5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
n
Tunneled Client Connections with Microsoft RDP on page 62
When users connect to a View desktop with the Microsoft RDP display protocol, View Client can make
a second HTTPS connection to the View Connection Server host. This connection is called the tunnel
connection because it provides a tunnel for carrying RDP data.
n
Direct Client Connections on page 63
Administrators can configure View Connection Server settings so that View desktop sessions are
established directly between the client system and the View desktop virtual machine, bypassing the View
Connection Server host. This type of connection is called a direct client connection.
n
View Client with Local Mode Client Connections on page 63
View Client with Local Mode offers mobile users the ability to check out View desktops onto their local
computer.
Client Connections Using the PCoIP Secure Gateway
When clients connect to a View desktop with the PCoIP display protocol from VMware, View Client can make
a second connection to the PCoIP Secure Gateway component on a View Connection Server instance or a
security server. This connection provides the required level of security and connectivity when accessing View
desktops from the Internet.
With VMware View 4.6 and later releases, security servers include a PCoIP Secure Gateway component. The
PCoIP Secure Gateway connection offers the following advantages:
n
The only remote desktop traffic that can enter the corporate data center is traffic on behalf of a strongly
authenticated user.
n
Users can access only the desktop resources that they are authorized to access.
n
This connection supports PCoIP, which is an advanced remote desktop protocol that makes more efficient
use of the network by encapsulating video display packets in UDP instead of TCP.
n
PCoIP is secured by AES-128 encryption by default. You can, however, change the encryption key cipher
to AES-192 or AES-256.
n
No VPN is required, as long as PCoIP is not blocked by any networking component. For example, someone
trying to access their View desktop from inside a hotel room might find that the proxy the hotel uses is
not configured to allow outbound traffic on TCP port 4172 and both inbound and outbound traffic on
UDP port 4172.
For more information, see “Firewall Rules for DMZ-Based Security Servers,” on page 72.
Security servers with PCoIP support run on Windows Server 2008 R2 and take full advantage of the 64-bit
architecture. This security server can also take advantage of Intel processors that support AES New Instructions
(AESNI) for highly optimized PCoIP encryption and decryption performance.
Tunneled Client Connections with Microsoft RDP
When users connect to a View desktop with the Microsoft RDP display protocol, View Client can make a second
HTTPS connection to the View Connection Server host. This connection is called the tunnel connection because
it provides a tunnel for carrying RDP data.
The tunnel connection offers the following advantages:
n
RDP data is tunneled through HTTPS and is encrypted using SSL. This powerful security protocol is
consistent with the security provided by other secure Web sites, such as those that are used for online
banking and credit card payments.
n
A client can access multiple desktops over a single HTTPS connection, which reduces the overall protocol
overhead.
VMware Horizon View Architecture Planning
62 VMware, Inc.