3.0.1
Table Of Contents
- Administration Guide
- Contents
- About This Book
- Introduction
- Installation
- View Administrator
- Virtual Desktop Deployment
- Client Management
- View Client and View Portal
- Client Connections from the Internet
- Creating SSL Server Certificates
- Using Existing SSL Certificates
- Smart Card Authentication
- RSA SecurID Authentication
- View Client Command Line Options
- Virtual Printing
- View Composer
- Offline Desktop
- Component Policies
- Unified Access
- Troubleshooting
- Glossary
- Index
VMware, Inc. 33
Chapter 2 Installation
TherecommendedsecurityconfigurationforaDMZ‐basedsecurityserverdeployment
isthedualfirewall.Inthisconfiguration,anexternalnetworkfacing“front‐end”
firewallprotectsboththeDMZandtheinternalnetwork,anda“back‐end”firewall
betweentheDMZandtheinternalnetworkprovidesasecondtierofsecurity.
Thefront‐endfi
rewallisconfiguredtoallownetworktraffictoreachtheDMZ,whereas
theback‐endfirewallisconfiguredtoonlyaccepttrafficthatoriginatesfromthe
serviceswithintheDMZ.ThisconfigurationisillustratedinFigure 2‐5.
Figure 2-5. Example DMZ-Based Security Server Deployment
View Client
View Portal
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
VirtualCenter
Active
Directory
VMware
ESX servers
View
Security
Server
firewall
firewall