7.0
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for Horizon Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In
- Monitors and Screen Resolution
- Managing Desktop and Application Pools from a Central Location
- Advantages of Desktop Pools
- Advantages of Application Pools
- Reducing and Managing Storage Requirements
- Application Provisioning
- Deploying Individual Applications Using an RDS Host
- Deploying Applications and System Updates with View Composer
- Deploying Applications and System Updates with Instant Clones
- Managing VMware ThinApp Applications in View Administrator
- Deploying and Managing Applications Using App Volumes
- Using Existing Processes or VMware Mirage for Application Provisioning
- Using Active Directory GPOs to Manage Users and Desktops
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Using Smart Policies
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
n
Prevent users from providing credential information with Horizon Client command line options.
n
Prevent non-Horizon Client systems from using RDP to connect to remote desktops. You can set this
policy so that connections must be Horizon Client-managed, which means that users must use View to
connect to remote desktops.
See the Setting Up Desktop and Application Pools in View for information on using remote desktop and
Horizon Client group policy settings.
Using Smart Policies
You can use Smart Policies to create policies that control the behavior of the USB redirection, virtual
printing, clipboard redirection, client drive redirection, and PCoIP display protocol features on specific
remote desktops.
With Smart Policies, you can create policies that take effect only if certain conditions are met. For example,
you can configure a policy that disables the client drive redirection feature if a user connects to a remote
desktop from outside your corporate network.
The Smart Policies feature requires User Environment Manager. For more information, see the topics about
Smart Policies in Setting Up Desktop and Application Pools in View.
Implementing Best Practices to Secure Client Systems
You should implement best practices to secure client systems.
n
Make sure that client systems are configured to go to sleep after a period of inactivity and require users
to enter a password before the computer awakens.
n
Require users to enter a username and password when starting client systems. Do not configure client
systems to allow automatic logins.
n
For Mac client systems, consider setting different passwords for the Keychain and the user account.
When the passwords are different, users are prompted before the system enters any passwords on their
behalf. Also consider turning on FileVault protection.
For a concise reference to all the security features View provides, see the View Security document.
Assigning Administrator Roles
A key management task in a View environment is to determine who can use View Administrator and what
tasks those users are authorized to perform.
The authorization to perform tasks in View Administrator is governed by an access control system that
consists of administrator roles and privileges. A role is a collection of privileges. Privileges grant the ability
to perform specific actions, such as entitling a user to a desktop pool or changing a configuration setting.
Privileges also control what an administrator can see in View Administrator.
An administrator can create folders to subdivide desktop pools and delegate the administration of specific
desktop pools to different administrators in View Administrator. An administrator configures administrator
access to the resources in a folder by assigning a role to a user on that folder. Administrators can only access
the resources that reside in folders for which they have assigned roles. The role that an administrator has on
a folder determines the level of access that the administrator has to the resources in that folder.
View Administrator includes a set of predefined roles. Administrators can also create custom roles by
combining selected privileges.
View Architecture Planning
86 VMware, Inc.