In recent deployments and upgrades of VMWare View 5.0, customers are really starting to realize the concept of the "Follow Me Desktop". When the VMWare View environment is setup correctly for end user access, a single access URL can be easily setup to provide seamless access to VDI environments using BYODs (Bring Your Own Devices) for internal and external access (and just a "cool" solution to provide end user access to perform critical business activities in a secured manner anytie/anywhat/anydevice).
This blog focuses on the internal networking requirements to provide seamless external and internal access to VMWare View environments.
Solution
To provide seamless access via single URL access, please understand that from the URL provided to end users, Windows and Mac users, can download the installation software by just pointing their browser to the URL (smart devices are done via "market"). Now, for the IT Department, there is some effort required to make sure everything gets setup correctly. Below are the steps and diagrams to utilize for this configuration:
1) Determine load balancing setup. Some customers cannot invest the monies into a F5 or Cisco load balances, so DNS round robin can do the trick, by assigning a multiple IP addresses internally and externally to the same DNS name. I will not go into the hardware solution setup at this point.
2) Understand the port requirements and DMZ setup (diagrams below) end to end. EVERYONE MISSES PORT 4172 TCP AND UDP BOTH DIRECTS ON THE EXTERNAL and INTERNAL FIREWALLS!!!!!
3) Don't be afraid to NAT the Security Server internal IP Address from the External access IP. I usually setup a separate vSwitch for DMZ Access in this environment for my Security servers, setup layer 2 security and drop another vNic into production for "backend firewall to desktops". If you have a good network intrusion protection scheme, which you should at this point, use it!! Please refer to the documentation at http://www.vmware.com/support/pubs/view_pubs.html for View Brokler setup and configurations.
4) Two (2) factor authentication and tags are supported to block users from external access. Again refer to admin documents on the setup, but it works great.
5) Use any device access for clients, test on wired/wireless networks and DOCUMENT. I am really impressed with Teradici Management Software to provide seamless provisioning and access to thin clients (Vonage VDI...This is a whole 'nother level for a blog), ThinLaunch software to re-purpose devices and smart device support for VMware View clients.
6) Did I mention DOCUMENTATION!!!! Document the "how to guide" for end users to ease the operations support. One of the main selling points of this technology is the ease of operations, support, rapid deployment, updates and ease of access.
That's it...Happy New Year and 100,000 desktops in 2012!!!!!
Dave
No comments:
Post a Comment