Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
Choosing a User Authentication Method
View uses your existing Active Directory infrastructure for user authentication and management. For added
security, you can integrate View with two-factor authentication solutions, such as RSA SecurID and
RADIUS, and smart card authentication solutions.
n
Active Directory Authentication on page 76
Each View Connection Server instance is joined to an Active Directory domain, and users are
authenticated against Active Directory for the joined domain. Users are also authenticated against any
additional user domains with which a trust agreement exists.
n
Using Two-Factor Authentication on page 77
You can configure a View Connection Server instance so that users are required to use RSA SecurID
authentication or RADIUS (Remote Authentication Dial-In User Service) authentication.
n
Smart Card Authentication on page 77
A smart card is a small plastic card that is embedded with a computer chip. Many government
agencies and large enterprises use smart cards to authenticate users who access their computer
networks. One type of smart card used by the United States Department of Defense is called a
Common Access Card (CAC).
n
Using the Log In as Current User Feature Available with Windows-Based Horizon Client on page 78
With Horizon Client for Windows, when users select the Log in as current user check box, the
credentials that they provided when logging in to the client system are used to authenticate to the
View Connection Server instance and to the remote desktop. No further user authentication is
required.
Active Directory Authentication
Each View Connection Server instance is joined to an Active Directory domain, and users are authenticated
against Active Directory for the joined domain. Users are also authenticated against any additional user
domains with which a trust agreement exists.
For example, if a View Connection Server instance is a member of Domain A and a trust agreement exists
between Domain A and Domain B, users from both Domain A and Domain B can connect to the View
Connection Server instance with Horizon Client.
Similarly, if a trust agreement exists between Domain A and an MIT Kerberos realm in a mixed domain
environment, users from the Kerberos realm can select the Kerberos realm name when connecting to the
View Connection Server instance with Horizon Client.
You can place users and groups in the following Active Directory domains:
n
The View Connection Server domain
n
A different domain that has a two-way trust relationship with the View Connection Server domain
n
A domain in a different forest than the View Connection Server domain that is trusted by the View
Connection Server domain in a one-way external or realm trust relationship
n
A domain in a different forest than the View Connection Server domain that is trusted by the View
Connection Server domain in a one-way or two-way transitive forest trust relationship
View Connection Server determines which domains are accessible by traversing trust relationships, starting
with the domain in which the host resides. For a small, well-connected set of domains, View Connection
Server can quickly determine a full list of domains, but the time that it takes increases as the number of
domains increases or as the connectivity between the domains decreases. The list might also include
domains that you would prefer not to offer to users when they log in to their remote desktops and
applications.
View Architecture Planning
76 VMware, Inc.