Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
Figure 5‑4. Dual Firewall Topology
HTTPS
traffic
HTTPS
traffic
fault-tolerant
load balancing
mechanism
View
Security
Server
DMZ
internal
network
View
Connection
Server
View
Connection
Server
VMware
vCenter
Active
Directory
VMware
ESXi servers
View
Security
Server
back-end
firewall
front-end
firewall
client device
client device
Firewall Rules for DMZ-Based Security Servers
DMZ-based security servers require certain firewall rules on the front-end and back-end firewalls. During
installation, View services are set up to listen on certain network ports by default. If necessary, to comply
with organization policies or to avoid contention, you can change which port numbers are used.
IMPORTANT For additional details and security recommendations, see the View Security document.
Front-End Firewall Rules
To allow external client devices to connect to a security server within the DMZ, the front-end firewall must
allow traffic on certain TCP and UDP ports. Table 5-1 summarizes the front-end firewall rules.
Table 5‑1. Front-End Firewall Rules
Source
Default
Port Protocol Destination
Default
Port Notes
Horizon
Client
TCP
Any
HTTP Security
Server
TCP 80 (Optional) External client devices connect to a security server
within the DMZ on TCP port 80 and are automatically
directed to HTTPS. For information about the security
considerations related to letting users connect with HTTP
rather than HTTPS, see the View Security guide.
Horizon
Client
TCP
Any
HTTPS Security
server
TCP 443 External client devices connect to a security server within the
DMZ on TCP port 443 to communicate with a Connection
Server instance and remote desktops and applications.
Chapter 5 Planning for Security Features
VMware, Inc. 79