7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Introduction to Access Point 1
Access Point functions as a secure gateway for users who want to access remote desktops and applications
from outside the corporate firewall.
Access Point appliances typically reside within a DMZ and act as a proxy host for connections inside your
company's trusted network. This design provides an additional layer of security by shielding View virtual
desktops, application hosts, and Horizon servers from the public-facing Internet.
Access Point directs authentication requests to the appropriate server and discards any un-authenticated
request. The only remote desktop and application traffic that can enter the corporate data center is traffic on
behalf of a strongly authenticated user. Users can access only the resources that they are authorized to
access.
With Access Point 2.6 and later releases, the Access Point appliance can also serve as a reverse proxy for
VMware Identity Manager.
The following authentication mechanisms are available:
n
Active Directory credentials
n
RSA SecurID
n
RADIUS
n
Smart cards
n
SAML (Security Assertion Markup Language)
For the View component of VMware Horizon, Access Point appliances fulfill the same role that was
previously played by View security servers, but Access Point provides additional benefits:
n
An Access Point appliance can be configured to point to either a View Connection Server instance or a
load balancer that fronts a group of View Connection Server instances. This design means that you can
combine remote and local traffic.
n
Configuration of Access Point is independent of View Connection Server instances. Unlike with
security servers, no pairing password is required to pair each security server with a single View
Connection Server instance.
n
Access Point appliances are deployed as hardened virtual appliances, which are based on a Linux
appliance that has been customized to provide secure access. Extraneous modules have been removed
to reduce potential threat access.
n
Access Point uses a standard HTTP(S) protocol for communication with View Connection Server. JMS,
IPsec, and AJP13 are not used.
VMware, Inc.
7