VMware Horizon Community
Realworld
Contributor
Contributor
‎12-09-2008 04:03 AM

RDP tunneling through VDI security server and then through VDI standard server

Hi,

I have a problem with the setup as we would like it to be. If I take the instructions from the setup and administration manual for VDI, I don't get it to work. Here is a small schematic of my environment:

client -security server-standard server----client VM

Now what I seem to be getting from my logs, is that the security server wants to connect directly to the client VM. However, from security perspective we don't want this to happen (since the security server is directly attached to the internet)

Is there a way to let the security server tunnel it's RDP requests through the standard server?

0 Kudos
4 Replies
knudt
Hot Shot
Hot Shot
‎12-09-2008 01:18 PM

Yes, this is possible. In VIew Manager, click on the Configuration button. Then for each VDM server, Edit the properties and ensure that the "Direct Connection to Desktop" is NOT selected.

~If you find this or any other post helpful, please award points. Also mark thread as answered if question was answered successfully.~ Brian Knudtson vExpert, VCP, VCAP
0 Kudos
admin
Immortal
Immortal
‎12-09-2008 02:09 PM

Hi Realworld,

as you will see onpage 32 of the View admin guide, this is the right way it works. The security server uses a direct RDP connection to the desktop. From a security perspective I think this is a good solution. The security server is only a gateway, which talks ssl/https (443) to the internet. on the internal site, it needs RDP to speak to the desktop and also open ports for JMS (the messaging protocol the brokers/agent use to communicat) and ARJ for the forwarded web traffic.

The user is redirected to his desktop, after he was authenticated against the Active Directory and optional to RSA SecurID and he has never contact with the original connection server.

On page 32 of the manual you can see what I mean.

Thanks,

Christoph

0 Kudos
Realworld
Contributor
Contributor
‎12-10-2008 12:18 AM

Hi Christoph,

I must admit that I did see that image of protocol flows. However, if I look at the image on the page before that (the one with the Firewalls) then I get the impression that the Security server doesn't need a direct connection to the client using RDP. If there is any way that also the RDP traffic could be forwarded through the standard server (so not just the JMS and AJP13 traffic), I would become a very happy person :smileygrin:

Regards,

0 Kudos
TomHowarth
Leadership
Leadership
‎12-12-2008 01:42 AM

Moved to the VMware View Manager Forum

If you found this or any other answer useful please consider the use of the Helpful or correct buttons to award points

Tom Howarth

VMware Communities User Moderator

Blog: www.planetvm.net

Tom Howarth VCP / VCAP / vExpert
VMware Communities User Moderator
Blog: http://www.planetvm.net
Contributing author on VMware vSphere and Virtual Infrastructure Security: Securing ESX and the Virtual Environment
Contributing author on VCP VMware Certified Professional on VSphere 4 Study Guide: Exam VCP-410
0 Kudos