6.2
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
If you choose to install HTML Access with View Connection Server, the installer configures the VMware
Horizon View Connection Server (Blast-In) rule in Windows Firewall to open TCP port 8443, used by
HTML Access.
The following table lists the default ports that can be opened automatically during installation. Ports are
incoming unless otherwise noted.
Table 5‑4. Ports Opened During View Connection Server Installation
Protocol Ports View Connection Server Instance Type
JMS TCP 4001 Standard and replica
JMS TCP 4002 Standard and replica
JMSIR TCP 4100 Standard and replica
JMSIR TCP 4101 Standard and replica
AJP13 TCP 8009 Standard and replica
HTTP TCP 80 Standard, replica, and security server
HTTPS TCP 443 Standard, replica, and security server
PCoIP TCP 4172 in;
UDP 4172 both
directions
Standard, replica, and security server
HTTPS TCP 8443 Standard, replica, and security server.
After the initial connection to View is made, the Web browser on a client device
connects to the Blast Secure Gateway on TCP port 8443. The Blast Secure Gateway
must be enabled on a security server or View Connection Server instance to allow
this second connection to take place.
HTTPS TCP 8472 Standard and replica
For the Cloud Pod Architecture feature: used for interpod communication.
HTTP TCP 22389 Standard and replica
For the Cloud Pod Architecture feature: used for global LDAP replication.
HTTPS TCP 22636 Standard and replica
For the Cloud Pod Architecture feature: used for secure global LDAP replication.
Firewall Rules for View Agent
The View Agent installation program opens certain TCP ports on the firewall. Ports are incoming unless
otherwise noted.
Table 5‑5. TCP Ports Opened During View Agent Installation
Protocol Ports
RDP 3389
USB redirection 32111
MMR (multimedia redirection) and client drive redirection 9427
PCoIP 4172 (TCP and UDP)
The View Agent installation program configures the local firewall rule for inbound RDP connections to
match the current RDP port of the host operating system, which is typically 3389. If you change the RDP
port number, you must change the associated firewall rules.
If you instruct the View Agent installation program to not enable Remote Desktop support, it does not open
ports 3389 and 32111, and you must open these ports manually.
Chapter 5 Planning for Security Features
VMware, Inc. 91