6.0
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
Table 5‑3. Default Ports (Continued)
Protocol Port
PCoIP Any TCP port from Horizon Client to port 4172 of the remote desktop or application.
PCoIP also uses UDP port 50002 from Horizon Client (or UDP port 55000 from the PCoIP Secure
Gateway) to port 4172 of the remote desktop or application.
PCoIP or RDP For USB redirection, TCP port 32111 is used alongside PCoIP or RDP from the client to the remote
desktop.
TCP Ports for View Connection Server Intercommunication
View Connection Server instances in a group use additional TCP ports to communicate with each other. For
example, View Connection Server instances use port 4100 to transmit JMS inter-router (JMSIR) traffic to each
other. Firewalls are generally not used between the View Connection Server instances in a group.
View Broker and Administration Server
The View Broker component, which is the core of View Connection Server, is responsible for all user
interaction between clients and View Connection Server. View Broker also includes the Administration
Server that is used by the View Administrator Web interface.
View Broker works closely with vCenter Server to provide advanced management of remote desktops,
including virtual machine creation and power operations.
View Secure Gateway Server
View Secure Gateway Server is the server-side component for the secure HTTPS connection between client
systems and a security server or View Connection Server instance.
When you configure the tunnel connection for View Connection Server, RDP, USB, and Multimedia
Redirection (MMR) traffic is tunneled through the View Secure Gateway component. When you configure
direct client connections, these protocols connect directly from the client to the remote desktop and are not
tunneled through the View Secure Gateway Server component.
NOTE Clients that use the PCoIP display protocol can use the tunnel connection for USB redirection and
multimedia redirection (MMR) acceleration, but for all other data, PCoIP uses the PCoIP Secure Gateway on
a security server.
View Secure Gateway Server is also responsible for forwarding other Web traffic, including user
authentication and desktop and application selection traffic, from clients to the View Broker component.
View Secure Gateway Server also passes View Administrator client Web traffic to the Administration Server
component.
PCoIP Secure Gateway
Security servers include a PCoIP Secure Gateway component. When the PCoIP Secure Gateway is enabled,
after authentication, clients that use PCoIP can make another secure connection to a security server. This
connection allows clients to access remote desktops and applications from the Internet.
When you enable the PCoIP Secure Gateway component, PCoIP traffic is forwarded by a security server to
remote desktops and applications. If clients that use PCoIP also use the USB redirection feature or
multimedia redirection (MMR) acceleration, you can enable the View Secure Gateway component in order
to forward that data.
When you configure direct client connections, PCoIP traffic and other traffic goes directly from a client to a
remote desktop or application.
Chapter 5 Planning for Security Features
VMware, Inc. 87