5.0
Table Of Contents
- VMware View Architecture Planning
- Contents
- VMware View Architecture Planning
- Introduction to VMware View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- VMware View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- VMware View Building Blocks
- VMware View Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding VMware View Communications Protocols
- Overview of Steps to Setting Up a VMware View Environment
- Index
Figure 5-4. Dual Firewall Topology
View Client View Client
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
vCenter
Active
Directory
VMware
ESX servers
View
Security
Server
back-end
firewall
front-end
firewall
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow traffic on certain TCP and UDP ports. Table 5-1 summarizes the front-end firewall rules.
Table 5-1. Front-End Firewall Rules
Source Protocol Port Destination Notes
Any HTTP 80 Security server External client devices use port 80 to connect to a
security server within the DMZ when SSL is
disabled.
Any HTTPS 443 Security server External client devices use port 443 to connect to a
security server within the DMZ when SSL is
enabled (the default).
Any PCoIP TCP 4172
UDP 4172
Security server External client devices use TCP port 4172 to a
security server within the DMZ when SSL is
enabled and also use UDP port 4172 in both
directions.
VMware View Architecture Planning
62 VMware, Inc.