5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
n
Enable single sign-on for smart card authentication in View Client.
n
Configure server SSL certificate checking in View Client.
n
Prevent users from providing credential information with View Client command line options.
n
Prevent non-View client systems from using RDP to connect to View desktops. You can set this policy so
that connections must be View-managed, which means that users must use View Client to connect to View
desktops.
See the VMware Horizon View Administration document for information on using View desktop and View Client
group policy settings.
Implementing Best Practices to Secure Client Systems
You should implement best practices to secure client systems.
n
Make sure that client systems are configured to go to sleep after a period of inactivity and require users
to enter a password before the computer awakens.
n
Require users to enter a username and password when starting client systems. Do not configure client
systems to allow automatic logins.
n
For Mac client systems, consider setting different passwords for the Keychain and the user account. When
the passwords are different, users are prompted before the system enters any passwords on their behalf.
Also consider turning on FileVault protection.
n
Local mode client systems might have more network access when they are running in local mode than
when they are remote and connected to the intranet. Consider enforcing intranet network security policies
for local mode client systems or disable network access for local mode client systems when they are
running in local mode.
For a concise reference to all the security features Horizon View provides, see the VMware Horizon View
Security document.
Assigning Administrator Roles
A key management task in a Horizon View environment is to determine who can use View Administrator and
what tasks those users are authorized to perform.
The authorization to perform tasks in View Administrator is governed by an access control system that consists
of administrator roles and privileges. A role is a collection of privileges. Privileges grant the ability to perform
specific actions, such as entitling a user to a desktop pool or changing a configuration setting. Privileges also
control what an administrator can see in View Administrator.
An administrator can create folders to subdivide desktop pools and delegate the administration of specific
desktop pools to different administrators in View Administrator. An administrator configures administrator
access to the resources in a folder by assigning a role to a user on that folder. Administrators can only access
the resources that reside in folders for which they have assigned roles. The role that an administrator has on
a folder determines the level of access that the administrator has to the resources in that folder.
View Administrator includes a set of predefined roles. Administrators can also create custom roles by
combining selected privileges.
VMware Horizon View Architecture Planning
68 VMware, Inc.