Re: Network Isolated Dev VDI

frostyk · ‎11-29-2017

So I have two domains. A production domain and a network isolated test/dev domain with VLAN isolation. I want people on their production workstations, which they are logged into with their production domain creds, to launch a view client and authenticate with a VDI desktop on the test/dev domain. I was thinking I could accomplish this by making the View Connection server have a virtual NIC on production and on test/dev. Users could hit it from prod through the prod nic, and it could broker the connection to the desktops within the dev domain. There are no trusts between these domains, but there shouldn't have to be since the connection server is joined to dev and creating desktops in dev.

The vCenter would be in production. I would just set up the vCenter connection on the view connection server with the production DNS address of vCenter and a service account on the prod domain. While the connection server is not on that prod domain, the prod domain is network accessible so it should be able to authenticate with vCenter.

Does this sound like it would work? The entire point is for as little connection between prod and dev as possible. Only the view connection server would have a connection to both in order to present a dev desktop to a prod workstation.

Suman1209 · ‎11-29-2017

Hi ,

The point mentioned "there is no trust between the domains" there wont be possible to have both the domain users to use the same connection servers , take a look at the blog where talks about the domain trust Horizon View and Active Directory Trusts

Regards Sumanth VCP7-DTM7 , DCV , NV, VCAP7-DTM Design If you found my answers useful please consider marking them as Correct OR Helpful

frostyk · ‎11-30-2017

Thank you for your reply. I have read as much in another blog; however, I don't think it applies to my situation. In this article the users accounts are on the production domain. In my environment all of my users have accounts on the dev domain. The connection server does not need to talk to the production domain controller at all. The only production domain account would be to access the vCenter that sits in production. I don't think the vCenter connection would be a problem since you can authenticate to a vCenter on another domain that isn't trusted (at least I can with vSphere client / Power CLI).

I have used the view client on a non domain joined workstation to connect into a virtual desktop on a domain and this works. There is no workstation to domain trust in that situation. I just supply my domain credentials when I connect to the connection server. This makes me think I can do the same only with a workstation that is joined to a production domain, launch view, point to a connection server in dev domain, and provide my dev domain credentials.

This might be a rare or non used edge case that I might have to test myself.

Suman1209 · ‎11-30-2017

That's Perfectly Correct, DO let me know if you have tested, I will try in my lab to reproduce the case .

Regards Sumanth VCP7-DTM7 , DCV , NV, VCAP7-DTM Design If you found my answers useful please consider marking them as Correct OR Helpful

All

Network Isolated Dev VDI