New Releases from VMware
VMware has released new patches for ESXi 6.5/6.0/5.5, VMware Identity Manager 3.2 and App Volumes 2.13.3.
ESXi 6.5, 6.0 and 5.5 patches
These patches are the new Intel CPU microcode patch, and a VMware patches for Spectre/Meltdown.
VMware KB for the 6.5 patch: https://kb.vmware.com/s/article/52456
VMware KB for the 6.0 patch: https://kb.vmware.com/s/article/52451
VMware KB for the 5.5 patch: https://kb.vmware.com/s/article/52446
Notes: Remember that guest OS and Applications also need på patched againt Spectre/Meltdown.
Notes 2: The microcode in the patch, does not cover all Intel CPUs, so please check afterwards, for example with the script from William Lam https://www.virtuallyghetto.com/2018/01/verify-hypervisor-assisted-guest-mitigation-spectre-patches-using-powercli.html
VMware Identity Manager 3.2
Workspace ONE User Experience
-
Better experience for applications and features that require VMware Tunnel
-
This improvement enhances the user experience by better informing users about whether an application has a dependency on the Tunnel app. Users are guided through the process of downloading the Tunnel app and initializing the Tunnel service in an intuitive way. The Tunnel installation and redirect will be available for Android devices when the Workspace ONE for Android application v3.2.1 is released.
-
This improvement enhances the user experience by better informing users about whether an application has a dependency on the Tunnel app. Users are guided through the process of downloading the Tunnel app and initializing the Tunnel service in an intuitive way. The Tunnel installation and redirect will be available for Android devices when the Workspace ONE for Android application v3.2.1 is released.
-
Land users on the Catalog tab if no applications are bookmarked
-
When users launch Workspace ONE, the Catalog tab is displayed instead of an empty Bookmarks tab, if no applications have been bookmarked. When at least one application is bookmarked, users land on the Bookmarks tab when they launch Workspace ONE.
-
When users launch Workspace ONE, the Catalog tab is displayed instead of an empty Bookmarks tab, if no applications have been bookmarked. When at least one application is bookmarked, users land on the Bookmarks tab when they launch Workspace ONE.
-
Ability to hide the Catalog or Bookmarks tab in Workspace ONE
-
Admins can hide either the Catalog or the Bookmarks tab in Workspace ONE to provide an experience that best suits their end user needs. These settings are in the Catalog > Settings > User Portal Configuration page. When a tab is hidden, users do not see an option to bookmark any apps.
-
Admins can hide either the Catalog or the Bookmarks tab in Workspace ONE to provide an experience that best suits their end user needs. These settings are in the Catalog > Settings > User Portal Configuration page. When a tab is hidden, users do not see an option to bookmark any apps.
-
Admin defined bookmarked apps
-
Admins can curate the first time experience for their users by providing a set of preferred apps out of the box. Admins can select the applications that end users see in the Bookmarks page in the Workspace ONE portal or app. To achieve this, mark the applications as recommended apps. Then in the Catalog > Settings > User Portal Configuration page, select the option Show recommended apps in Bookmarks tab. Note: Applications that were previously un-bookmarked by the user are not displayed even if they are marked as recommended and this feature is enabled.
-
Admins can curate the first time experience for their users by providing a set of preferred apps out of the box. Admins can select the applications that end users see in the Bookmarks page in the Workspace ONE portal or app. To achieve this, mark the applications as recommended apps. Then in the Catalog > Settings > User Portal Configuration page, select the option Show recommended apps in Bookmarks tab. Note: Applications that were previously un-bookmarked by the user are not displayed even if they are marked as recommended and this feature is enabled.
What's New in VMware Identity Manager Service
-
New Admin Console User Experience for Catalog and Access Policies
-
The VMware Identity Manager admin console Catalog pages and Policies pages have been redesigned with new navigation and look and feel. To become familiar with new admin console pages, see UX Updates Coming to the VMware Identity Manager 3.2 Admin Console.
-
The VMware Identity Manager admin console Catalog pages and Policies pages have been redesigned with new navigation and look and feel. To become familiar with new admin console pages, see UX Updates Coming to the VMware Identity Manager 3.2 Admin Console.
-
Role based access control (RBAC) for administrators
-
Three default administrator roles are available. Super Administrator with full access and control. Read-only Administrator with read-only access to view console information, such as reports. Directory Administrator with the ability to manage users, groups, and directories.
-
You can now create additional administrator roles with different level of access in the admin console. For example, you could create an administrator role that manages the Catalog resources, but cannot entitle users to resources, nor create access policies.
-
To learn more about RBAC, see the blog, Introducing Role-Based Access Control in VMware Identity Manager 3.2.
-
Three default administrator roles are available. Super Administrator with full access and control. Read-only Administrator with read-only access to view console information, such as reports. Directory Administrator with the ability to manage users, groups, and directories.
-
F5 APM integration to launch Horizon 7 resources
-
If you deployed F5 APM (instead of VMware Unified Access Gateway) and would like to launch Horizon applications and desktops using VMware Identity Manager, you can configure F5 APM as an authenticated proxy in the DMZ. Refer to F5 documentation for version compatibility requirements for this feature.
-
If you deployed F5 APM (instead of VMware Unified Access Gateway) and would like to launch Horizon applications and desktops using VMware Identity Manager, you can configure F5 APM as an authenticated proxy in the DMZ. Refer to F5 documentation for version compatibility requirements for this feature.
-
OpenID Connect (OIDC) Applications in the Catalog
-
Apart from using SAML as a protocol to single sign-on (SSO) into applications, you can now use OIDC as a protocol to SSO into applications. You can assign users and access policies for OIDC applications in the same way as you do for SAML applications.
-
Apart from using SAML as a protocol to single sign-on (SSO) into applications, you can now use OIDC as a protocol to SSO into applications. You can assign users and access policies for OIDC applications in the same way as you do for SAML applications.
-
Reset Desktop for Horizon Cloud and Horizon 7
-
Users can now reset a Horizon Cloud or Horizon 7 desktop through the Workspace ONE portal or app. Resetting a remote desktop is equivalent to pressing the reset button on a physical computer to force the computer to restart. Reset can be used when a desktop operating system is unresponsive.
-
Users can now reset a Horizon Cloud or Horizon 7 desktop through the Workspace ONE portal or app. Resetting a remote desktop is equivalent to pressing the reset button on a physical computer to force the computer to restart. Reset can be used when a desktop operating system is unresponsive.
-
Enhanced Policy Actions
-
When creating a new policy rule for the default access policy or application-specific access policies, you can select actions such as "Authenticate Using", "Deny Access," and "Allow access with no further authentication" to control end user access based on conditions such as Network Ranges, Device Type, and Groups that users belong to. Previously, the ability to define how end users authenticated was supported, but with 3.2 admins have the flexibility to create fine-grained policy definitions. Note: policy rules for the default access policy doesn’t support “Allow access with no further authentication” option.
-
When creating a new policy rule for the default access policy or application-specific access policies, you can select actions such as "Authenticate Using", "Deny Access," and "Allow access with no further authentication" to control end user access based on conditions such as Network Ranges, Device Type, and Groups that users belong to. Previously, the ability to define how end users authenticated was supported, but with 3.2 admins have the flexibility to create fine-grained policy definitions. Note: policy rules for the default access policy doesn’t support “Allow access with no further authentication” option.
See the full release notes here: https://docs.vmware.com/en/VMware-Identity-Manager/3.2/rn/VMware-Identity-Manager-32-Release-Notes.html
VMware App Volumes 2.13.3
What's New:
There is a new Disable certificate validation (insecure) checkbox that has been added to make it easier to upgrade App Volumes. The new checkbox enables you to choose whether or not to validate the Active Directory certificate. This option is available when you connect securely from Active Directory to App Volumes Manager using LDAPS or LDAP over TLS.
See the full release notes here: https://docs.vmware.com/en/VMware-App-Volumes/2.13.3/rn/VMware-App-Volumes-2133-Release-Notes.html