Table of Contents
Advertisement
VMware View Architecture Planning Guide
Because users can connect directly with any View Connection Server instance from within their internal
network, you do not need to implement a security server in a LAN-based deployment.
N
View clients that use PCoIP can connect to View security servers, but PCoIP sessions with the virtual
OTE
desktop ignore the security server. PCoIP uses the User Datagram Protocol (UDP) for streaming audio and
video. Security servers support only TCP.
For information about setting up VPNs for using PCoIP, see the following solutions overviews, available on
the VMware Web site:
VMware View and Juniper Networks SA Servers SSL VPN Solution
n
VMware View and F5 BIG-IP SSL VPN Solution
n
VMware View and Cisco Adaptive Security Appliances (ASA) SSL VPN Solution
n
Best Practices for Security Server Deployments
You should follow best practice security policies and procedures when operating a security server in a DMZ.
The DMZ Virtualization with VMware Infrastructure white paper includes examples of best practices for a
virtualized DMZ. Many of the recommendations in this white paper also apply to a physical DMZ.
To limit the scope of frame broadcasts, the View Connection Server instances that are paired with security
servers should be deployed on an isolated network. This topology can help prevent a malicious user on the
internal network from monitoring communication between the security servers and View Connection Server
instances.
Alternatively, you might be able to use advanced security features on your network switch to prevent malicious
monitoring of security server and View Connection Server communication and to guard against monitoring
attacks such as ARP Cache Poisoning. See the administration documentation for your networking equipment
for more information.
Security Server Topologies
You can implement several different security server topologies.
The topology illustrated in
security servers in a DMZ. The security servers communicate with two View Connection Server instances
inside the internal network.
56
Figure 5-2
shows a high-availability environment that includes two load-balanced
VMware, Inc.
Advertisement
Table of Contents
