Cloud Connector Setup
The AirWatch Cloud Connector allows organization to integrate on-premise enterprise systems such as Active Directory and Certificate Authorities with Workspace ONE UEM without exposing or compromising the security of these systems. The AirWatch Cloud Connector runs in the internal network alongside your enterprise systems and acts as a proxy that securely transmits requests from Workspace ONE UEM to your enterprise infrastructure components.
The infrastructure that you have been provided as part of this lab module contains Active Directory and a Certificate Authority. In order to communicate with these components from Workspace ONE UEM, you will need to first install the AirWatch Cloud Connector in your environment.
NOTE: It is recommended to install AirWatch Cloud Connector on a dedicated server for production use cases. For this module, you will simply install the AirWatch Cloud Connector on the Main Console virtual machine you are already connected to.
1. Architecture Overview
This architecture diagram above demonstrates the following principals of the AirWatch Cloud Connector:
- The AirWatch Cloud Connector is installed on the internal network where it is able to access your enterprise resources, such as Active Directory and Certificate Authority.
- The AirWatch Cloud Connector requires no inbound access from the internet or DMZ, so no additional inbound ports need to be exposed on your firewall for this solution.
- When Workspace ONE UEM needs to communicate with your internal enterprise resources, the AirWatch Cloud Connector will act as a proxy and relay the necessary data to Workspace ONE UEM.
2. Setup the AirWatch Cloud Connector
In the Workspace ONE UEM Console,
- Click Groups & Settings
- Click All Settings
2.1. Enable the AirWatch Cloud Connector
- Click System
- Click Enterprise Integration
- Click Cloud Connector
- Ensure Override is selected for Current Setting.
- Select Enabled for Enable AirWatch Cloud Connector.
- Click SAVE
NOTE: If you receive a permission issue when viewing this page, that means you did not change which sandbox you are working from at the beginning of the lab! Please return to the Switch Workspace ONE UEM Sandbox for Lab Module section and complete the steps shown before proceeding.
2.2. Download the AirWatch Cloud Connector Installer
After saving, a Saved Successfully message will show at the top of the AirWatch Cloud Connector page.
- Scroll down to the bottom of the AirWatch Cloud Connector page.
- Click Download AirWatch Cloud Connector Installer.
2.3. Enter the AirWatch Cloud Connector Certificate Password
the AirWatch Cloud Connector Certificate Password allows you to ensure that additional AirWatch Cloud Connectors are not installed at undesired locations by protecting the installer with a password. You will need to enter the password provided here during the AirWatch Cloud Connector installer in order to complete the installation.
VMware1!for the password.
VMware1!for the password.
- Click DOWNLOAD
2.4. Keep the AirWatch Cloud Connector Installer
When the installer finishes downloading, click Keep when prompted.
NOTE - The AirWatch Cloud Connector Installer is 19 MB in size and should only take 10 - 20 seconds to download.
2.5. Launch the AirWatch Cloud Connector Installer
Click the AirWatch Cloud Connector Installer exe file from the download bar.
2.6. Run the AirWatch Cloud Connector Installer
Click Run when prompted that the publisher could no be verified.
3. Install the AirWatch Cloud Connector
3.1. Accept the License Agreement
- Select I accept the terms in the license agreement
- Click Next
3.2. Accept the Default Destination Folder
The default install location is C:\VMware\. Click Next.
3.3. Enter the Certificate Password
The Certificate Password was generated in an earlier step when you setup the AirWatch Cloud Connector in the Workspace ONE UEM console.
VMware1!for the Certificate Password
- Click Next
NOTE: The installer may pause for a few moments when clicking Next. Please be patient while the certificate password is confirmed.
3.4. Configure the Outbound Proxy
The Hands-on Labs environment requires an outbound proxy to reach Workspace ONE UEM, so you will configure these settings now.
- Enable the Outbound Proxy option
192.168.110.1for the Proxy Host
3128for the Proxy Port
- Click Next
NOTE: In a production deployment, determine if your infrastructure requires an outbound proxy to communicate with your Workspace ONE UEM instance and configure as necessary.
3.5. Begin the AirWatch Cloud Connector Install
Click Install to begin the AirWatch Cloud Connector install process based on the configurations you made.
NOTE: The installer may run for several minutes before finishing. Please be patient while the installer completes.
3.6. Close the AirWatch Cloud Connector Installer
Congratulations! You've successfully installed the AirWatch Cloud Connector! You will now confirm that Workspace ONE UEM can establish communication with the AirWatch Cloud Connector.
4. Test Connection to the AirWatch Cloud Connector
Return to the Workspace ONE UEM Console,
- Click Test Connection and ensure the AirWatch Cloud Conector is active message is shown
NOTE: If you receive an error stating that AWCM is active but the Cloud Connector could not be reached, the AirWatch Cloud Connector service may still be starting. Wait a few seconds and try to click Test Connection again.
- Click Close
You have successfully setup and installed the AirWatch Cloud Connector and validated that Workspace ONE UEM can establish communication with the service! Your Workspace ONE UEM instance is now ready to integrate with your Active Directory and Certification Authority.
NOTE: If you do not see the AirWatch Cloud Connector is active message, ensure you setup the installer as instructed. The Outbound Proxy settings are required to successfully establish communication with Workspace ONE UEM in this environment.