Table of Contents
Advertisement
View Client with Local Mode Client Connections
View Client with Local Mode offers mobile users the ability to check out View desktops onto their local
computer.
View Client with Local Mode supports both tunneled and nontunneled communications for LAN-based data
transfers. With tunneled communications, all traffic is routed through the View Connection Server host, and
you can specify whether to encrypt communications and data transfers. With nontunneled communications,
unencrypted data is transferred directly between the local desktop on the client system and the View desktop
virtual machine in vCenter Server.
Local data is always encrypted on the user's computer, regardless of whether you configure tunneled or
nontunneled communications.
Choosing a User Authentication Method
VMware View uses your existing Active Directory infrastructure for user authentication and management.
For added security, you can integrate VMware View with RSA SecurID and smart card authentication
solutions.
Active Directory Authentication
n
Each View Connection Server instance is joined to an Active Directory domain, and users are
authenticated against Active Directory for the joined domain. Users are also authenticated against any
additional user domains with which a trust agreement exists.
RSA SecurID Authentication
n
RSA SecurID provides enhanced security with two-factor authentication, which requires knowledge of
the user's PIN and token code. The token code is only available on the physical SecurID token.
Smart Card Authentication
n
A smart card is a small plastic card that is embedded with a computer chip. Many government agencies
and large enterprises use smart cards to authenticate users who access their computer networks. A smart
card is also referred to as a Common Access Card (CAC).
Log In as Current User Feature
n
When View Client users select the Log in as current user check box, the credentials that they provided
when logging in to the client system are used to authenticate to the View Connection Server instance and
to the View desktop. No further user authentication is required.
Active Directory Authentication
Each View Connection Server instance is joined to an Active Directory domain, and users are authenticated
against Active Directory for the joined domain. Users are also authenticated against any additional user
domains with which a trust agreement exists.
For example, if a View Connection Server instance is a member of Domain A and a trust agreement exists
between Domain A and Domain B, users from both Domain A and Domain B can connect to the View
Connection Server instance with View Client.
Similarly, if a trust agreement exists between Domain A and an MIT Kerberos realm in a mixed domain
environment, users from the Kerberos realm can select the Kerberos realm name when connecting to the View
Connection Server instance with View Client.
View Connection Server determines which domains are accessible by traversing trust relationships, starting
with the domain in which the host resides. For a small, well-connected set of domains, View Connection Server
can quickly determine a full list of domains, but the time that it takes increases as the number of domains
increases or as the connectivity between the domains decreases. The list might also include domains that you
would prefer not to offer to users when they log in to their desktops.
VMware, Inc.
on page 51
on page 52
on page 52
on page 53
Chapter 5 Planning for Security Features
51
Advertisement
Table of Contents
