Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
Figure 5‑3. Multiple Security Servers
vCenter
Management Server
Microsoft
Active Directory
View
Connection
Servers
load balancing
View
Security
Servers
DMZ
load balancing
ESXi hosts running
Virtual Desktop
virtual machines
internal
network
external
network
client device
client device
You must implement a hardware or software load balancing solution if you install more than one security
server. View Connection Server does not provide its own load balancing functionality. View Connection
Server works with standard third-party load balancing solutions.
Firewalls for DMZ-Based Security Servers
A DMZ-based security server deployment must include two firewalls.
n
An external network-facing, front-end firewall is required to protect both the DMZ and the internal
network. You configure this firewall to allow external network traffic to reach the DMZ.
n
A back-end firewall, between the DMZ and the internal network, is required to provide a second tier of
security. You configure this firewall to accept only traffic that originates from the services within the
DMZ.
Firewall policy strictly controls inbound communications from DMZ services, which greatly reduces the risk
of compromising your internal network.
Figure 5-4 shows an example of a configuration that includes front-end and back-end firewalls.
Chapter 5 Planning for Security Features
VMware, Inc. 83