Architecture Planning
Table Of Contents
- View Architecture Planning
- Contents
- View Architecture Planning
- Introduction to View
- Planning a Rich User Experience
- Feature Support Matrix for View Agent
- Choosing a Display Protocol
- Using Hosted Applications
- Using View Persona Management to Retain User Data and Settings
- Using USB Devices with Remote Desktops and Applications
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using 3D Graphics Applications
- Streaming Multimedia to a Remote Desktop
- Printing from a Remote Desktop
- Using Single Sign-On for Logging In to a Remote Desktop
- Using Multiple Monitors
- Managing Desktop and Application Pools from a Central Location
- Architecture Design Elements and Planning Guidelines for Remote Desktop Deployments
- Virtual Machine Requirements for Remote Desktops
- View ESXi Node
- Desktop Pools for Specific Types of Workers
- Desktop Virtual Machine Configuration
- RDS Host Virtual Machine Configuration
- vCenter Server and View Composer Virtual Machine Configuration
- View Connection Server Maximums and Virtual Machine Configuration
- vSphere Clusters
- Storage and Bandwidth Requirements
- View Building Blocks
- View Pods
- Advantages of Using Multiple vCenter Servers in a Pod
- Planning for Security Features
- Understanding Client Connections
- Choosing a User Authentication Method
- Restricting Remote Desktop Access
- Using Group Policy Settings to Secure Remote Desktops and Applications
- Implementing Best Practices to Secure Client Systems
- Assigning Administrator Roles
- Preparing to Use a Security Server
- Understanding View Communications Protocols
- Overview of Steps to Setting Up a View Environment
- Index
PCoIP Secure Gateway
Security servers and Access Point appliances include a PCoIP Secure Gateway component. When the PCoIP
Secure Gateway is enabled, after authentication, clients that use PCoIP can make another secure connection
to a security server or Access Point appliance. This connection allows clients to access remote desktops and
applications from the Internet.
When you enable the PCoIP Secure Gateway component, PCoIP traffic is forwarded by a security server or
Access Point appliance to remote desktops and applications. If clients that use PCoIP also use the USB
redirection feature or multimedia redirection (MMR) acceleration, you can enable the View Secure Gateway
component in order to forward that data.
When you configure direct client connections, PCoIP traffic and other traffic goes directly from a client to a
remote desktop or application.
When end users such as home or mobile workers access desktops from the Internet, security servers or
Access Point appliances provide the required level of security and connectivity so that a VPN connection is
not necessary. The PCoIP Secure Gateway component ensures that the only remote traffic that can enter the
corporate data center is traffic on behalf of a strongly authenticated user. End users can access only the
resources that they are authorized to access.
View LDAP
View LDAP is an embedded LDAP directory in View Connection Server and is the configuration repository
for all View configuration data.
View LDAP contains entries that represent each remote desktop and application, each accessible remote
desktop, multiple remote desktops that are managed together, and View component configuration settings.
View LDAP also includes a set of View plug-in DLLs to provide automation and notification services for
other View components.
View Messaging
The View Messaging component provides the messaging router for communication between View
Connection Server components and between View Agent and View Connection Server.
This component supports the Java Message Service (JMS) API, which is used for messaging in View.
By default, RSA keys that are used for intercomponent message validation are 512 bits. The RSA key size
can be increased to 1024 bits if you prefer stronger encryption.
NOTE When the message security mode is set to Enhanced, SSL is used to secure JMS connections rather
than using per-message encryption.
If you want all keys to be 1024 bits, the RSA key size must be changed immediately after the first View
Connection Server instance is installed and before additional servers and desktops are created. See VMware
Knowledge Base (KB) article 1024431 for more information.
Firewall Rules for View Connection Server
Certain ports must be opened on the firewall for View Connection Server instances and security servers.
When you install View Connection Server, the installation program can optionally configure the required
Windows Firewall rules for you. These rules open the ports that are used by default. If you change the
default ports after installation, you must manually configure Windows Firewall to allow Horizon Client
devices to connect to View through the updated ports.
View Architecture Planning
90 VMware, Inc.