Manualshelf

Specifications

ManualsBrandsVMware ManualsOtherTHINAPP 4.6 - MIGRATING APPLICATIONS TECHNICAL NOTE
51525354555657585960
View Client with Local Mode Client Connections
View Client with Local Mode offers mobile users the ability to check out View desktops onto their local
computer.
View Client with Local Mode supports both tunneled and nontunneled communications for LAN-based data
transfers. With tunneled communications, all traffic is routed through the View Connection Server host, and
you can specify whether to encrypt communications and data transfers. With nontunneled communications,
unencrypted data is transferred directly between the local desktop on the client system and the View desktop
virtual machine in vCenter Server.
Local data is always encrypted on the user's computer, regardless of whether you configure tunneled or
nontunneled communications.
The data disk stored locally on client systems is encrypted using a default encryption strength of AES-128. The
encryption keys are stored encrypted on the client system with a key derived from a hash of the user's
credentials (username and password or smart card and PIN). On the server side, the key is stored in View
LDAP. Whatever security measures you use to protect View LDAP on the server also protect the local mode
encryption keys stored in LDAP.
NOTE You can change the encryption key cipher from AES-128 to AES-192 or AES-256.
The desktop has a lifetime controlled through policy. If the client loses contact with View Connection Server,
the maximum time without server contact is the period in which the user can continue to use the desktop before
the user is refused access. On the client side, this expiration policy is stored in a file that is encrypted by a key
that is built into the application. This built-in key prevents users who have access to the password from
circumventing the expiration policy.
Choosing a User Authentication Method
VMware View uses your existing Active Directory infrastructure for user authentication and management.
For added security, you can integrate VMware View with RSA SecurID and smart card authentication
solutions.
n
Active Directory Authentication on page 53
Each View Connection Server instance is joined to an Active Directory domain, and users are
authenticated against Active Directory for the joined domain. Users are also authenticated against any
additional user domains with which a trust agreement exists.
n
RSA SecurID Authentication on page 53
RSA SecurID provides enhanced security with two-factor authentication, which requires knowledge of
the user's PIN and token code. The token code is only available on the physical SecurID token.
n
Smart Card Authentication on page 53
A smart card is a small plastic card that is embedded with a computer chip. Many government agencies
and large enterprises use smart cards to authenticate users who access their computer networks. A smart
card is also referred to as a Common Access Card (CAC).
n
Log In as Current User Feature on page 54
When View Client users select the Log in as current user check box, the credentials that they provided
when logging in to the client system are used to authenticate to the View Connection Server instance and
to the View desktop. No further user authentication is required.
VMware View Architecture Planning
52 VMware, Inc.