7.0
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for Horizon Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In
- Monitors and Screen Resolution
- Managing Desktop and Application Pools from a Central Location
- Advantages of Desktop Pools
- Advantages of Application Pools
- Reducing and Managing Storage Requirements
- Application Provisioning
- Deploying Individual Applications Using an RDS Host
- Deploying Applications and System Updates with View Composer
- Deploying Applications and System Updates with Instant Clones
- Managing VMware ThinApp Applications in View Administrator
- Deploying and Managing Applications Using App Volumes
- Using Existing Processes or VMware Mirage for Application Provisioning
- Using Active Directory GPOs to Manage Users and Desktops
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Using Smart Policies
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
n
Client Connections Using the PCoIP and Blast Secure Gateways on page 80
When clients connect to a remote desktop or application with the PCoIP or Blast Extreme display
protocol from VMware, Horizon Client can make a second connection to the applicable Secure
Gateway component on a View Connection Server instance, security server, or Access Point appliance.
This connection provides the required level of security and connectivity when accessing remote
desktops and applications from the Internet.
n
Tunneled Client Connections with Microsoft RDP on page 81
When users connect to a remote desktop with the Microsoft RDP display protocol, Horizon Client can
make a second HTTPS connection to the View Connection Server host. This connection is called the
tunnel connection because it provides a tunnel for carrying RDP data.
n
Direct Client Connections on page 81
Administrators can configure View Connection Server settings so that remote desktop and application
sessions are established directly between the client system and the remote application or desktop
virtual machine, bypassing the View Connection Server host. This type of connection is called a direct
client connection.
Client Connections Using the PCoIP and Blast Secure Gateways
When clients connect to a remote desktop or application with the PCoIP or Blast Extreme display protocol
from VMware, Horizon Client can make a second connection to the applicable Secure Gateway component
on a View Connection Server instance, security server, or Access Point appliance. This connection provides
the required level of security and connectivity when accessing remote desktops and applications from the
Internet.
Security servers and Access Point appliances include a PCoIP Secure Gateway component and a Blast
Secure Gateway component, which offers the following advantages:
n
The only remote desktop and application traffic that can enter the corporate data center is traffic on
behalf of a strongly authenticated user.
n
Users can access only the resources that they are authorized to access.
n
The PCoIP Secure Gateway connection supports PCoIP, and the Blast Secure Gateway connection
supports Blast Extreme. Both are advanced remote display protocols that make more efficient use of the
network by encapsulating video display packets in UDP instead of TCP.
n
PCoIP and Blast Extreme are secured by AES-128 encryption by default. You can, however, change the
encryption cipher to AES-256.
n
No VPN is required, as long as the display protocol is not blocked by any networking component. For
example, someone trying to access their remote desktop or application from inside a hotel room might
find that the proxy the hotel uses is not configured to pass UDP packets.
For more information, see “Firewall Rules for DMZ-Based Security Servers,” on page 90.
Security servers run on Windows Server 2008 R2 and Windows Server 2012 R2 operating systems and take
full advantage of the 64-bit architecture. This security server can also take advantage of Intel processors that
support AES New Instructions (AESNI) for highly optimized encryption and decryption performance.
For more information about Access Point virtual appliances, see Deploying and Configuring Access Point.
View Architecture Planning
80 VMware, Inc.