5.0
Table Of Contents
- VMware View Architecture Planning
- Contents
- VMware View Architecture Planning
- Introduction to VMware View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- VMware View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- VMware View Building Blocks
- VMware View Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding VMware View Communications Protocols
- Overview of Steps to Setting Up a VMware View Environment
- Index
Because users can connect directly with any View Connection Server instance from within their internal
network, you do not need to implement a security server in a LAN-based deployment.
NOTE As of View 4.6, security servers include a PCoIP Secure Gateway component so that clients that use the
PCoIP display protocol can use a security server rather than a VPN.
For information about setting up VPNs for using PCoIP, see the following solutions overviews, available on
the VMware Web site:
n
VMware View and Juniper Networks SA Servers SSL VPN Solution
n
VMware View and F5 BIG-IP SSL VPN Solution
n
VMware View and Cisco Adaptive Security Appliances (ASA) SSL VPN Solution
Best Practices for Security Server Deployments
You should follow best practice security policies and procedures when operating a security server in a DMZ.
The DMZ Virtualization with VMware Infrastructure white paper includes examples of best practices for a
virtualized DMZ. Many of the recommendations in this white paper also apply to a physical DMZ.
To limit the scope of frame broadcasts, the View Connection Server instances that are paired with security
servers should be deployed on an isolated network. This topology can help prevent a malicious user on the
internal network from monitoring communication between the security servers and View Connection Server
instances.
Alternatively, you might be able to use advanced security features on your network switch to prevent malicious
monitoring of security server and View Connection Server communication and to guard against monitoring
attacks such as ARP Cache Poisoning. See the administration documentation for your networking equipment
for more information.
Security Server Topologies
You can implement several different security server topologies.
The topology illustrated in Figure 5-2 shows a high-availability environment that includes two load-balanced
security servers in a DMZ. The security servers communicate with two View Connection Server instances
inside the internal network.
Chapter 5 Planning for Security Features
VMware, Inc. 59