7.0
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for Horizon Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In
- Monitors and Screen Resolution
- Managing Desktop and Application Pools from a Central Location
- Advantages of Desktop Pools
- Advantages of Application Pools
- Reducing and Managing Storage Requirements
- Application Provisioning
- Deploying Individual Applications Using an RDS Host
- Deploying Applications and System Updates with View Composer
- Deploying Applications and System Updates with Instant Clones
- Managing VMware ThinApp Applications in View Administrator
- Deploying and Managing Applications Using App Volumes
- Using Existing Processes or VMware Mirage for Application Provisioning
- Using Active Directory GPOs to Manage Users and Desktops
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Using Smart Policies
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
Planning for Security Features 5
View offers strong network security to protect sensitive corporate data. For added security, you can
integrate View with certain third-party user-authentication solutions, use a security server, and implement
the restricted entitlements feature.
IMPORTANT With Horizon 6 version 6.2 and later releases, View can perform cryptographic operations using
FIPS (Federal Information Processing Standard) 140-2 compliant algorithms. You can enable the use of these
algorithms by installing View in FIPS mode. Not all View features are supported in FIPS mode. For more
information, see the View Installation document.
This chapter includes the following topics:
n
“Understanding Client Connections,” on page 79
n
“Choosing a User Authentication Method,” on page 82
n
“Restricting Remote Desktop Access,” on page 84
n
“Using Group Policy Settings to Secure Remote Desktops and Applications,” on page 85
n
“Using Smart Policies,” on page 86
n
“Implementing Best Practices to Secure Client Systems,” on page 86
n
“Assigning Administrator Roles,” on page 86
n
“Preparing to Use a Security Server,” on page 87
n
“Understanding View Communications Protocols,” on page 92
Understanding Client Connections
Horizon Client and View Administrator communicate with a View Connection Server host over secure
HTTPS connections. Information about the server certificate on View Connection Server is communicated to
the client as part of the SSL handshake between client and server.
The initial Horizon Client connection, which is used for user authentication and remote desktop and
application selection, is created when a user opens Horizon Client and provides a fully qualified domain
name for the View Connection Server, security server, or Access Point host. The View Administrator
connection is created when an administrator types the View Administrator URL into a Web browser.
A default SSL server certificate is generated during View Connection Server installation. By default, SSL
clients are presented with this certificate when they visit a secure page such as View Administrator.
You can use the default certificate for testing, but you should replace it with your own certificate as soon as
possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of noncertified
certificates can allow untrusted parties to intercept traffic by masquerading as your server.
VMware, Inc.
79