VMware Horizon Community
SBaldridge
Contributor
Contributor
‎01-04-2012 01:28 PM

View 5 and RDP, tunneled or what?

We are running vSphere v5 with View v5 and are beginning discussions on adding a view security gateway (VSG) along with a dedicated view connection server (VCS) to accommodate remote devices on the internet (I will refer to it as AOL).  At the moment they must use an SSL VPN to connect and then access View.

My question:  I see from the deployment guide and some other research that the HTTPS and PCoIP connections are routed through the VSG to the vm desktops, however I read in two places which have conflicting information about how the RDP client traffic is routed.

I hoped to see that RDP is tunneled through the VSG and then routed to the VM rather than the remote (AOL) client trying to directly send RDP traffic to a vm desktop?  We have some HP t5545 thin clients out there (and some other thin o/s devices) that will use RDP to connect and I can't ask my security folks to open up RDP from AOL to my vm desktop subnet.

Can someone clarify this behavior for me?

Thanks

0 Kudos
4 Replies
kgsivan
VMware Employee
VMware Employee
‎01-04-2012 09:13 PM

Yes, there is no need of opening RDP port. Client will be establishing secured tunneled connections to VM desktops. This will be https traffic.

From the broker side, you will have to enable an option named "Secure tunnelled connecitons to view desktops"

0 Kudos
SBaldridge
Contributor
Contributor
‎01-05-2012 08:29 AM

Thank you for that reply.  Am I correct that the VSG (not VCS) is the intermediary connection between internet clients and the VM desktops on PCoIP or RDP?

Thanks again.

0 Kudos
gunnarb
Expert
Expert
‎01-05-2012 08:33 AM

The checkbox skg wrote about above is why it gets tunneled.  Without that you'd need to open 3389 directly to the VM, which would defeat the purpose of a Security Server.  So the reason you are seeing mixed information out there is that they are both right.  However, depending on how you configure it in View you can either have it tunneled (which is prefered for external access being terminated in a DMZ), verses internally you probably wouldn't want it tunneled (this way you can reboot an internal VCS and it wouldn't disconnect your users).

Gunnar Berger

www.gunnarberger.com

Gunnar Berger http://www.gunnarberger.com http://www.endusercomputing.com
0 Kudos
orthohin
Enthusiast
Enthusiast
‎01-05-2012 08:50 AM

I think you are right. VSG (not VCS) is the intermediary connection between internet clients and the VM desktops on PCoIP or RDP.

Regards,
Milton

Never trust a computer you can't throw out a window
0 Kudos