Specifications
Security Server Topologies
You can implement several different security server topologies.
The topology illustrated in Figure 5-2 shows a high-availability environment that includes two load-balanced
security servers in a DMZ. The security servers communicate with two View Connection Server instances
inside the internal network.
Figure 5-2. Load-Balanced Security Servers in a DMZ
vCenter
Management Server
Microsoft
Active Directory
View
Connection
Servers
load balancing
View
Security
Servers
DMZ
external network
remote
View Client
ESX hosts running
Virtual Desktop
virtual machines
When remote users connect to a security server, they must successfully authenticate before they can access
View desktops. With appropriate firewall rules on both sides of the DMZ, this topology is suitable for accessing
View desktops from client devices located on the Internet.
You can connect multiple security servers to each instance of View Connection Server. You can also combine
a DMZ deployment with a standard deployment to offer access for internal users and external users.
The topology illustrated in Figure 5-3 shows an environment where four instances of View Connection Server
act as one group. The instances in the internal network are dedicated to users of the internal network, and the
instances in the external network are dedicated to users of the external network. If the View Connection Server
instances paired with the security servers are enabled for RSA SecurID authentication, all external network
users are required to authenticate by using RSA SecurID tokens.
VMware View Architecture Planning
58 VMware, Inc.