Design Decision for Workspace One On-Premise Implementation

B.

Sure, I'd be happy to explain each answer option in detail for you.

A. Decide what level of trust to use between the Active Directory Kerberos realm and Workspace One's Kerberos realm.

This option refers to the decision of how to establish trust between the Kerberos realms of the Active Directory domain and Workspace One. Kerberos is a network authentication protocol that uses mutual authentication between clients and servers, and it is commonly used in Windows environments. In this context, the question is asking how to ensure that users can use their Active Directory credentials to authenticate with Workspace One.

There are different levels of trust that can be established between Kerberos realms, including one-way trust, two-way trust, and forest trust. The choice of trust level will depend on the specific requirements of the environment and the design decisions made by the architect.

B. Make sure that the Mobile applications that are planned to be managed by Workspace One support the Kerberos protocol for Single-Sign On.

This option is referring to the requirement that the mobile applications managed by Workspace One must support the Kerberos protocol for Single-Sign On (SSO). SSO allows users to log in once and access multiple applications without having to re-enter their credentials.

Kerberos is one of the protocols used for SSO, and it relies on the user's initial authentication to the network to provide SSO access to other resources. In the context of Workspace One, this means that if a mobile application is going to be managed by Workspace One, it needs to be able to support Kerberos-based SSO.

C. Decide what namespace will be used by the Workspace One portal. This will be used for end-user access to the portal. Decide which domain is to be used as the Kerberos realm.

This option is referring to the decision of what namespace to use for the Workspace One portal, which is the primary interface through which end-users will access their resources. The namespace refers to the portion of the URL that identifies the specific server hosting the portal.

In addition to deciding on the namespace, the architect also needs to decide which domain will be used as the Kerberos realm. This decision is important because it will affect how users are authenticated and how resources are accessed within the environment.

D. Decide the namespace to be used by the Workspace One portal. The domain chosen will also be your Kerberos realm.

This option is similar to Option C, but it is more specific in that it states that the domain chosen for the Workspace One portal namespace will also be the Kerberos realm. This decision is important because it will affect how users are authenticated and how resources are accessed within the environment.

In summary, each option represents an important design decision that needs to be made when architecting a Workspace One on-premise implementation supporting Mobile Single-Sign On for iOS devices. The specific choice will depend on the specific requirements of the environment and the design decisions made by the architect.