Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
n
Assign the tag "External" to the View Connection Server instance that is paired with the security server
and supports your external users.
n
Assign the "Internal" tag to the desktop pools that should be accessible only to internal users.
n
Assign the "External" tag to the desktop pools that should be accessible only to external users.
External users cannot see the desktop pools tagged as Internal because they log in through the View
Connection Server tagged as External, and internal users cannot see the desktop pools tagged as External
because they log in through the View Connection Server tagged as Internal. Figure 5-1 illustrates this
configuration.
Figure 5‑1. Restricted Entitlements Example
DMZ
client device
View
Connection
Server
Tag: “External”
desktop pool A
Tag: “External”
View
Security
Server
VM VM
VM VM
client device
View
Connection
Server
Tag: “Internal”
desktop pool B
Tag: “Internal”
VM VM
VM VM
external
network
You can also use restricted entitlements to control desktop access based on the user-authentication method
that you configure for a particular View Connection Server instance. For example, you can make certain
desktop pools available only to users who have authenticated with a smart card.
The restricted entitlements feature only enforces tag matching. You must design your network topology to
force certain clients to connect through a particular View Connection Server instance.
Using Group Policy Settings to Secure Remote Desktops and
Applications
View includes Group Policy administrative (ADM) templates that contain security-related group policy
settings that you can use to secure your remote desktops and applications.
For example, you can use group policy settings to perform the following tasks.
n
Specify the View Connection Server instances that can accept user identity and credential information
that is passed when a user selects the Log in as current user check box in Horizon Client for Windows.
n
Enable single sign-on for smart card authentication in Horizon Client.
n
Configure server SSL certificate checking in Horizon Client.
Chapter 5 Planning for Security Features
VMware, Inc. 79