Hello all,
Long time reader of the communities, here's my first post that I hope will have the right info and be useful to others.
I'm currently designing an infrastructure based on VMware View, and there is something I need clarified if possible:
All the documentation I’ve read to date describes a Security Server as being only a form of secure proxy for the Connection Server that deals with the Active Directory and RSA 2-factor authentication at the back-end.
A main concern in our organisation is that this setup could allow an attacker on the Internet to generate unwanted traffic going to our infrastructure servers (RSA, Active Directory) located in our datacentre. Typically our goal would be to disallow unauthenticated traffic through to our datacentre where these infrastructure servers are located (e.g. we authenticate Outlook Web Access users in a DMZ with a Microsoft ISA server).
Here are my questions:
Can the Security Server be configured to do the authentication directly instead of exchanging this info with the Connection Server?
(with the aim to avoid having “unauthenticated” traffic polluting our trusted network)
Alternatively, can we host the Connection Server in a DMZ?
(and leave the View LDAP configuration repository and similar sensitive services on the trusted network)
Many thank in advance for your input :smileyblush:
Message was edited by: Oxyd
I have exactly the same question - can anyone answer?
Reading the View Manager documentation for remote desktop deployment in a DMZ it states
"View Security Servers do not contain an LDAP configuration repository and do not
access any authentication repositories (Active Directory or RSA Authentication
Manager). When remote users connect using a View Security Server, they must
successfully authenticate before a secure connection is established. This means they
cannot attempt to access any virtual desktops until they are successfully authenticated"
Whoch doesnt make sense? It says they MUST authenticate and then says they cant access any authentication respositories. is it is as simple as saying it can ONLY authenticate against RSA with tokens?