I'm in the process of setting up a POC and have a design question concerning adding in security servers. We have decided to have two connection servers to service internal users but we also want to pair these with two security servers in the DMZ to proxy users that may be connecting from the outside.
I spoke with our Network engineer and he can add a policy to the F5 that will send internal requests to the connection servers and external connections to the security servers.
So the ultimate question is, if I pair a 2 connection servers with 2 security servers, can internal requests be directed to the connection server or would it be required by View to first go through the security server.
I'm under the impression sending internal requests directly to the connection server is not a problem (when paired).
Any reference to documenation would be great.
Thanks as always
Hi,
Internal users can be directed to connection server not through security server. Here is doc which explain how user will authenticate with security server and without security server .
http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-architecture-planning.pdf
Regards
MOhammed
So even if the connection server is paired with a security server, I can direct internal uses to the connection server. I've looked through that doc and didn't see any that specifically answered the question.
You can direct internal users to those systems but because they are paired with the security servers they will end up having to use tunneled connections. Most environments have dedicated servers for internal and then dedicated for external.
You can dedicate one connection server for internal users and pair two security servers to the second connection server. When users connect from external network using PCoIP or RDP through security server, the traffic from desktop to client is handled by security servers. The paired Connection server is not involved in handling the session data. This way one connection server can be dedicated to internal users.
Regards
-noble
I thought the security server/connection server pair was a one to one setup only. Did that change in one of the later versions?
Hi,
It is one to one pairing.
Regards
Mohammed
View always supported pairing multiple security server to single connection server.
What is not supported is pairing same security server to multiple connection servers.
"Each security server is paired with an instance of View Connection Server and forwards all traffic to that instance. You can pair multiple security servers to a single connection server"
-noble