Hi All,

Usecase:

- Want to provide external users access to restricted corporate resources (websites, servers, PCs) through VMware View 5.1

- External users VDI machines should be located in dedicated subnet without access to any corporate resources. Access to those should be managed by edge gateway firewall

- Edge gateway provides DHCP, NAT and firewall between dedcated VLAN for external users and corporate network

- After external user log-off from VM, machine is refreshed so other external user can use it, the data that has been created by previous user are deleted

Scenario:

1. I have created dedicated port group on dvswitch with specified VLAN 201

2. I have deployed edge gateway to provide connectivity between VLAN 201 and external network. Edge gateway also do the DHCP, NAT and firewall

3. View Connection server is located in my external (production) network and it's connected to prod DC

4. I have created static route on my connection server to allow access VDI machines to connection server

5. I have created one VDI in dedicated VLAN 201 and assigned that machine to some manual pool in View Connection server. Machine has been sucesfully detected and I was able to connect with it using View Client. Before I had to open dedicated ports on Edge gateway firewall.

So far so good.

The next step was to integrate it with Composer as refresh option is available only after using automated pool with composer.

1. I have used a VM with snapshoot which has been placed in VLAN 201.

2. I have created floating automated pool in View using Composer and VM mentioned in point 1

3. After complete all those tasks vSphere has started to create a main replica VM and linked clone.

4. After creating replica I realized that vSphere has assigned my main replica to my external (production) dv portgroup, even my base image was connected to VLAN 201.

5. Since replica has been assigned to external (production network), my linked clones also has been connected to this network, which is not the case, I want to connect my linked clones to VLAN 201

At the beggining I thought it's because VLAN 201 has some firewall ports closed, which could be potentially used by composer. I have

allowed any ports and protocols to communicate with my external (production) network to check if this will change anything. Unfortunately it didn't worked - my replica has been assigned to my external network once again.

Is there anything that I'm missing here? Why replica has been assigned to different port group on dv switch comparing to base image which has been placed in dedicated VLAN 201?

Anyone can explain this - is this a normal behaviour?

Regards,