5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
Planning for Security Features 5
VMware Horizon View offers strong network security to protect sensitive corporate data. For added security,
you can integrate Horizon View with certain third-party user-authentication solutions, use a security server,
and implement the restricted entitlements feature.
This chapter includes the following topics:
n
“Understanding Client Connections,” on page 61
n
“Choosing a User Authentication Method,” on page 64
n
“Restricting View Desktop Access,” on page 66
n
“Using Group Policy Settings to Secure View Desktops,” on page 67
n
“Implementing Best Practices to Secure Client Systems,” on page 68
n
“Assigning Administrator Roles,” on page 68
n
“Preparing to Use a Security Server,” on page 69
n
“Understanding Horizon View Communications Protocols,” on page 74
Understanding Client Connections
View Client and View Administrator communicate with a View Connection Server host over secure HTTPS
connections. Information about the server certificate on View Connection Server is communicated to View
Client as part of the XML handshake between client and server.
The initial View Client connection, which is used for user authentication and View desktop selection, is created
when a user opens View Client and provides a fully qualified domain name for the View Connection Server
or security server host. The View Administrator connection is created when an administrator types the View
Administrator URL into a Web browser.
A default server SSL certificate is generated during View Connection Server installation. By default, clients are
presented with this certificate when they visit a secure page such as View Administrator.
You can use the default certificate for testing, but you should replace it with your own certificate as soon as
possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of noncertified
certificates can allow untrusted parties to intercept traffic by masquerading as your server.
n
Client Connections Using the PCoIP Secure Gateway on page 62
When clients connect to a View desktop with the PCoIP display protocol from VMware, View Client can
make a second connection to the PCoIP Secure Gateway component on a View Connection Server
instance or a security server. This connection provides the required level of security and connectivity
when accessing View desktops from the Internet.
VMware, Inc.
61