Tip

VMware View boosts VDI security for corporate training

Security is a major concern for corporations. This is especially true when working with training facilities and customers. Whether hosting a training classroom via the Web or offering an onsite session with network access, companies must ensure a high level of security. VMware View features the vital security server and the RSA Secure-ID 2-Factor Authentication component -- adding several security benefits for both of these VDI-based training environments.

VMware View has the ability to create a security server in the DMZ that allows a network administrator to tunnel through from the external DMZ firewall to the internal DMZ firewall. The security server accepts only HTTP/HTTPS traffic from the Web and tunnels it through the internal firewall to the VMware View Desktop Manager Server.

If there were no security server, then other ports would need to be opened up to the Web -- creating additional security issues. These ports could be used for RDP, Java and View Communication. The security server ensures these types of communication are restricted within the DMZ. The network configuration would look similar to that in Figure 1, which depicts online Web-based training and internal classroom training.

    Requires Free Membership to View


Figure 1 Network configuration for online Web-based and internal classroom training. (Click on image for enlarged view.)

The red dotted line shows communication from an external student's desktop to a virtual desktop via the security server. This gives the IT department the ability to ensure security. In this scenario, the student is given a unique username such as Student01. That user is then placed in the Active Directory Organizational Unit (OU) assigned to the virtual desktop pool. When the training class is refreshed for the new set of students, the trainer only needs to change the passwords on the same set of students in the OU to ensure security. This enables the trainer to quickly prepare the classroom for a new set of students while ensuring that the previous set of students cannot access virtual desktops.

RSA Secure-ID 2-Factor Authentication component, which is added to the login of a VMware View user, also affects security. Unfortunately, this option cannot be used for students who aren't employees since the RSA system needs users to have Secure-ID FOBs -- small devices that generate random keys used during sign-in. Due to the dynamic nature of training environments, the class instructor cannot distribute FOBs to students.

On the other hand, an internal classroom training scenario is simpler to secure since users will be onsite at a company's training facility. Therefore, there is no risk of exposing the internal network to the Web. But security is still a major factor because AD and network policies can still lock down the network, but no security server is needed.

ABOUT THE AUTHOR:   
Brad Maltz
Brad Maltz is CTO of International Computerware, a national consulting firm focused on virtualization and storage technologies. He holds certifications from VMware and EMC for many technologies. Brad can be reached at bmaltz@iciamerica.com for any questions, comments or suggestions.

This was first published in May 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.