Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
View Connection Server
This software service acts as a broker for client connections. View Connection Server authenticates users
through Windows Active Directory and directs the request to the appropriate virtual machine, physical PC,
or Microsoft RDS host.
View Connection Server provides the following management capabilities:
n
Authenticating users
n
Entitling users to specific desktops and pools
n
Assigning applications packaged with VMware ThinApp to specific desktops and pools
n
Managing remote desktop and application sessions
n
Establishing secure connections between users and remote desktops and applications
n
Enabling single sign-on
n
Setting and applying policies
Inside the corporate firewall, you install and configure a group of two or more View Connection Server
instances. Their configuration data is stored in an embedded LDAP directory and is replicated among
members of the group.
Outside the corporate firewall, in the DMZ, you can install and configure View Connection Server as a
security server, or you can install an Access Point appliance. Security servers and Access Point appliances in
the DMZ communicate with View Connection Servers inside the corporate firewall. Security servers and
Access Point appliances ensure that the only remote desktop and application traffic that can enter the
corporate data center is traffic on behalf of a strongly authenticated user. Users can access only the resources
that they are authorized to access.
Security servers offer a subset of functionality and are not required to be in an Active Directory domain. You
install View Connection Server in a Windows Server 2008 R2 or Windows Server 2012 R2 server, preferably
on a VMware virtual machine. For more information about Access Point appliances, see Deploying and
Configuring Access Point.
IMPORTANT It is possible to create a View setup that does not use View Connection Server. If you install the
View Agent Direct Connect Plugin in a remote virtual machine desktop, the client can connect directly to the
virtual machine. All the remote desktop features, including PCoIP, HTML Access, RDP, USB redirection,
and session management work in the same way, as if the user had connected through View Connection
Server. For more information, see View Agent Direct-Connection Plugin Administration.
Horizon Client
The client software for accessing remote desktops and applications can run on a tablet, a phone, a Windows,
Linux, or Mac PC or laptop, a thin client, and more.
After logging in, users select from a list of remote desktops and applications that they are authorized to use.
Authorization can require Active Directory credentials, a UPN, a smart card PIN, or an RSA SecurID or
other two-factor authentication token.
An administrator can configure Horizon Client to allow end users to select a display protocol. Protocols
include PCoIP and Microsoft RDP for remote desktops. The speed and display quality of PCoIP rival that of
a physical PC.
Features differ according to which Horizon Client you use. This guide focuses on Horizon Client for
Windows. The following types of clients are not described in detail in this guide:
n
Details about Horizon Client for tablets, Linux clients, and Mac clients. See the Horizon Client
documentation at https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Chapter 1 Introduction to View
VMware, Inc. 13