VMware Horizon Community
EnricoK
Contributor
Contributor
‎10-15-2017 11:41 PM

Some Configuration Questions Horizon View 7.2

Hi guys,

if this question was already answered anywhere else, I do apologize and I just did not find it.

I need some clarifications regarding some configuration issues.

Right now we are running VMWare Horizon 7.2 with one Security Server (e.g. secserver.domain.com) in our DMZ and one internal View Connection Server (e.g. "connectionserver.domain.com").

We are using Split DNS. IF clients connect from outside of our network, the url points to our security server in our DMZ. If they are inside our domain network, the url points to the internal view connection server.

External Clients --> https://accessname.domain.com --> Security Server DMZ --> View Connection Server

External Clients --> https://accessname.domain.com --> View Connection Server

My question right now is:

Do I need to change the "External URL" in the Server Settings of the connection server to acutally point to the defined access url?

Currently there is still the address of the actual connection server name ("https://connectionserver.domain.com").

Only in the Security Server Settings the external URL is set to "https://accessname.domain.com"

Right now, everything seems to work - Clients can access the pools via "https://accessname.domain.com" without any issues, so I am wondering if changing the external url is necessary?

And another question would be, if it is possible to configure horizon view, that user who connect from outside have to use smartcard authorization and users inside the network can authenticate without smartcard, without create separate pools for internal and external access?

thanks for your help.

best regards

Enrico

p.s. sorry for the bad english 😉

0 Kudos
2 Replies
MauroBonder
VMware Employee
VMware Employee
‎10-20-2017 05:11 AM

Do I need to change the "External URL" in the Server Settings of the connection server to acutally point to the defined access url?

That I know, no, you need to configure paired configuration between connection server and security.

Right now, everything seems to work - Clients can access the pools via "https://accessname.domain.com" without any issues, so I am wondering if changing the external url is necessary?

Who is "Clients"? Internal or External (DMZ) ?

External URL from Connection or Security ?

In general, yes you need to keep this configuration of URL.

The best practices should be do something like:

XXX connections servers to external users + XXX Securities  - Clients coming from DMZ

XXX connections servers to internal users - Clients coming from internal

And another question would be, if it is possible to configure horizon view, that user who connect from outside have to use smartcard authorization and users inside the network can authenticate without smartcard, without create separate pools for internal and external access?

It will depends of how is your architecture. If you have this scenario that I mentioned above (DMZ and Internal), it make easier to create this environment.

I don't know if I am helping, but, I hope so.

*Please, don't forget the awarding points for "helpful" and/or "correct" answers. *Por favor, não esqueça de atribuir os pontos se a resposta foi útil ou resolveu o problema.* Thank you/Obrigado
0 Kudos
EnricoK
Contributor
Contributor
‎11-02-2017 08:24 AM

Hi Mauro,

first of all thanks, and sorry for my late reply.

That I know, no, you need to configure paired configuration between connection server and security.

Okay, we have a paired connection, so I leave the url at the connection server as it is.

Who is "Clients"? Internal or External (DMZ) ?

External URL from Connection or Security ?

In general, yes you need to keep this configuration of URL.

The best practices should be do something like:

XXX connections servers to external users + XXX Securities  - Clients coming from DMZ

XXX connections servers to internal users - Clients coming from internal

In this particular case, Clients that are coming from the internal network connect directly to the connection server.

We only made one URL (in my example: https://accessname.domain.com)  that people use in our company to connect to our horizon environment, to make it easier for them.

So we do not have one url for external access like https://externalaccess.domain.com and for internal access e.g. https://internalaccess.domain.com.

For Clients coming from outside our network through the dmz, the url is resolved to the host ip of our security server.

For Clients coming from internal network, the url is resolved to the host ip of our connection server.

I just wanted to be sure, that this is a common approach.

0 Kudos