VMware Horizon Community
vmb01
Enthusiast
Enthusiast
‎09-14-2009 02:20 AM

trust relationship

Hi,

a customer wish to use view manager with view composer in the following environment:

view manager and view composer are in AD domain1 not trusted with others domains, groupA virtual desktop has to be joined in domainA not trusted with others domains, groupB virtual desktop has to be joined in domainB not trusted with others domains.

Do you think that all the desktops can be created with the composer technology in this environment?

Thanks in advance and best regards

MB

0 Kudos
4 Replies
galday
Contributor
Contributor
‎09-14-2009 04:32 AM

It should be possible as long as you provide composer with required domain credentials for domainB.

0 Kudos
mpryor
Commander
Commander
‎09-14-2009 07:08 AM

view manager and view composer are in AD domain1 not trusted with others domains, groupA virtual desktop has to be joined in domainA not trusted with others domains, groupB virtual desktop has to be joined in domainB not trusted with others domains.

Do you think that all the desktops can be created with the composer technology in this environment?

To create the VMs and join them to domainA, the machine running Composer must be able to resolve and talk to the domain controllers in domainA but it doesn't need to be in the domain. So ensure DNS and firewall rules allow this. Same obviously applies for domainB. Of course, if the View connection server is not in a domain with two-way trusts to these, you won't be able to use user accounts in domainA or domainB to authenticate to View and won't be able to do single sign on.

0 Kudos
jusrr
Contributor
Contributor
‎09-14-2009 03:51 PM

So to use vmb01's example I would need the following:

In composer I would need to add an account from domain A and domain B that has the abiltiy to create and delete computer accounts. But to do that wouldn't I need to set up a trust on the server running Composer( vCenter)??

I would also have to establish a two way-trust with Domain A and Domain B on the Connection servers for user entitlements. Do I have it right ?

J

0 Kudos
mpryor
Commander
Commander
‎09-15-2009 05:29 AM 

So to use vmb01's example I would need the following:
In composer I would need to add an account from domain A and domain B that has the abiltiy to create and delete computer accounts. But to do that wouldn't I need  to set up a trust on the server running Composer( vCenter)??
No need. Composer will talk directly to the domain controllers using the user credentials provided, not its machine credentials.
I would also have to establish a two way-trust with Domain A and Domain B on the Connection servers for user entitlements. Do I have it right ?
Yes, that's correct. If you plan to log any users into a connection server, the domain it is in must have a two way trust with the user's domain.

					
				
			
			
				
			
			
			
			
			
			
			
		

		
		
	

	
	


	
				
		
			
		
			
		
			
					
			
		
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	


		

	

		

			

	
		
			
					
				
		
			
		
			
					
		
		
	
				
		
			
					
				
		
			
					

	
			

				
		
			
		
			
				

					
						
	
			0
		

	Kudos