APPLICATION NOTE VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES Configuring Secure SSL VPN Access in a VMware Virtual Desktop Environment Copyright © 2010, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances Table of Contents Introduction. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances Introduction Customers running a VMware View environment don’t just want secure access for virtual desktop sessions, they want convenience as well. With this in mind, Juniper Networks® SA Series SSL VPN Appliances extend the security deployment by brokering connections to virtual machines and providing single sign-on (SSO) when users access their assigned virtual desktops.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances Description and Deployment Scenario Administrators should follow each of the following steps to successfully configure SSO from the VMware View client to the backend VMware View environment. VMware View Connection Server Configuration • Install VMware View Connection Server. • Once installed, configure View Server as per the business needs. 4 Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances • Configure global services to connect to your Virtual Center/VMware ESX server(s) in order to load virtual machines from your existing environment. Note: A security server acts as an SSL offload and is not needed when View is used in conjunction with an SSL VPN. Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances • Configure the desktop pool(s). 6 Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances • Set up entitlements. Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances • Configure desktop sources. 8 Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances • Install the VMware View Agent on respective virtual or physical machines to be used as desktop sources. They will then automatically be discovered and enabled by View server. Configure the SA Series for View Connection Server There are two options for configuring VMware View access via the SA Series: • Recommended: Use the virtual desktops resource profiles. - - SSO, client invoked on the fly.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances With this configuration, when users log into the SA Series appliance, their portal page will now include the VMware virtual desktop as configured: 10 Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances Configure the Web Resource Profile and Access Method (Alternate Method) • Log into the SA Series as an administrator. • Navigate to “Resource profile-Web.” • Select type -> “Custom.” • Enter the configuration for the VMware View target server: Copyright © 2011, Juniper Networks, Inc.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances • Select “Show ALL Autopolicy types.” • Enter the URL for the View Connection Server in the “Base URL” input field. • The Web Access Control policy should fill automatically after doing this. • Select the check box “Autopolicy: Single Sign-on.” • Select the radio button “Remote SSO.” • Select the check box “POST the following data.” • Enter the resource, e.g. http://.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances Once the VMware View client is launched, it needs a way to forward the Remote Desktop Protocol (RDP) traffic to the backend virtual desktop instance. To facilitate this, either the NC or WSAM feature may be used, either of which is probably already in use by the remote access users.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances PCoIP (PC-over-IP) Support PCoIP is a high performance display protocol purpose-built to deliver virtual desktops and to provide end users with the best, total rich desktop experience regardless of task or location. With PCoIP, the entire computing experience is compressed, encrypted and encoded in the datacenter before being transmitted across a standard IP network to PCoIP-enabled endpoint devices.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances Summary With Juniper Networks SA Series SSL VPN Appliances, customers running a VMware View environment can now enjoy the benefit of single sign-on to their virtual desktops as well as any other Web, thin client, or network resources that administrators may have configured. This solution saves administrators time and greatly improves the end user experience.
APPLICATION NOTE - VMware View with Juniper Networks SA Series SSL VPN Appliances About Juniper Networks Juniper Networks, Inc. is the leader in high-performance networking. Juniper offers a high-performance network infrastructure that creates a responsive and trusted environment for accelerating the deployment of services and applications over a single network. This fuels high-performance businesses. Additional information can be found at www.juniper.net.
