VMware Horizon Community
EJCTownman
Contributor
Contributor
‎12-01-2011 06:13 AM

limiting access to VMware View 4.6 using AD

Hi,

We want to set up a training room  (physical XP SP3 computers) with the VMware View 4.6 client installed.

Users using this training room will be entitled to a Virtual pool for training. (most likley a linked clone)

We do not want these same users to be able to access VMware View from any other computer or floor in the buildeing except the training room PCs.

Note:All people use there regular LAN ID and passwords, a special training ID is not an option for other reasons that are not in this scope.

How can we accomplish this in AD?

Thanks,

E

0 Kudos
6 Replies
npeter
Expert
Expert
‎12-01-2011 06:24 AM

Easy way... set firewall on connection broker to deny connections from any other machines Smiley Happy (just modify http /https rules with specific IPs )

-nObLe
0 Kudos
EJCTownman
Contributor
Contributor
‎12-01-2011 06:31 AM

Thanks, but I would only want to block one pool not all

0 Kudos
npeter
Expert
Expert
‎12-01-2011 06:41 AM

I don't think View has such an option.

Not sure if thers is options to map between client and agents in view.

One option is to setup kiosk mode to hide all details from users.

or else use the same firewall option but configure on view desktops. create rules for dispaly protocol used. also disable tunnel/PSG connection.

-Regards

-nObLe
0 Kudos
chillware1
Enthusiast
Enthusiast
‎12-01-2011 08:18 AM

Set up another connection broker and configure your training PC's to connect to that broker that is tagged as 'training'. Then tag your pool as 'training', then bingo, only traning room pc's allowed to connect to that pool.

0 Kudos
npeter
Expert
Expert
‎12-01-2011 09:53 PM

But  this can't prevent users from accessing tagged connection broker from another machine. Tagging is for grouping/limitting pools to connection broker, you still need a way to prevent users from accessing that broker outside training room.

-nObLe
0 Kudos
markbenson
VMware Employee
VMware Employee
‎12-01-2011 11:08 PM

npeter wrote:

But  this can't prevent users from accessing tagged connection broker from another machine.

Not on its own, but combined with firewall rules it can. Combining tagging with firewall rules in this way is quite a common way to apply access restrictions for situations like this.

Mark

0 Kudos