VMware View boosts VDI security for corporate training

VMware View has the ability to create a security server in the DMZ that allows a network administrator to tunnel through from the external DMZ firewall to the internal DMZ firewall. The security server accepts only HTTP/HTTPS traffic from the Web and tunnels it through the internal firewall to the VMware View Desktop Manager Server.

If there were no security server, then other ports would need to be opened up to the Web -- creating additional security issues. These ports could be used for RDP, Java and View Communication. The security server ensures these types of communication are restricted within the DMZ. The network configuration would look similar to that in Figure 1, which depicts online Web-based training and internal classroom training.

[IMAGE]
Figure 1 Network configuration for online Web-based and internal classroom training. (Click on image for enlarged view.)

The red dotted line shows communication from an external student's desktop to a virtual desktop via the security server. This gives the IT department the ability to ensure security. In this scenario, the student is given a unique username such as Student01. That user is then ...

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Virtual desktop management tips How to configure Wyse terminals without console interaction How to protect virtual desktops on a corporate network Moving from Presentation Server 4.5 to XenApp 5.0 Feature Pack 2 Top tools for securing a virtual desktop infrastructure The top 5 ways that VDI can help improve your enterprise's security Capacity planning for Windows Terminal Services Taking a fresh look at Terminal Services security Manage Remote Desktop Services with Windows PowerShell How to back up PCs in a virtual desktop infrastructure The first step toward a virtual desktop infrastructure: The assessment Virtual desktop management Citrix CEO: Transition to on-demand services won't be pretty What's new with virtual desktop infrastructure? How to protect virtual desktops on a corporate network Symantec and Quest's desktop virtualization suites hit the big leagues Moving from Presentation Server 4.5 to XenApp 5.0 Feature Pack 2 Top tools for securing a virtual desktop infrastructure The top 5 ways that VDI can help improve your enterprise's security Will Windows 7 fuel desktop virtualization adoption? Rejoice! Citrix modifies its XenDesktop license plans Manage Remote Desktop Services with Windows PowerShell Virtual desktop infrastructure and architecture A Thanksgiving recipe: Desktop virtualization, with all the trimmings Bare-metal client hypervisors are coming -- for real this time Citrix CEO: Transition to on-demand services won't be pretty Dazzle brightens Citrix flexibility story What's new with virtual desktop infrastructure? VMware vs. Citrix virtual desktops -- what's the better deal? VMware revs up performance on virtual desktops Mark Minasi discusses cloud computing, Windows 7 and IT trends The top 5 ways that VDI can help improve your enterprise's security Will Windows 7 fuel desktop virtualization adoption?

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Remote Desktop Protocol (RDP)  (SearchEnterpriseDesktop.com) saved state  (SearchEnterpriseDesktop.com) virtual machine snapshot  (SearchEnterpriseDesktop.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

placed in the Active Directory Organizational Unit (OU) assigned to the virtual desktop pool. When the training class is refreshed for the new set of students, the trainer only needs to change the passwords on the same set of students in the OU to ensure security. This enables the trainer to quickly prepare the classroom for a new set of students while ensuring that the previous set of students cannot access virtual desktops.

RSA Secure-ID 2-Factor Authentication component, which is added to the login of a VMware View user, also affects security. Unfortunately, this option cannot be used for students who aren't employees since the RSA system needs users to have Secure-ID FOBs -- small devices that generate random keys used during sign-in. Due to the dynamic nature of training environments, the class instructor cannot distribute FOBs to students.

On the other hand, an internal classroom training scenario is simpler to secure since users will be onsite at a company's training facility. Therefore, there is no risk of exposing the internal network to the Web. But security is still a major factor because AD and network policies can still lock down the network, but no security server is needed.

ABOUT THE AUTHOR:   

Brad Maltz
Brad Maltz is CTO of International Computerware, a national consulting firm focused on virtualization and storage technologies. He holds certifications from VMware and EMC for many technologies. Brad can be reached at bmaltz@iciamerica.com for any questions, comments or suggestions.

Rate this Tip To rate tips, you must be a member of SearchEnterpriseDesktop.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.