VMware Access point

At VMworld 2015 we’ve seen the birth of
VMware Access point, a component that will provide external access to multiple
VMware solutions. During a group discussion about App volumes we had time to discuss the Access point so I thought a quick blog might be interesting.

Looking back

When we look back we see that VMware had
security server as their external access solution. Security server would pair
with a externally faced connection server to grant users access. To
authenticate the user a tunnel with that connection server was set up through
which the process would take place. Authentication was handled at the
Connection server. With two-factor authentication (2FA) it was the same story,
the connection server would setup a connection with a 2FA authority and
requests came from the security server. A less then ideal situation whereas the
risk of having a breach in the tunnel leaves your whole internal network open.
We had several financial institutions that
did not allow this architecture for the reasons just mentioned.

Access Point

The VMware Access point is a Linux based
hardened appliance that is positioned in the DMZ. It’s based on SLES11 and has
the same feature parity as security server.
Features that you will find with the Access
Point are;
  • Pass-through authentication
  • Card support (Tech preview)


Benefits to deploy the Access Point instead
of the Security server are easy to see. The biggest benefit is that there will
be no more Windows virtual machines living in the DMZ. Having a Windows server
in the DMZ is a risk for Windows isn’t the most hardened operating system on
the market.
Security server and Connection servers always
had a kind of marriage but one that was more forced than happy. With Access
point that marriage will be broken, the scalability will grow so that you can
scale out your external access without having to scale up your internal
connection servers.
Security server was only used for VMware
Horizon View environments leaving products like Workspace using something else
for external access. 
Acces point is designed to work with every VMware product, at first it will come to VMware Horizon Air and Project Enzo. Later on it will expand to other products as Horizon View and more as well.

There is no time frame for this enablement as of yet known to me…
I’m having more sessions on Access point this week, with more information coming to me this blog will be updated.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.