Workspace ONE Assist Configuration


This chapter is one of a series that make up the VMware Workspace ONE and VMware Horizon Reference Architecture, a framework that provides guidance on the architecture, design considerations, and deployment of Workspace ONE and Horizon solutions. This chapter provides information about common configuration and deployment tasks for VMware Workspace ONE Assist.

Registering Failover for Active-Passive Workspace ONE Assist Deployments

This section describes how to perform a failover between the active and passive Workspace ONE Assist all-in-one servers. The following diagram illustrates an example multi-site architecture to address the failover process.

Figure 1: On-Premises Multi-Site Workspace ONE Assist Architecture

When performing manual or automatic failover for your active/passive Workspace ONE Assist servers, there are three major steps that need to occur:

  1. Your local load balancer in the target site needs to direct traffic to the new active Workspace ONE Assist server.
  2. The ApAdmin database records in your Workspace ONE Assist SQL Server need to be updated to know which Workspace ONE Assist server is currently active.
  3. The Workspace ONE Assist Windows Services on the active and passive servers need to be restarted. Alternatively, shut down the active server and power on the passive server.

Load Balancer Failover

In the active/passive deployment of the Workspace ONE Assist all-in-one servers, only one server, the active server, will be responsible for processing traffic for remote management sessions. When the currently active server becomes unhealthy or needs to go offline for maintenance, the local load balancer is changed so that existing connections to the currently active server are drained, and additional traffic is redirected to the currently passive server. This passive server becomes the new active server until failover is required again.

This failover can be manual or automatic. For automatic failover, it is recommended to monitor the availability of port 80 for the Portal and App services, port 443 for the Portal and T10 API services, and port 8443 for the Connection Proctor service. If these endpoints are not responding in a timely manner, the load balancer can demote the currently active server and promote the currently passive server to ensure remote management capabilities are online.

Registering SQL Server Failover

To achieve failover, the ApAdmin database needs to be updated to demote the currently active server and promote the currently passive server. This can be accomplished by using the following SQL query:

/* Set target ServerId to ACTIVE */

UPDATE ApAdmin.dbo.Services SET Active = 1 WHERE ServerId = {passiveServerId}

/* Set target ServerId to PASSIVE */

UPDATE ApAdmin.dbo.Services SET Active = 0 WHERE ServerId = {activeServerId}

In order to find the values for the {passiveServerId} and {activeServerId} values, you can look in the ApAdmin.dbo.Server table.

SELECT Id, ServerName, FQDN, IpAddress FROM ApAdmin.dbo.Server

Table 1: Example of Server Information for a Multi-site Deployment

Id

ServerName

FQDN

IP Address

1

s1assist1

[::1] 

10.10.174.60 

2

s1assist2

[::1]

10.10.174.61

3

s2assist1

[::1]

10.10.175.60

4

s2assist2

[::1]

10.10.175.61

In this example, we have two Workspace ONE Assist all-in-one servers installed in Site 1 (s1assist1, s1assist2) and two servers in Site 2 (s2assist1, s2assist2). The Id column in this table lists the ServerId you will need to provide in the above SQL query.

For example, to perform a failover from s1assist1 (id: 1), which is the currently active server in Site 1, to s1assist2 (id: 2), which is the currently passive server in Site 1, you would run the following query:

UPDATE ApAdmin.dbo.Services SET Active = 1 WHERE ServerId = 2

UPDATE ApAdmin.dbo.Services SET Active = 0 WHERE ServerId = 1

This will inform the Workspace ONE Assist server components that the active node has changed and that the new active node is now responsible for interfacing with the Workspace ONE Assist database to process remote management operations.

In our example, you would have an active server ready in Site 1, between s1assist1 and s1assist2, and an active server ready in Site 2, between s2assist1 and s2assist2. Should you perform automatic failover using your local load balancer, your solution would need to update the ApAdmin.dbo.Services entries as shown to swap the currently active and passive Workspace ONE Assist all-in-one servers.

Restarting Assist Services

To finalize the failover registration, both the active and passive Workspace ONE Assist all-in-one servers must have the following Windows Services restarted:

  • AetherPal Connection Proctor Service
  • AetherPal Data Tier Proxy Service
  • AetherPal Management Entity Service
  • AetherPal Messaging Entity Service
  • AetherPal Service Coordinator Service
  • AetherPal Tool Controller Service

Alternatively, you can keep your passive server powered off while your active server is online.  When failover is required, the passive server can be powered on, and the active server can be powered off. This will cause the passive server’s Workspace ONE Assist services to check in with the SQL database and be promoted to the currently active all-in-one server while the existing active server goes offline.

Summary and Additional Resources

Now that you have come to the end of this configuration chapter on Workspace ONE Assist, you can return to the landing page and use the tabs, search, or scroll to select your next chapter in one of the following sections:

  • Overview chapters provide understanding of business drivers, use cases, and service definitions.
  • Architecture chapters give design guidance on the products you are interested in including in your platform, including Workspace ONE UEM, Workspace ONE Access, Workspace ONE Assist, Workspace ONE Intelligence, Horizon Cloud Service, Horizon, App Volumes, Dynamic Environment Manager, and Unified Access Gateway.
  • Integration chapters cover the integration of products, components, and services you need to create the platform capable of delivering the services that you want to deliver to your users.
  • Configuration chapters provide reference for specific tasks as you build your platform, such as installation, deployment, and configuration processes for Workspace ONE, Horizon Cloud Service, Horizon, App Volumes, Dynamic Environment Management, and more.

Additional Resources

For more information about VMware Workspace ONE Assist, you can explore the following resources:

Changelog

The following updates were made to this guide:

Date

Description of Changes

2023-07-25

  • Added this Summary and Additional Resources section to list changelog, authors, and contributors within each design chapter.

Author and Contributors

This chapter was written by:

  • Justin Sheets, VMware alumni

Feedback 

Your feedback is valuable. 

To comment on this paper, contact VMware End-User-Computing Technical Marketing at euc_tech_content_feedback@vmware.com.


Associated Content

home-carousel-icon From the action bar MORE button.

Filter Tags

Workspace ONE Workspace ONE UEM Document Reference Architecture Advanced Deploy Modern Management