Specifications
External users cannot see the desktop pools tagged as Internal because they log in through the View Connection
Server tagged as External, and internal users cannot see the desktop pools tagged as External because they log
in through the View Connection Server tagged as Internal. Figure 5-1 illustrates this configuration.
Figure 5-1. Restricted Entitlements Example
DMZ
external network
remote
View Client
View
Connection
Server
Tag: “External”
desktop pool A
Tag: “External”
View
Security
Server
VM VM
VM VM
local
View Client
View
Connection
Server
Tag: “Internal”
desktop pool B
Tag: “Internal”
VM VM
VM VM
You can also use restricted entitlements to control desktop access based on the user-authentication method
that you configure for a particular View Connection Server instance. For example, you can make certain
desktop pools available only to users who have authenticated with a smart card.
The restricted entitlements feature only enforces tag matching. You must design your network topology to
force certain clients to connect through a particular View Connection Server instance.
Using Group Policy Settings to Secure View Desktops
VMware View includes Group Policy administrative (ADM) templates that contain security-related group
policy settings that you can use to secure your View desktops.
For example, you can use group policy settings to perform the following tasks.
n
Specify the View Connection Server instances that can accept user identity and credential information that
is passed when a user selects the Log in as current user check box in View Client.
n
Enable single sign-on for smart card authentication in View Client.
n
Configure server SSL certificate checking in View Client.
n
Prevent users from providing credential information with View Client command line options.
See the VMware View Administrator's Guide for information on using View Client group policy settings.
VMware View Architecture Planning Guide
54 VMware, Inc.