5.2
Table Of Contents
- VMware Horizon View Architecture Planning
- Contents
- VMware Horizon View Architecture Planning
- Introduction to Horizon View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- Horizon View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- Storage and Bandwidth Requirements
- Horizon View Building Blocks
- Horizon View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding Horizon View Communications Protocols
- Overview of Steps to Setting Up a Horizon View Environment
- Index
Table 5-5. TCP Ports Opened During View Agent Installation (Continued)
Protocol Ports
MMR 9427
PCoIP 4172 (TCP and UDP)
The View Agent installation program configures the local firewall rule for inbound RDP connections to match
the current RDP port of the host operating system, which is typically 3389. If you change the RDP port number,
you must change the associated firewall rules.
If you instruct the View Agent installation program to not enable Remote Desktop support, it does not open
ports 3389 and 32111, and you must open these ports manually.
If you use a virtual machine template as a desktop source, firewall exceptions carry over to deployed desktops
only if the template is a member of the desktop domain. You can use Microsoft group policy settings to manage
local firewall exceptions. See the Microsoft Knowledge Base (KB) article 875357 for more information.
Firewall Rules for Active Directory
If you have a firewall between your Horizon View environment and your Active Directory server, you must
make sure that all of the necessary ports are opened.
For example, View Connection Server must be able to access the Active Directory Global Catalog and
Lightweight Directory Access Protocol (LDAP) servers. If the Global Catalog and LDAP ports are blocked by
your firewall software, administrators will have problems configuring user entitlements.
See the Microsoft documentation for your Active Directory server version for information about the ports that
must be opened for Active Directory to function correctly through a firewall.
Firewall Rules for View Client with Local Mode
View Client with Local Mode data is downloaded and uploaded through TCP port 902 by default. In addition,
View Transfer Server publishes View Composer images through TCP port 902. If you intend to use View Client
with Local Mode, TCP port 902 must be accessible to your ESX/ESXi host, and UDP port 445 must be accessible
to the network share if you use a network share for the View Transfer Server repository.
If necessary, to comply with organization policies or to avoid contention, you can change which port numbers
are used.
Chapter 5 Planning for Security Features
VMware, Inc. 79