1. Demand Analysis
Problem description
employees in the internal and external network office environment with the help of VMWare view access to virtual desktop resources
Many people still log in with an initial password or an overly simple static password
Weak password Easy Network Information System leakage Event
Regular replacement of the domain login password plan caused many people's dissatisfaction
Achieve goals
Improve the security of VMware View user logins and eliminate the risk of potential information leaks from weak identity identification
reduce static password forgetting or periodically force changes to the login password to the employee It administrative personnel to bring the cost of saving enterprise management costs to achieve user login can be audited, detailed responsibilities
2. Solution
2.1 Program Introduction Ckey Dynamic Password Authentication is a two-factor authentication method, VMware View users in the original domain account password authentication based on a layer of dynamic password authentication, the formation of two-factor authentication, in order to enhance the VMware View user access authentication security. Compared to the previously available only one hardware token dual-factor authentication scheme, Ckey allows customers to choose one or more of the following three types of dynamic cipher forms:
, SMS Password: send a random password to the user's phone via SMS, no need to install software, no need to carry additional hardware equipment;
, mobile phone token: Dynamic password Generation Mobile client program, support IOS, Andriod, WP7, no cost of use;
, hardware tokens: Time-based, every 60 seconds to generate a dynamic password, no key-type, 36 life span;
To provide users with security certification, while improving the ease of use,Ckey has become the preferred solution for VMware View users in China.
650) this.width=650; "Src=" http://club.topsage.com/forum.php?mod=image&aid=1530560&size=300x300&key= 180da297d4cd0d8c&nocache=yes&type=fixnone "border=" 0 "width=" style= "margin:0px;padding:0px;"/>
2.2 Topological structure
650) this.width=650; "Src=" http://club.topsage.com/forum.php?mod=image&aid=1530559&size=300x300&key= F3428c40fe7d7f0d&nocache=yes&type=fixnone "border=" 0 "width=" style= "margin:0px;padding:0px;"/>
2.3 System composition
650) this.width=650; "Src=" http://club.topsage.com/forum.php?mod=image&aid=1530554&size=300x300&key= 2b1e90b4ef143628&nocache=yes&type=fixnone "border=" 0 "width=" style= "margin:0px;padding:0px;"/>
Certification process
1 , Vmware view account and password (ad/ LDAP), and submit authentication; 650) this.width=650; "Width=" src= "/e/u261/themes/default/images/spacer.gif" border= "0" style= " Background:url ("/e/u261/themes/default/images/word.gif") no-repeat center;border:1px solid #ddd; "alt=" spacer.gif "/ >
650) this.width=650; "Src=" Http://club.topsage.com/forum.php?mod=image &aid=1530555&size=300x300&key=aea52f72c5197810&nocache=yes&type=fixnone "border=" 0 "width=" 255 "style=" margin:0px;padding:0px; "/>
2, vmware View submits the account number and encrypted password to the Ckey das for authentication through the RADIUS protocol.
3. Ckey Das will receive the account number and password to the LDAP above authentication, if authentication succeeds, then Ckey das through the RADIUS Protocol notification VMware View pop-up level two certification page, if the text message, then set off SMS random code to the user mobile phone;
650) this.width=650; "Src=" http://club.topsage.com/forum.php?mod=image&aid=1530556&size=300x300&key= Dc5d1f06593bfe70&nocache=yes&type=fixnone "border=" 0 "width=" 277 "style=" margin:0px;padding:0px; "/>
4, the user will be dynamic password (SMS receiving or token generation), fill in the Level two certification page, and submitted to Ckey Das for authentication;
3. Comparison of several VMware view two-factor authentication methods
650) this.width=650; "Src=" http://club.topsage.com/forum.php?mod=image&aid=1530557&size=300x300&key= D7f1801ad01bd494&nocache=yes&type=fixnone "border=" 0 "width=" style= "margin:0px;padding:0px;"/>
4. Implementation steps
650) this.width=650; "Src=" http://club.topsage.com/forum.php?mod=image&aid=1530558&size=300x300&key= D54f512aa8e528e0&nocache=yes&type=fixnone "border=" 0 "width=" style= "margin:0px;padding:0px;"/>
Note:
(1) The VMware View-related configuration is completed by the client and is supported by the relevant documentation from Zhongke, and a VMware configuration engineer is required for implementation.
(2) The implementation process requires the administrator to help open the relevant network port access rights and accounts;
This article is from the "12195267" blog, please be sure to keep this source http://12205267.blog.51cto.com/12195267/1875018
VMware View combined with Ckey two factor authentication