2 Replies Latest reply on Jul 18, 2012 10:00 AM by tomaddox

    Using View with an isolated domain

    tomaddox Hot Shot

      Hi, everyone,


      I have a complex scenario I'm trying to implement, and hopefully I can describe it clearly enough to get some useful input.


      We have an isolated testing environment with its own Active Directory domain that has no network access to our primary AD forest (access is restricted via a Cisco access list). At the moment, most access to that environment is done through a Windows 2003 Terminal Server. I would like to place a View connection server at the edge of the environment to provide access to a pool of auto-provisioned, linked-clone Windows 7 VMs which are members of the isolated AD domain. The vCenter server is a member of our primary domain and has no visibility into the isolated environment.


      The question is, how can I set up a View pool in the isolated environment without setting up a separate vCenter server?


      I have considered the following options:


      1) Punch a hole in the access list for the domain controllers and create a trust between the domains.

      Advantage: relatively easy to accomplish in a short amount of time

      Disadvantage: substantially compromises isolation


      2) Place the View pool VMs into a workgroup instead of a domain.

      Advantage: easy to accomplish

      Disadvantage: requires local accounts and additional work to access domain resources


      3) Use a static VM pool which is a member of the isolated domain

      Advantage: Allows domain authentication

      Disadvantage: Requires manual work for broad configuration changes


      4) Bin the whole thing and use a Windows 2008 R2 Terminal Server

      Advantage: Less complex than using View

      Disadvantage: The purpose of using desktop VMs is to perform compatibility testing, and Windows 2008 R2 will not exactly match Windows 7.


      If anyone else has additional insight or feedback, I would love to hear it.