VMware Horizon Community
Wall_of_Paul
Contributor
Contributor
‎12-06-2016 12:22 PM
Jump to solution

View 6.2 - Multiple Sessions from a single pool

Is there a way that a user can be allowed to have multiple desktop sessions open at once using the Horizon View Client for Windows?

Some of our technician app support staff need to assist multiple vendors at once with webex sessions and since they only have a single computer to work with, it becomes difficult to assist. Our security policy does not allow us to open webex sessions directly on a server so it would be nice if a user could launch the a desktop using view client, then once the session is open, launch another session from the view client and have two or three sessions open side by side that they can work between without giving up the use of their primary workstation for a vendor who needs control.

If I open a session up currently and then try to open another session from a different pool, both sessions crash and I get an error message that says: "The connection to the remote computer has been closed due to a new connection request."

I am open to using multiple pools to accomplish this if I can't have multiple concurrent sessions per user in one pool but I'm not sure if there is any possible way to make this work. Thanks!

0 Kudos
1 Solution

Accepted Solutions
mougT
Enthusiast
Enthusiast
‎12-07-2016 04:55 AM
Jump to solution

The same user can connect to different pools from the same client. The error message you get, indicate that you are connecting to the same pool/desktop that you already are connected to? If you start a VMware Horizon client within your current VDI session, make sure you don't have "Autoconnect to this desktopl" enabled.

View solution in original post

0 Kudos
5 Replies
mougT
Enthusiast
Enthusiast
‎12-07-2016 04:55 AM
Jump to solution

The same user can connect to different pools from the same client. The error message you get, indicate that you are connecting to the same pool/desktop that you already are connected to? If you start a VMware Horizon client within your current VDI session, make sure you don't have "Autoconnect to this desktopl" enabled.

0 Kudos
jgravedo
Contributor
Contributor
‎12-07-2016 12:57 PM
Jump to solution

Just out of curiosity, but why would your technician allow a vendor to utilize a computer with the technician's user account logged in? Wouldn't that be a security vulnerability, leaving the technician open for liability should something happen?

My suggestion would be to create AD users for each of the consultant/vendor accounts you want to grant access. Then you have some auditing capability should those vendors get into something they shouldn't be, and you can allow those multiple users to log in to the same pool. Give those accounts only the access they need to do the job they have to do.

Otherwise, if it must be multiple sessions for the same user, you can configure pools to allow multiple Sessions per user. We have used that in the past for training with a single generic account. You'll probably want to configure the pool to also log off on disconnect, though, so nobody accidentally logs into someone else's session.

Wall_of_Paul
Contributor
Contributor
‎12-09-2016 06:17 AM
Jump to solution

Thanks, I did verify that Auto Connect was not turned on. I think you were able to confirm my suspicion that you could not have more than one desktop per pool open at any given time. I was able to create 2 additional pools and have a desktop from each pool open which should provide a solution in the short term.

0 Kudos
Wall_of_Paul
Contributor
Contributor
‎12-09-2016 06:26 AM
Jump to solution

We are still growing our security posture to avoid the risks you mentioned. To try and reduce the risk with this method the VDI pools are extremely slimmed down with no drive mappings or other internal program accesses available and any vendor session that occurs must be monitored by the support staff so the vendor is not unattended. I like the idea of creating a generic account for using the VDI pools to limit unneeded exposure. We do use admin accounts for escalating privileges so the sessions are limited in access without elevating even though there would be some unneeded access still present. We are also working on adding auditing measures and micro-segmentation with NSX in the upcoming budget year so we will have better systems in place to accomplish this safely soon. I appreciate the information and suggestions you have provided!

0 Kudos
mrmattmcg
Contributor
Contributor
‎01-09-2018 11:54 AM
Jump to solution

The title is different than this answer.  I am looking to actually open from different clients to the same pool.  This answer does not say that.  My reason is the same as this discussion though - I need to be able to open a VM on a different computer to allow a vendor to perform a support call ... like VMware.  Can anyone help me with this?

0 Kudos