Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
Administrators can use the vdmadmin command-line interface to configure domain filtering, which limits the
domains that a View Connection Server instance searches and that it displays to users. See the View
Administration document for more information.
Policies, such as restricting permitted hours to log in and setting the expiration date for passwords, are also
handled through existing Active Directory operational procedures.
Using Two-Factor Authentication
You can configure a View Connection Server instance so that users are required to use RSA SecurID
authentication or RADIUS (Remote Authentication Dial-In User Service) authentication.
n
RADIUS support offers a wide range of alternative two-factor token-based authentication options.
n
View also provides an open standard extension interface to allow third-party solution providers to
integrate advanced authentication extensions into View.
Because two-factor authentication solutions such as RSA SecurID and RADIUS work with authentication
managers, installed on separate servers, you must have those servers configured and accessible to the View
Connection Server host. For example, if you use RSA SecurID, the authentication manager would be RSA
Authentication Manager. If you have RADIUS, the authentication manager would be a RADIUS server.
To use two-factor authentication, each user must have a token, such as an RSA SecurID token, that is
registered with its authentication manager. A two-factor authentication token is a piece of hardware or
software that generates an authentication code at fixed intervals. Often authentication requires knowledge
of both a PIN and an authentication code.
If you have multiple View Connection Server instances, you can configure two-factor authentication on
some instances and a different user authentication method on others. For example, you can configure two-
factor authentication only for users who access remote desktops and applications from outside the corporate
network, over the Internet.
View is certified through the RSA SecurID Ready program and supports the full range of SecurID
capabilities, including New PIN Mode, Next Token Code Mode, RSA Authentication Manager, and load
balancing.
Smart Card Authentication
A smart card is a small plastic card that is embedded with a computer chip. Many government agencies and
large enterprises use smart cards to authenticate users who access their computer networks. One type of
smart card used by the United States Department of Defense is called a Common Access Card (CAC).
Administrators can enable individual View Connection Server instances for smart card authentication.
Enabling a View Connection Server instance to use smart card authentication typically involves adding your
root certificate to a truststore file and then modifying View Connection Server settings.
All client connections, including client connections that use smart card authentication, are SSL enabled.
To use smart cards, client machines must have smart card middleware and a smart card reader. To install
certificates on smart cards, you must set up a computer to act as an enrollment station. For information
about whether a particular type of Horizon Client supports smart cards, see the Horizon Client
documentation at https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Chapter 5 Planning for Security Features
VMware, Inc. 77