5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
Table 5-2. Back-End Firewall Rules (Continued)
Source
Default
Port Protocol Destination
Default
Port Notes
Security server TCP Any RDP View desktop TCP 3389 Security servers connect to View desktops on TCP port
3389 to exchange RDP traffic.
Security server TCP Any MMR View desktop TCP 4927 Security servers connect to View desktops on TCP port
9427 to receive MMR traffic.
Security server TCP Any
UDP Any
PCoIP View desktop TCP 4172
UDP 4172
Security servers connect to View desktops on TCP port
4172 and UDP port 4172 to exchange PCoIP traffic.
View desktop UDP 4172 PCoIP Security server UDP Any View desktops send PCoIP data back to a security server
from UDP port 4172 .
The destination UDP port will be the source port from the
received UDP packets and so as this is reply data, it is
normally unnecessary to add an explicit firewall rule for
this.
Security server TCP 32111 USB-R View desktop TCP 4172 Security servers connect to View desktops on TCP port
32111 to exchange USB redirection traffic between an
external client device and the View desktop.
Security server TCP Any HTTP Transfer Server TCP 80 Security servers connect to View Transfer Servers on TCP
port 80 to download View desktop data to external local
mode clients and to exchange replication data.
Security server TCP Any HTTPS Transfer Server TCP 443 If you configure View Transfer Server to use SSL for local
mode operations and desktop provisioning, security
servers connect to View Transfer Servers on TCP port 443
instead of TCP port 80 to download View desktop data
to external local mode clients and to exchange replication
data.
Security server TCP Any HTTPS View desktop TCP 22443 If you use VMware Horizon View HTML Access, security
servers connect to View desktops on HTTPS port 22443
to communicate with the Blast agent.
TCP Ports for View Connection Server Intercommunication
Groups of View Connection Server instances use additional TCP ports to communicate with each other. For
example, View Connection Server instances use port 4100 to transmit JMS inter-router (JMSIR) traffic to each
other. Firewalls are generally not used between the View Connection Server instances in a group.
Understanding Horizon View Communications Protocols
Horizon View components exchange messages by using several different protocols.
Figure 5-5 illustrates the protocols that each component uses for communication when a security server is not
configured. That is, the secure tunnel for RDP and the PCoIP secure gateway are not turned on. This
configuration might be used in a typical LAN deployment.
VMware Horizon View Architecture Planning
74 VMware, Inc.