5.1
Table Of Contents
- VMware View Architecture Planning
- Contents
- VMware View Architecture Planning
- Introduction to VMware View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- VMware View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- VMware View Building Blocks
- VMware View Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding VMware View Communications Protocols
- Overview of Steps to Setting Up a VMware View Environment
- Index
Figure 5-4. Dual Firewall Topology
View Client View Client
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
vCenter
Active
Directory
VMware
ESX servers
View
Security
Server
back-end
firewall
front-end
firewall
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow traffic on certain TCP and UDP ports. Table 5-1 summarizes the front-end firewall rules.
Table 5-1. Front-End Firewall Rules
Source Port Protocol Destination Port Notes
View Client TCP Any HTTPS Security
server
TCP 443 External client devices connect to a security server within the
DMZ on TCP port 443 to communicate with a Connection
Server instance and View desktops.
View Client TCP Any
UDP
Any
PCoIP Security
server
TCP 4172
UDP 4172
External client devices connect to a security server within the
DMZ on TCP port 4172 and UDP port 4172 to communicate
with a View desktop over PCoIP.
Security
Server
UDP
4172
PCoIP View Client UDP Any Security servers send PCoIP data back to an external client
device from UDP port 4172. The destination UDP port will be
the source port from the received UDP packets and so as this is
reply data, it is normally unnecessary to add an explicit firewall
rule for this.
VMware View Architecture Planning
66 VMware, Inc.