VMware Horizon Community
klamero
Contributor
Contributor
‎06-24-2013 12:48 PM
Jump to solution

Nested PCoIP gateways possible?

I have a client with multiple firewall layers between their production network and the internet.  Is it possible to use the PCoIP Gateway service to go from the Security server to a Connection server and then to the desktops?  It would look similar to the following:

Remote Client -> FW -> Security Server -> FW -> Connection Server -> FW -> Desktop.

Their corporate policy currently does not allow traffic from where the Security Server is located to directly reach the desktop network.  Is a configuration like this possible with PCoIP Gateway services?  From what I have read so far I do not believe that it is, but need to confirm.

Thanks.

Tags (1)
0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
‎06-24-2013 01:20 PM
Jump to solution

klamero wrote:

  From what I have read so far I do not believe that it is, but need to confirm.

Thanks.

You are correct. Nested PCoIP Gateways are not supported.

Security Server needs to forward PCoIP to the virtual desktops.

You cannot do:

Remote Client -> FW -> Security Server -> FW -> Connection Server -> FW -> Desktop.

You can do:

Remote Client -> FW -> Reverse TCP/UDP Proxy -> FW -> Security Server -> Connection Server -> FW -> Desktop.

Mark

View solution in original post

0 Kudos
2 Replies
lbourque
Virtuoso
Virtuoso
‎06-24-2013 12:54 PM
Jump to solution

Why not? As long as the appropriate firewall rules (statefulness; ports, et al) are opened between the CS and desktops there should be no reason that this won't work. It certainly means extra work and will keep the security team employed regularly since minor changes can have huge impacts but as long as the ports are open (remember that PCoIP uses both TCP and UDP ports; also, don't forget all the other little ports like the ones for JMS, USB, MMR if needed, etc) then it should be fine.

0 Kudos
markbenson
VMware Employee
VMware Employee
‎06-24-2013 01:20 PM
Jump to solution

klamero wrote:

  From what I have read so far I do not believe that it is, but need to confirm.

Thanks.

You are correct. Nested PCoIP Gateways are not supported.

Security Server needs to forward PCoIP to the virtual desktops.

You cannot do:

Remote Client -> FW -> Security Server -> FW -> Connection Server -> FW -> Desktop.

You can do:

Remote Client -> FW -> Reverse TCP/UDP Proxy -> FW -> Security Server -> Connection Server -> FW -> Desktop.

Mark

0 Kudos