VMware Horizon Community
julianb79
Contributor
Contributor
‎12-17-2012 10:18 AM

Security / Connection Server paring

I'm in the process of setting up a POC and have a design question concerning adding in security servers.  We have decided to have two connection servers to service internal users but we also want to pair these with two security servers in the DMZ to proxy users that may be connecting from the outside.

I spoke with our Network engineer and he can add a policy to the F5 that will send internal requests to the connection servers and external connections to the security servers.

So the ultimate question is, if I pair a 2 connection servers with 2 security servers, can internal requests be directed to the connection server or would it be required by View to first go through the security server.

I'm under the impression sending internal requests directly to the connection server is not a problem (when paired).

Any reference to documenation would be great.

Thanks as always

0 Kudos
7 Replies
memaad
Virtuoso
Virtuoso
‎12-17-2012 10:29 AM

Hi,

Internal users can be directed to connection server not through security server. Here is doc which explain how user will authenticate with security server and without security server .

http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-architecture-planning.pdf


Regards

MOhammed

Mohammed | Mark it as helpful or correct if my suggestion is useful.
0 Kudos
julianb79
Contributor
Contributor
‎12-17-2012 11:38 AM

So even if the connection server is paired with a security server, I can direct internal uses to the connection server.  I've looked through that doc and didn't see any that specifically answered the question.

0 Kudos
mittim12
Immortal
Immortal
‎12-17-2012 11:47 AM

You can direct internal users to those systems but because they are paired with the security servers they will end up having to use tunneled connections.    Most environments have dedicated servers for internal and then dedicated for external.

0 Kudos
npeter
Expert
Expert
‎12-17-2012 09:44 PM

You can dedicate one connection server for internal users and pair two security servers to the second connection server. When users connect from external network using PCoIP or RDP through security server, the traffic from desktop to client is handled by security servers. The paired Connection server is not involved in handling the session data. This way one connection server can be dedicated to internal users.

Regards

-noble

-nObLe
0 Kudos
mittim12
Immortal
Immortal
‎12-18-2012 05:59 AM

I thought the security server/connection server pair was a one to one setup only.   Did that change in one of the later versions?

0 Kudos
memaad
Virtuoso
Virtuoso
‎12-18-2012 06:05 AM

Hi,

It is one to one pairing.

Regards

Mohammed

Mohammed | Mark it as helpful or correct if my suggestion is useful.
0 Kudos
npeter
Expert
Expert
‎12-18-2012 09:23 PM

View always supported pairing multiple security server to single connection server.

What is not supported is pairing same security server to multiple connection servers.

http://pubs.vmware.com/view-51/index.jsp?topic=%2Fcom.vmware.view.planning.doc%2FGUID-57D362EB-AC04-...

"Each security server is paired with an instance of View Connection Server and  forwards all traffic to that instance. You can pair multiple security servers to  a single connection server"

-noble

-nObLe
0 Kudos