Table of Contents
Advertisement
Implementing Best Practices to Secure Client Systems
You should implement best practices to secure client systems.
Make sure that client systems are configured to go to sleep after a period of inactivity and require users
n
to enter a password before the computer awakens.
Require users to enter a username and password when starting client systems. Do not configure client
n
systems to allow automatic logins.
For Mac client systems, consider setting different passwords for the Keychain and the user account. When
n
the passwords are different, users are prompted before the system enters any passwords on their behalf.
Also consider turning on FileVault protection.
Local mode client systems might have more network access when they are running in local mode than
n
when they are remote and connected to the intranet. Consider enforcing intranet network security policies
for local mode client systems or disable network access for local mode client systems when they are
running in local mode.
Assigning Administrator Roles
A key management task in a VMware View environment is to determine who can use View Administrator and
what tasks those users are authorized to perform.
The authorization to perform tasks in View Administrator is governed by an access control system that consists
of administrator roles and privileges. A role is a collection of privileges. Privileges grant the ability to perform
specific actions, such as entitling a user to a desktop pool or changing a configuration setting. Privileges also
control what an administrator can see in View Administrator.
An administrator can create folders to subdivide desktop pools and delegate the administration of specific
desktop pools to different administrators in View Administrator. An administrator configures administrator
access to the resources in a folder by assigning a role to a user on that folder. Administrators can only access
the resources that reside in folders for which they have assigned roles. The role that an administrator has on
a folder determines the level of access that the administrator has to the resources in that folder.
View Administrator includes a set of predefined roles. Administrators can also create custom roles by
combining selected privileges.
Preparing to Use a Security Server
A security server is a special instance of View Connection Server that runs a subset of View Connection Server
functions. You can use a security server to provide an additional layer of security between the Internet and
your internal network.
A security server resides within a DMZ and acts as a proxy host for connections inside your trusted network.
Each security server is paired with an instance of View Connection Server and forwards all traffic to that
instance. This design provides an additional layer of security by shielding the View Connection Server instance
from the public-facing Internet and by forcing all unprotected session requests through the security server.
A DMZ-based security server deployment requires a few ports to be opened on the firewall to allow clients to
connect with security servers inside the DMZ. You must also configure ports for communication between
security servers and the View Connection Server instances in the internal network. See
DMZ-Based Security Servers,"
VMware, Inc.
on page 59 for information on specific ports.
Chapter 5 Planning for Security Features
"Firewall Rules for
55
Advertisement
Table of Contents
