Table of Contents
Advertisement
VMware View Architecture Planning Guide
External users cannot see the desktop pools tagged as Internal because they log in through the View Connection
Server tagged as External, and internal users cannot see the desktop pools tagged as External because they log
in through the View Connection Server tagged as Internal.
Figure 5-1. Restricted Entitlements Example
remote
View Client
external network
DMZ
View
Security
Server
View
Connection
Server
Tag: "External"
desktop pool A
Tag: "External"
You can also use restricted entitlements to control desktop access based on the user-authentication method
that you configure for a particular View Connection Server instance. For example, you can make certain
desktop pools available only to users who have authenticated with a smart card.
The restricted entitlements feature only enforces tag matching. You must design your network topology to
force certain clients to connect through a particular View Connection Server instance.
Using Group Policy Settings to Secure View Desktops
VMware View includes Group Policy administrative (ADM) templates that contain security-related group
policy settings that you can use to secure your View desktops.
For example, you can use group policy settings to perform the following tasks.
Specify the View Connection Server instances that can accept user identity and credential information that
n
is passed when a user selects the Log in as current user check box in View Client.
Enable single sign-on for smart card authentication in View Client.
n
Configure server SSL certificate checking in View Client.
n
Prevent users from providing credential information with View Client command line options.
n
See the VMware View Administrator's Guide for information on using View Client group policy settings.
54
VM
VM
VM
VM
desktop pool B
Tag: "Internal"
Figure 5-1
illustrates this configuration.
local
View Client
View
Connection
Server
Tag: "Internal"
VM
VM
VM
VM
VMware, Inc.
Advertisement
Table of Contents
