5.0
Table Of Contents
- VMware View Architecture Planning
- Contents
- VMware View Architecture Planning
- Introduction to VMware View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- VMware View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- VMware View Building Blocks
- VMware View Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding VMware View Communications Protocols
- Overview of Steps to Setting Up a VMware View Environment
- Index
Planning for Security Features 5
VMware View offers strong network security to protect sensitive corporate data. For added security, you can
integrate VMware View with certain third-party user-authentication solutions, use a security server, and
implement the restricted entitlements feature.
This chapter includes the following topics:
n
“Understanding Client Connections,” on page 51
n
“Choosing a User Authentication Method,” on page 54
n
“Restricting View Desktop Access,” on page 56
n
“Using Group Policy Settings to Secure View Desktops,” on page 57
n
“Implementing Best Practices to Secure Client Systems,” on page 58
n
“Assigning Administrator Roles,” on page 58
n
“Preparing to Use a Security Server,” on page 58
n
“Understanding VMware View Communications Protocols,” on page 63
Understanding Client Connections
View Client and View Administrator communicate with a View Connection Server host over secure HTTPS
connections.
The initial View Client connection, which is used for user authentication and View desktop selection, is created
when a user opens View Client and provides an IP address or domain name for the View Connection Server
or security server host. The View Administrator connection is created when an administrator types the View
Administrator URL into a Web browser.
A default server SSL certificate is generated during View Connection Server installation. By default, clients are
presented with this certificate when they visit a secure page such as View Administrator.
You can use the default certificate for testing, but you should replace it with your own certificate as soon as
possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of noncertified
certificates can allow untrusted parties to intercept traffic by masquerading as your server.
n
Client Connections Using the PCoIP Secure Gateway on page 52
When clients connect to a View desktop with the PCoIP display protocol from VMware, View Client can
make a second connection to the PCoIP Secure Gateway component on a View Connection Server
instance or a security server. This connection provides the required level of security and connectivity
when accessing View desktops from the Internet.
VMware, Inc.
51