The above "VMware Horizon View 7 Installation Deployment" has been installed and configured with Horizon View 7, and has been built for normal access. If you need to access from outside, you will also need to install a secure server (security servers).
The secure server is a special instance of running part of the View Connection Server feature, providing an additional layer of security between the Internet and the internal network. is typically located inside the DMZ and acts as a connection Broker host in a trusted network. Each security server is paired with a view Connection server instance and forwards all traffic to that instance. You can pair multiple secure servers with one connected server. This design protects the view Connection server instance from public Internet threats and forces all unprotected session requests to be transported through the view secure server, providing an additional layer of security. When a remote user connects to a secure server, they must successfully authenticate before they can access the view desktop.
A DMZ-based secure server deployment requires that some ports on the firewall be opened to allow clients to connect to the security server in the DMZ. You also need to configure the ports for the security server in your internal network to communicate with the connection server instance. For ports that need to be open, refer to VMware View ports and network connection requirements (2076030)
Note: Because the security server needs to be exposed to the public network, it is recommended not to join the domain, it is recommended to install the latest patches, to prevent the system from virus attack and network impact. Also, if the IIS service is already installed on the secure server, uninstall it before you install the view Connection server security role.
First, network topology and firewall rules
On the external firewall, NAT port 443 (HTTPS), 8443(Blast for HTML access), 4172(PCoIP) are required to secure the server.
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M02/9F/60/wKioL1mb28nyfcDSAAC1X7vREKM177.jpg "title=" Screenshot4218.jpg "alt=" Wkiol1mb28nyfcdsaac1x7vrekm177.jpg "/>
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/9F/61/wKioL1mb5ejxY3TsAADlILTc3d0445.jpg "title=" Screenshot4221.jpg "alt=" Wkiol1mb5ejxy3tsaadliltc3d0445.jpg "/>
Secure server network topology such as:
650) this.width=650; "src=" Https://s4.51cto.com/wyfs02/M00/9F/60/wKioL1mb41zCTZaoAAA9-EfNvD8391.jpg "title=" Screenshot4219.jpg "alt=" Wkiol1mb41zctzaoaaa9-efnvd8391.jpg "/>
When you have more than one secure server and a connection server that is highly available by load Balancing, the topology diagram is as follows:
650) this.width=650; "src=" Https://s2.51cto.com/wyfs02/M00/9F/61/wKioL1mb5BGj73P2AABJdgS2Wmc587.jpg "title=" Screenshot4220.jpg "alt=" Wkiol1mb5bgj73p2aabjdgs2wmc587.jpg "/>
When a remote user connects to a secure server, they must successfully authenticate before they can access the View desktop. In this topology, the appropriate firewall rules are implemented on both sides of the DMZ, which is suitable for accessing the View desktop through client devices on the Internet.
You can connect multiple security servers for each View Connection server instance. You can also use a DMZ deployment in conjunction with a standard deployment to support internal users and external user access.
Second, install the secure server
1. Generate a pairing password
On the connection server, open the console and log on. View configuration-server, click Connect Server-more commands, specify secure server pairing password
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M00/00/B2/wKiom1mb8gSRYrXfAABOBN374nU153.jpg "title=" Screenshot4222.jpg "alt=" Wkiom1mb8gsryrxfaabobn374nu153.jpg "/>
Enter the pairing password to confirm. You can change the password expiration date as needed
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9F/62/wKioL1mb8pCgfAg3AACrlTyLusU049.jpg "title=" Screenshot4223.jpg "alt=" Wkiol1mb8pcgfag3aacrltylusu049.jpg "/>
2. On a secure server, install security servers
Double-click to start the installation, the installation file name is: Vmware-viewconnectionserver-x86_64-7.2.0-5735293.exe
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/00/B3/wKiom1mb8u6DvomJAACANrDfcww680.jpg "title=" Screenshot4224.jpg "alt=" Wkiom1mb8u6dvomjaacanrdfcww680.jpg "/>
Accept the license agreement, next
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M02/00/B3/wKiom1mb82TRpzS1AAC6MFdmLfs729.jpg "title=" Screenshot4225.jpg "alt=" Wkiom1mb82trpzs1aac6mfdmlfs729.jpg "/>
Determine the installation path, next
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M02/9F/62/wKioL1mb833guljeAABQN78tjG4280.jpg "title=" Screenshot4226.jpg "alt=" Wkiol1mb833guljeaabqn78tjg4280.jpg "/>
Select Secure Server, Next
650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M01/9F/63/wKioL1mb86CS671XAACNgIogojo177.jpg "title=" Screenshot4227.jpg "alt=" Wkiol1mb86cs671xaacngiogojo177.jpg "/>
Enter the host name or IP address of the connection server, next
650) this.width=650; "src=" Https://s3.51cto.com/wyfs02/M01/9F/63/wKioL1mb9IDyFGlmAAChS1msLVI562.jpg "title=" Screenshot4228.jpg "alt=" Wkiol1mb9idyfglmaachs1mslvi562.jpg "/>
VMware Horizon View 7 external release