Implementing VMware View Security Server
VMware View is VMware’s virtual desktop infrastructure (VDI) product – View virtual desktops are hosted on VMware ESXi.
I recently upgraded a customer’s environment to VMware View 5.1, which was released in May 2012 (click here for a list of new features), and the customer wanted to extend the VMware environment for remote access. The best way to do this is to implement VMware View Security Server. The installation is fairly straightforward; however there are a few configuration gotchas to look out for. Below are some common areas of misconfiguration:
- The VMware View Security Server requires an SSL certificate tied to the external URL. For example, view.company.com. Within the View client, the address would be https://view.company.com.
- Ports 443 (TCP) and 4172 (TCP and UDP) must be opened on the firewall to the Security Server.
- On the Security Server settings, the default installation will state the internal FQDN and internal IP address. Be sure to specify the external URL for the HTTP(S) Secure Tunnel and the IP address for the PCoIP Secure Gateway:
- If the PCoIP external IP address is not specified correctly then iOS devices (iPad, iPhone, etc.) will receive the following error:
The customer also wanted to integrate their existing RSA SecurID environment for 2-factor authentication. To do so, add both the Connection Server and Security Server to the RSA environment and upload the sdconf.rec file.
Though the Citrix NetScaler has many more features, the VMware Security Server compares favorably from a remote access perspective; although opening 4172 (TCP and UDP) for PCoIP connections and the multipage authentication is annoying. Overall, the speed from a Windows 7 based laptop and IOS device (iPad, iPhone, etc.) is very good. The VMware View Security Server is a much better alternative to a full VPN connection for access to VMware View desktops.