VMware Horizon Community
keeggib
Contributor
Contributor
‎09-04-2012 12:41 AM
Jump to solution

I'm a bit confused about what a View "Security Server" is...

I've successfully set up an internal corporate test VMware View 5.1 environment to access dedicated and linked-clone pooled VMs from iPads.

Now, one of the users involved in the test environment wants to access his dedicated VM from outside the office...But I want to be sure to provide a secure connection.

I've been a little confused with the VMware documentation because I gather that VMware View 4 had a separate View Security Server product/appliance to act as a secure gateway to operate in the network's DMZ and allow access to the View Connection Server...I think...But I find no such beast in the VMware downloads section called "VMware View 5.1 Security Server."

I'm in a bit of a muddle. My understanding about how external Internet View clients access the internal corporate View Connection Server through the DMZ must be seriously flawed unless the the View 5.1 Connection Server itself has absorbed the functions of the VMware View 4 Security Server and it has to straddle the DMZ or else...Oh hell...I'm just confused

Some help or a point in the right direction would be greatly appreciated!

Cheers!

Keegan

0 Kudos
1 Solution

Accepted Solutions
Linjo
Leadership
Leadership
‎09-04-2012 01:51 AM
Jump to solution

To install the security-server you use the same installer as for the Connection Broker, its an option during the installation procedure.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

0 Kudos
4 Replies
Linjo
Leadership
Leadership
‎09-04-2012 01:51 AM
Jump to solution

To install the security-server you use the same installer as for the Connection Broker, its an option during the installation procedure.

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".
0 Kudos
keeggib
Contributor
Contributor
‎09-04-2012 02:32 AM
Jump to solution

>To install the security-server you  use the same installer as for the Connection Broker, its an option  during the installation procedure.

>// Linjo

Do you mean "To install the security-server you use the same installer as the View 5.1 Connection Server, its an option during the installation procedure."

If you do...Now I'm starting to grok the whole thing.

From the documentation you linked to:

"A security server is an instance of View Connection Server that adds an additional layer of security between the Internet and your internal network. You can install one or more security servers to be connected to a View Connection Server instance.


The security server software cannot coexist on the same virtual or physical machine with any other View Manager software component, including a replica server, View Connection Server, View Composer, View Agent, View Client, or View Transfer Server."

That helps a LOT...I'm deploying this test environment on shoestrings and I was complaining that I needed another physical server host to guarantee secure external connections. Cheap-assed bastards.

Thanks, Linjo...It's all starting to gel. I suspect I need a new multi-homed physical host that has a separate instance of the VMware View Connection Server with the security server option installed...Which straddles the DMZ on it's own external IP/DNS address and connects to the internal corporate VMware View Connection Server.

Am I on the right track?

Message was edited by: keeggib

Message was edited by: keeggib terrible formatting

Message was edited by: keeggib Am I on the right track?

0 Kudos
Linjo
Leadership
Leadership
‎09-04-2012 04:28 AM
Jump to solution

Sounds right, if you need another Connection Server or not depends on your design and requirements.

Usually you end up with 4 Connection Servers and 2 Security Servers (These can be virtual).

2 Connection Servers for internal users,

2 Connection Servers for external users and 2 Security Servers for the DMZ and not to expose AD-joined computers on the internet.

(2 of each to have redundancy and loadbalancing.)

// Linjo

Best regards, Linjo Please follow me on twitter: @viewgeek If you find this information useful, please award points for "correct" or "helpful".
0 Kudos
markbenson
VMware Employee
VMware Employee
‎09-04-2012 06:17 AM
Jump to solution

Take a look at this - http://communities.vmware.com/docs/DOC-14974

It describes setting up remote access to View and covers the purpose of a Security Server. The video at the bottom goes through the setup steps and includes a setup of using Connection Servers for interal users and another for external users via a Security Server.

Mark

0 Kudos