Manualshelf

Specifications

ManualsBrandsVMware ManualsOtherTHINAPP 4.6 - MIGRATING APPLICATIONS TECHNICAL NOTE
51525354555657585960
Tunneled Client Connections with Microsoft RDP
When users connect to a View desktop with the Microsoft RDP display protocol, View Client can make a second
HTTPS connection to the View Connection Server host. This connection is called the tunnel connection because
it provides a tunnel for carrying RDP data.
The tunnel connection offers the following advantages:
n
RDP data is tunneled through HTTPS and is encrypted using SSL. This powerful security protocol is
consistent with the security provided by other secure Web sites, such as those that are used for online
banking and credit card payments.
n
A client can access multiple desktops over a single HTTPS connection, which reduces the overall protocol
overhead.
n
Because VMware View manages the HTTPS connection, the reliability of the underlying protocols is
significantly improved. If a user temporarily loses a network connection, the HTTP connection is
reestablished after the network connection is restored and the RDP connection automatically resumes
without requiring the user to reconnect and log in again.
In a standard deployment of View Connection Server instances, the HTTPS secure connection terminates at
the View Connection Server. In a DMZ deployment, the HTTPS secure connection terminates at a security
server. See “Preparing to Use a Security Server,” on page 57 for information on DMZ deployments and
security servers.
Clients that use the PCoIP display protocol can use the tunnel connection for USB redirection and multimedia
redirection (MMR) acceleration, but for all other data, PCoIP uses the PCoIP Secure Gateway on a security
server. For more information, see “Client Connections Using the PCoIP Secure Gateway,” on page 50.
Clients that use the PCoIP or HP RGS display protocols do not use the tunnel connection.
Direct Client Connections
Administrators can configure View Connection Server settings so that View desktop sessions are established
directly between the client system and the View desktop virtual machine, bypassing the View Connection
Server host. This type of connection is called a direct client connection.
With direct client connections, an HTTPS connection can still be made between the client and the View
Connection Server host for users to authenticate and select View desktops, but the second HTTPS connection
(the tunnel connection) is not used.
Clients that use the HP RGS display protocol always use direct client connections. HP RGS clients cannot use
a tunnel connection or a PCoIP Secure Gateway connection.
Direct PCoIP connections include the following built-in security features:
n
PCoIP supports Advanced Encryption Standard (AES) encryption, which is turned on by default.
n
The hardware implementation of PCoIP uses both AES and IP Security (IPsec).
n
PCoIP works with third-party VPN clients.
For clients that use the Microsoft RDP display protocol, direct client connections are appropriate only if your
deployment is inside a corporate network. With direct client connections, RDP traffic is sent unencrypted over
the connection between the client and the View desktop virtual machine.
Chapter 5 Planning for Security Features
VMware, Inc. 51