Vmware View without two-way trust

MuchThings · ‎03-10-2016

From a security standpoint we don't want a two-way trust between the domain VMware View resides in and the domain our users/machines resides in

Is there any possible way to accomplish this?

cH1LL1 · ‎03-10-2016

We ran in to this issue recently as we are migrating domains.

and the answer is No

" To entitle or select users and groups from a different domain, you must establish a two-way trust relationship between that domain and the View Connection Server host's domain.

Users are authenticated against Active Directory for the View Connection Server host's domain and against any additional user domains with which a trust agreement exists."

The later version of View (6.2 I think) does not require a 2 way trust..

Release Notes for VMware Horizon 6 version 6.2

One-Way AD Trusts

One-way AD trust domains are now supported. This feature enables environments with limited trust relationships between domains without requiring View

larsonm · ‎03-19-2016

I have customers running in a 5.x and 6.x environment that do not have a two-way trust with the user domain.

Their configuration involves having all Connection Servers, vCenter, Composer and desktops in what I'll call an "agency" domain, while their user accounts come from what we'll call an "administration" domain. The agency domain trusts the administration domain. The framework service on the connection servers runs as an account from the administration domain, which is also added as a local admin on the connection server.

These guys are doing something similar.

VMware View: Multiple Domains Without a Two-Way Trust - VMware - Spiceworks

All

Vmware View without two-way trust