Re: Internal Network

Omatsei · ‎06-30-2009

Is it possible to set up a pool of VM's through VMware View that are completely internal, and have no access to the internet (and to the client network)? Specifically, the VM's will be used for testing network security, and can't have any access to the external network at all. Previously, we accomplished this by having the clients install the VI Client and open the console of whatever machine they need, but it would be much easier if we could do something similar through a web browser and View Manager. (I hope that makes sense.)

mittim12 · ‎06-30-2009

The Guest VM's would need access to the connect broker as well as AD but you may be able to lock down other areas using a VLAN and ACL. I have never done anything like that but maybe it would work.

If you found this or any other post helpful please consider the use of the Helpful/Correct buttons to award points

Omatsei · ‎06-30-2009

We can't have it connect to anything outside the connection broker. I tried adding another network adapter to the broker and set it to an internal-only vswitch, with an internal IP, then changed the IP's of the VM's to be internal (and set those network adapters to connect to the internal-only vswitch), but on the client end, it keeps saying there are no desktops available to connect to.

mjsvirt · ‎06-30-2009

It may be possible to setup an isolated environment that could talk to the connection broker and AD only by putting a View Security Server in front of it.

Put everything on an ACL'd VLAN and allow the View Security Server on the regular network to communicate with the View Manager and allow access to the isolated desktops...

Jason Silva http://silvaecs.com http://twitter.com/silvaecs

Omatsei · ‎07-01-2009

Here's the configuration right at the moment:

Client - v.x.y.z (real IP)

Security Server - v.x.y.z (real IP), and 192.168.1.1

Connection Server - v.x.y.z (real IP), and 192.168.1.2

Internal Desktops - 192.168.1.10-192.168.1.12

The Client can hit both the Security Server and Connection Server without any problem. However, when I try to open the Internal Desktop, it says no desktop sources are available. I suspect that the connection broker simply orchestrates the communication between the Client and the Internal Desktop (it basically says to the client "the IP you want to connect to is 192.168.1.10, so go to it", but the client can't get there, so it fails). If that's the case, the only solutions I can think of are to either create an interna, routable network (which wouldn't work because we want to provide Internal Desktop access to home machines), or set up a VPN server / gateway to forward traffic from the real world to the 192 world. Am I way off base here?

mjsvirt · ‎07-01-2009

Is the View environment configured for "direct connect" where the client talks to the broker and then makes a direct connection to the vm desktop?

Or

Is the View environment configured so that connections go through the connection or security server? This seems like the more workable scenario based on what you are trying to do.

Jason Silva http://silvaecs.com http://twitter.com/silvaecs

Omatsei · ‎07-01-2009

I'm assuming it's configured the first way. Where is that setting?

mjsvirt · ‎07-01-2009

In View Manager choose Configuration.

In configuration, choose servers. Highlight your View Server and click edit. There is a check box for "Direct Connection to Desktop" that you can select or deselect.

Jason Silva http://silvaecs.com http://twitter.com/silvaecs

Omatsei · ‎07-01-2009

That's not selected. I just tried either way, and it doesn't appear to make a difference (unless I have to restart the Security Server or Connection Server to have it take effect). Either way gives an error saying that there aren't any desktop sources available.

Corvax · ‎08-12-2010

Hello...I'm trying to set something simular up and would like to know if you ever got this to work? If so, can you breif me on how you configured it?

thanks

All

Internal Network