Hi npeter,

Thanks for replying, I have a few follow up questions if you have a moment

So I could decide to use either 80 or 443 (if I choose to use SSL for local mode operations and desktop provisioning) not necessarily both?

Would my transfer server need to resolve to its FQDN and/or IP address for just the security server in the DMZ or would it be required for the local mode clients coming in over the internet to be able to do so to complete the download?

http://kb.vmware.com/kb/1027217 seems to say both the security server and the local mode clients need to be able to access the transfer server or is it possible to direct all traffic between view elements through the security server?

I suppose what I don't fully understand is the sequence of communications between a remote localmode client and the security server & transfer server

Hi Mob,

Yes you need to open one of them based on view configurations.

The following help topics from view admin will make things clear on which ports should be used when. These options are set under connection server-> Local mode

"1. Use secure tunnel connection for Local Mode operations:   
Local desktops use tunneled communications. Network traffic is routed through View Connection Server or a security server if one is configured.
If you do not use this setting, data transfers take place directly between local desktops and the corresponding remote desktops in the datacenter.
The default is not to use secure tunnel connections.

2. Use SSL for Local Mode operations:   
Communications and data transfers between client computers and the datacenter use SSL encryption. These operations include checking in and checking out desktops and replicating data from client computers to the datacenter, but do not include transfers of View Composer base images. They involve connections between client computers and View Transfer Server.
The default is not to use SSL.

3. Use SSL when provisioning desktops in Local Mode:
Transfers of View Composer base-image files from the Transfer Server repository to client computers use SSL encryption. These operations involve connections between client computers and View Transfer Server.

The default is not to use SSL."

In short,

If only option 1 is selected then 80 has to open between SS and TS

If any of the other options are also selceted, then port 443 needs to be open instead of 80.

I believe TS FQDN need not be resolvable from clients while in tunneled mode transfer.

This kb article lists all network port requirements for situations in view. http://kb.vmware.com/kb/1027217

-noble

Thanks noble I had forgotten about those settings on the connection server. I'm still abit unsure about the communications and I hope I can ask your help once again, if I enable setting 1 & 2 in local mode on my Connection Server (CS)as you outlined in your reply would the communication between the user checking out the desktop and the view environment look like Sequence 1 or Sequence 2?

Sequence 2, where there is still a need to talk directly to the transfer server

Thanks noble,

I was hoping it would be end something like that, maybe 4.7 or 5 could have a ST security-transfer server role so it could be located in the DMZ and manually upload or sync the images that should be available outside the network kind of how "Update Manager Download Service" works with update manager.

Either way thanks for the help