5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
Figure 5-4. Dual Firewall Topology
View Client View Client
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
vCenter
Active
Directory
VMware
ESX servers
View
Security
Server
back-end
firewall
front-end
firewall
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls. During
installation, Horizon View services are set up to listen on certain network ports by default. If necessary, to
comply with organization policies or to avoid contention, you can change which port numbers are used.
IMPORTANT For additional details and security recommendations, see the VMware Horizon View Security
document.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow traffic on certain TCP and UDP ports. Table 5-1 summarizes the front-end firewall rules.
VMware Horizon View Architecture Planning
72 VMware, Inc.