Hello all,

Long time reader of the communities, here's my first post that I hope will have the right info and be useful to others.

I'm currently designing an infrastructure based on VMware View, and there is something I need clarified if possible:

All the documentation I’ve read to date describes a Security Server as being only a form of secure proxy for the Connection Server that deals with the Active Directory and RSA 2-factor authentication at the back-end.

A main concern in our organisation is that this setup could allow an attacker on the Internet to generate unwanted traffic going to our infrastructure servers (RSA, Active Directory) located in our datacentre. Typically our goal would be to disallow unauthenticated traffic through to our datacentre where these infrastructure servers are located (e.g. we authenticate Outlook Web Access users in a DMZ with a Microsoft ISA server).

Here are my questions:

• Can the Security Server be configured to do the authentication directly instead of exchanging this info with the Connection Server?
  (with the aim to avoid having “unauthenticated” traffic polluting our trusted network)

• Alternatively, can we host the Connection Server in a DMZ?
  (and leave the View LDAP configuration repository and similar sensitive services on the trusted network)

Many thank in advance for your input :smileyblush:

Message was edited by: Oxyd