5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
Table 5-3. Default Ports (Continued)
Protocol Port
PCoIP TCP port 4172 from View Client to the View desktop.
PCoIP also uses UDP port 4172 in both directions.
PCoIP or RDP For USB redirection, TCP port 32111 is used alongside PCoIP
or RDP from the client to the View desktop.
View Broker and Administration Server
The View Broker component, which is the core of View Connection Server, is responsible for all user interaction
between View clients and View Connection Server. View Broker also includes the Administration Server that
is used by the View Administrator Web interface.
View Broker works closely with vCenter Server to provide advanced management of View desktops, including
virtual machine creation and power operations.
View Secure Gateway Server
View Secure Gateway Server is the server-side component for the secure HTTPS connection between View
clients and a security server or View Connection Server instance.
When you configure the tunnel connection for View Connection Server, RDP, USB, and Multimedia
Redirection (MMR) traffic is tunneled through the View Secure Gateway component. When you configure
direct client connections, these protocols connect directly from the client to the View desktop and are not
tunneled through the View Secure Gateway Server component.
NOTE Clients that use the PCoIP display protocol can use the tunnel connection for USB redirection and
multimedia redirection (MMR) acceleration, but for all other data, PCoIP uses the PCoIP Secure Gateway on
a security server.
View Secure Gateway Server is also responsible for forwarding other Web traffic, including user authentication
and desktop selection traffic, from View clients to the View Broker component. View Secure Gateway Server
also passes View Administrator client Web traffic to the Administration Server component.
PCoIP Secure Gateway
With VMware View 4.6 and later versions, security servers include a PCoIP Secure Gateway component. When
the PCoIP Secure Gateway is enabled, after authentication, View clients that use PCoIP can make another
secure connection to a security server. This connection allows remote clients to access View desktops from the
Internet.
When you enable the PCoIP Secure Gateway component, PCoIP traffic is forwarded by a security server to
View desktops. If clients that use PCoIP also use the USB redirection feature or multimedia redirection (MMR)
acceleration, you can enable the View Secure Gateway component in order to forward that data.
When you configure direct client connections, PCoIP traffic and other traffic goes directly from a View client
to a View desktop.
When end users such as home or mobile workers access desktops from the Internet, security servers provide
the required level of security and connectivity so that a VPN connection is not necessary. The PCoIP Secure
Gateway component ensures that the only remote desktop traffic that can enter the corporate data center is
traffic on behalf of a strongly authenticated user. End users can access only the desktop resources that they are
authorized to access.
Chapter 5 Planning for Security Features
VMware, Inc. 77