horizon View Desktop. VMware Identity Manager is a cloud-based identity management and access control service that enables secure access to applications from any device, at any time, from anywhere. Horizon View is a virtual desktop infrastructure (VDI) solution that allows users to access their desktops from anywhere.
To enforce authentication to VMware Identity Manager before accessing Horizon View Desktop, we need to configure the Horizon View Connection brokers and VMware Identity Manager. There are two authentication methods that can be used - SAML and Kerberos.
Option A suggests creating a SAML authenticator in Horizon View and setting it to "Allowed." SAML is a widely used standard for exchanging authentication and authorization data between parties. With this option, users will be able to authenticate to VMware Identity Manager before accessing Horizon View Desktop. However, it does not force users to authenticate to VMware Identity Manager, meaning that they can still directly authenticate to the Horizon View Connection brokers.
Option B suggests configuring View advanced authentication to "Allowed" on the Horizon View Connection broker and creating a Kerberos authenticator on VMware Identity Manager. Kerberos is a network authentication protocol that provides strong authentication for client/server applications by using secret-key cryptography. With this option, users will be forced to authenticate to VMware Identity Manager first, and then use the Kerberos authenticator to authenticate to the Horizon View Connection brokers.
Option C suggests configuring View authentication to "Not Allowed" on the Horizon View Connection broker and creating a Kerberos authenticator on VMware Identity Manager. This option is similar to option B, but it disables authentication on the Horizon View Connection broker entirely, so users must authenticate through VMware Identity Manager and use the Kerberos authenticator to access the Horizon View Desktop.
Option D suggests creating a SAML authenticator in Horizon View and setting it to "Required." This option forces users to authenticate to VMware Identity Manager before they can access the Horizon View Desktop. However, it does not use the Kerberos authenticator, which may be necessary for some organizations.
In conclusion, the best option for ensuring that users authenticate to VMware Identity Manager before accessing Horizon View Desktop is Option C - configuring View authentication to "Not Allowed" on the Horizon View Connection broker and creating a Kerberos authenticator on VMware Identity Manager. This option forces users to authenticate through VMware Identity Manager and use the Kerberos authenticator to access the Horizon View Desktop, providing a more secure and controlled access to the desktops.