5.0
Table Of Contents
- VMware View Architecture Planning
- Contents
- VMware View Architecture Planning
- Introduction to VMware View
- Planning a Rich User Experience
- Feature Support Matrix
- Choosing a Display Protocol
- Using View Persona Management to Retain User Data and Settings
- Benefits of Using View Desktops in Local Mode
- Accessing USB Devices Connected to a Local Computer
- Printing from a View Desktop
- Streaming Multimedia to a View Desktop
- Using Single Sign-On for Logging In to a View Desktop
- Using Multiple Monitors with a View Desktop
- Managing Desktop Pools from a Central Location
- Architecture Design Elements and Planning Guidelines
- Virtual Machine Requirements
- VMware View ESX/ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- vCenter and View Composer Virtual Machine Configuration and Desktop Pool Maximums
- View Connection Server Maximums and Virtual Machine Configuration
- View Transfer Server Virtual Machine Configuration and Storage
- vSphere Clusters
- VMware View Building Blocks
- VMware View Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting View Desktop Access
- Using Group Policy Settings to Secure View Desktops
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding VMware View Communications Protocols
- Overview of Steps to Setting Up a VMware View Environment
- Index
Back-End Firewall Rules
To allow a security server to communicate with each View Connection Server instance that resides within the
internal network, the back-end firewall must allow inbound traffic on certain TCP ports. Behind the back-end
firewall, internal firewalls must be similarly configured to allow View desktops and View Connection Server
instances to communicate with each other. Table 5-2 summarizes the back-end firewall rules.
Table 5-2. Back-End Firewall Rules
Source Protocol Port Destination Notes
Security server HTTP 80 Transfer Server Security servers can use port 80 to
download View desktop data to local
mode desktops from the Transfer Server
and to replicate data to the Transfer
Server.
Security server HTTPS 443 Transfer Server If you configure View Connection
Server to use SSL for local mode
operations and desktop provisioning,
security servers use port 443 for
downloads and replication between
local mode desktops and the Transfer
Server.
Security server AJP13 8009 View Connection Server Security servers use port 8009 to
transmit AJP13-forwarded Web traffic
to View Connection Server instances.
Security server JMS 4001 View Connection Server Security servers use port 4001 to
transmit Java Message Service (JMS)
traffic to View Connection Server
instances.
Security server RDP 3389 View desktop Security servers use port 3389 to
transmit RDP traffic to View desktops.
NOTE For MMR, TCP port 9427 is used
alongside RDP.
Security server PCoIP TCP 4172
UDP
4172
View desktop Security servers use TCP port 4172 to
transmit PCoIP traffic to View desktops,
and security servers use UDP port 4172
to transmit PCoIP traffic in both
directions.
Security Server PCoIP or
RDP
TCP
32111
View desktop For USB redirection, TCP port 32111 is
used alongside PCoIP or RDP from the
client to the View desktop.
TCP Ports for View Connection Server Intercommunication
Groups of View Connection Server instances use additional TCP ports to communicate with each other. For
example, View Connection Server instances use port 4100 to transmit JMS inter-router (JMSIR) traffic to each
other. Firewalls are generally not used between the View Connection Server instances in a group.
Understanding VMware View Communications Protocols
VMware View components exchange messages by using several different protocols.
Figure 5-5 illustrates the protocols that each component uses for communication when a security server is not
configured. That is, the secure tunnel for RDP and the PCoIP secure gateway are not turned on. This
configuration might be used in a typical LAN deployment.
Chapter 5 Planning for Security Features
VMware, Inc. 63