Horizon Infrastructure Internal Security

mk_mk_47 — Tue, 05 Jul 2022 11:16:51 GMT

Hello everyone

Recently, I deployed a horizon environment and it has to be secured both externally and internally. My problem is that when we install an agent on each VM there is a little interaction between each VM and connection server. Meanwhile if that VM has been infected by any malicious software this infection can be speared into connection server or any other important infrastructure. In addition I don't want users to be able to access connection server admin web page internally while by installing agent to VMs they are able to visit admin page.

Another problem is that the recording server which VMs should be able to connect to it through port 9443 is publicly available to VMs and users can access to its web admin interface.

How can I isolate horizon infrastructure from internal users or at least how can I make sure that the only interaction between VMs are from horizon and not from any unwanted app.

this is a serious issue for me and I will be so much appreciated if anyone could help me with that.

Re: Horizon Infrastructure Internal Security

StephenMassman — Tue, 05 Jul 2022 14:25:52 GMT

Here is a good source for what talks to what and on what port.
https://techzone.vmware.com/resource/network-ports-vmware-horizon

Here is the architecture guide also.
https://techzone.vmware.com/resource/horizon-architecture

Windows Firewall rules on Connection servers would be a good idea based on the network ports document above. If you have DMZ UAG appliances, the network ports document explains what network related FW rules for those also.

topic Re: Horizon Infrastructure Internal Security in Horizon Desktops and Apps

Horizon Infrastructure Internal Security

Re: Horizon Infrastructure Internal Security