VMware Horizon Community
ericgc
Contributor
Contributor
Jump to solution

View setup with Security Servers at Home?

So I am trying to setup a test View environment to get more familiar with it and have everything running on my one host through my home network (FiOS). Question is I want to setup a Security Server and try to connect from another location to a one of the desktop pools I setup. I figured this would be good practice. But all I have is my modem that connects to a switch which connects my host and my pc. The modem does have a built in firewall.

Anyone tried this before? Any suggestions on how to get this to work?

Thanks in advance.

Reply
0 Kudos
1 Solution

Accepted Solutions
EricMonjoin
VMware Employee
VMware Employee
Jump to solution

  1. Install your VSS (View Security Server) and pair it with your VCS (View Connection Server), note : the security server don't have to be a member of AD but it must resolv VCS name

  2. Add your security server on your VCS ( Configuration \ Server \ Security Servers \ Add)

    1. Name : name it as you want

    2. External Url : <external_hostname>.<your_domain>:443

  3. Click on "Create Configuration File" and save this file on the Security Server as C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties (yes youhave to rename config.properties to locked.properties)

  4. Restart "VMware View Security Server" service

  5. Configure your router to route external_ip:port_443 to vss_internal_ip:port_443

That's all

Note : You mustn't check the "Direct connection to desktop" box on VCS configuration

View solution in original post

Reply
0 Kudos
8 Replies
EricMonjoin
VMware Employee
VMware Employee
Jump to solution

Don't you have Port Forwarding on your modem ?

I personaly used a Linksys router (WRT54GS) (but I can also do it from the admin console of my adsl box), so I set Port forwarding to forward all trafic from external IP on port 443 to my Security Server with a local IP and it works perfectly.

Reply
0 Kudos
ericgc
Contributor
Contributor
Jump to solution

Yes, there is port forwarding on my router. I have never setup a security server before so I am looking for some guidance with this setup. I have it installed on a server and pointed to the connection manager server. Not really sure how to go about it from this point. Do I set an external URL on view adminstrator? Would that be the URL someone from another location would type in to be able to have access to a remote desktop?

I guess I need to take a look at my router and see how to go about the port forwarding first. And then play around with trying to get the security server setup. I checked out the admin guide but it didn't go into much detail.

Thanks.

Reply
0 Kudos
EricMonjoin
VMware Employee
VMware Employee
Jump to solution

  1. Install your VSS (View Security Server) and pair it with your VCS (View Connection Server), note : the security server don't have to be a member of AD but it must resolv VCS name

  2. Add your security server on your VCS ( Configuration \ Server \ Security Servers \ Add)

    1. Name : name it as you want

    2. External Url : <external_hostname>.<your_domain>:443

  3. Click on "Create Configuration File" and save this file on the Security Server as C:\Program Files\VMware\VMware View\Server\sslgateway\conf\locked.properties (yes youhave to rename config.properties to locked.properties)

  4. Restart "VMware View Security Server" service

  5. Configure your router to route external_ip:port_443 to vss_internal_ip:port_443

That's all

Note : You mustn't check the "Direct connection to desktop" box on VCS configuration

Reply
0 Kudos
ericgc
Contributor
Contributor
Jump to solution

Couple of quick questions:

"2.External Url :

- if my domain is xx.local do I need to add .com to the end of that for the external URL?

Thanks.

Reply
0 Kudos
EricMonjoin
VMware Employee
VMware Employee
Jump to solution

No that must be a domain that anybody can resolv on Internet and it could totally different from your internal domain name

So :

  • You can create for exemple an account on dyndns.com (check if your router can update dydns server in case you have a dhcp address)

or

  • You can bye your own domain name (but you need to be sure that the registar can host your DNS server.

In my case, I bought my own domains and my dns servers are provided by my registar (www.gandi.net) and I have a fixed internet IP address.

Reply
0 Kudos
ericgc
Contributor
Contributor
Jump to solution

Ok cool. My router does support the dyndns.com site so I will create a host name and see what I can come up with.

I appreciate your help.

Reply
0 Kudos
ericgc
Contributor
Contributor
Jump to solution

That worked!!! I was able to connect to a virtual desktop over the internet!

Thanks alot!

Reply
0 Kudos
romatlo
Enthusiast
Enthusiast
Jump to solution

Hello Eric,

I am using an older Linksys WRT54G firmware 3.03.9 but have used port forwarding.

I am trying to get this working with View 4.6 and PCoIP.  I have the View 4.6 connection server, VMs, and Security server all setup with internal non-routable IP addresses.  connection server = 10.1.1.15 and security server = 192.168.1.130.

My Linksys external IP address is 24.229.184.27 and I think I have the appropriate ports forwarding and enabled.

I've also setup the View configuration with security server and appropriate URLs, etc.

Would you mind taking a look at my screenshots to see if you see anything that I am doing wrong?  I am unable to connect from a view client using the 24.229.184.27 address.  The error is: The View Connection server failed.  Verify that the View connection server address, network settings, and SSL settings are correct.

Everyone can ping each other, it must be something I am overlooking!  Smiley Happy

Thanks!

Reply
0 Kudos