3.1

Table Of Contents

VMware, Inc. 35

Chapter 2 Installation

ToallowexternalclientdevicestoconnecttoasecurityserverwithintheDMZ,the

front‐endfirewallmustallowinboundtrafficonTCPports80and443.Toallowthe

securityservertocommunicatewitheachstandardorreplicaserverthatresideswithin

theinternalnetwork,theback‐endfirewall

mustallowinboundtrafficonTCP

port 8009forAJP13‐forwardedWebtrafficandTCPport4001forJavaMessageService

(JMS)traffic.

Behindtheback‐endfirewall,internalfirewallsmustbesimilarlyconfiguredinorder

toallowtheViewManagerdesktopsandViewConnectionServerinstancesto

communicatewitheach

other.Port4001isusedforJMStrafficoriginatingfromeither

theViewAgentcomponentinstalledoneachViewManagerdesktoporfromasecurity

serverintheDMZ,andisdirectedatstandardorreplicaViewConnectionServer

instances.

Inanyfirewallconfiguration,TCPports3389and32111areused

fortrafficbetween

ViewClientforWindowsandViewAgent,andbetweenthinclientsandViewAgent.

TCPport3389isusedforRDPtraffic.TCPport32111isusedforUSBdevicetraffic,to

enabletheclienttoinitiatesessionlogoff,andtopassadditionalinformationbetween

ViewAgentand

ViewClientforWindowsandthinclients.

FirewallrulesaresummarizedinTable 2‐1.

Table 2-1. Firewall Rules

Firewall

Type TCP Port Protocol Source Destination

Front‐end 80 HTTP

Any Securityserver

443 HTTPS

Back‐end 4001 JMS

Securityserver Standardorreplica

server

8009 AJP13

4001 JMS

ViewAgent

Any 3389 RDP

ViewClient(Windows

andthinclients)

32111 USB

3389 RDP

ViewClient(Windows

andthinclients)

ViewAgent

32111 USB