If the connections are being initiated from thin clients or repurposed PCs, you could use a script to launch the View Client and provide additional launch parameters. Those can be found in the same Administration guide mentioned earlier, and would allow you to specify the desktop pool to which users will authenticate and connect. If you're connecting using zero clients, it may be more difficult.

Dave

Hi. I'm looking to do the same thing. Seems this is a relevant request for higher education and labs. It would be great if there was a way to incorporate the IP or MAC of the end-point device. Is there anything other than tags (not really a great solution) that can be done?

@vRicke. How would you use network policy to solve the issue?

It's an extremely old thread so your best bet may to start a new thread with the same question.    As far as network policies maybe he is referring to some type of firewall rules that restrict certain IPs to certain View subnets.

I agree that this is a really old post, but the issue keeps coming up every now and then. I've never used the Teradici PCoIP Management Console, but I wonder if that could be used to apply profiles to groups of zero clients that would force them to always connect to specified pools. Does anybody else have some experience with the Management Console and know if it could be used that way? It might be worth having a quick conversation with somebody at Teradici, or just deploying the appliance and giving it a try.

Yah, sorry about posting in this old post. I looked around some more and looks like the Teradici PCoIP utility is the best option:

Re: Apply pool to certain zero clients, can it be done?

Ian

You can use network acl's or firewall rules to prevent connections from the lab subnet to an specified tagged broker/s and a specific subnet on the virtual machines.

And yes you can also specify using the teradici management console for zero clients to connect by default to a specific desktop pool. Still that does not prevent somebody with knowledge to connect to the pool using the client and connecting to it...

So maybe acl's or firewall rules are going to be the most restrictive one.

I'm not sure how someone could change something like the name or IP address of the zero client. The zero clients are locked down with a password, so a person wouldn't have access to get into the zero client to change anything. I agree that acl's/firewall is more flexible as that could include non-zero client type endpoints. The Teradici tool is much easier if all you have are zero clients in the environment.

I'm not sure how I follow what you mean by "use network acl's or firewall rules to prevent connections from the lab subnet to an specified tagged broker/s and a specific subnet on the virtual machines". Could you give an example of what that workflow would look like?

Nobody will be able to change the settings on the zero client but everybody is able to see them even if you lock it. So it would not prevent from somebody gathering the information and connect using the view client.

At least in our environment here we allow all clients but for testing labs is only zero clients are allowed and they are only allowed to take them from a specific location. So we lockdown the zero client but also the network.

Thanks for the feedback. These zero clients will be physically locked down to the lab, but adding network related acl's could also help with someone stealing the zero client IP. I wish VMware recognized this is an issue and added additional ways to restrict endpoint access from within the broker. Tags aren't scalable. They already have Location based awareness, but that only passes endpoint variables to the virtual desktop. They should use that info and pass it to the broker, so additional entitlement policies can be created/enforced. Doesn't seem too difficult.