Part 4: Working With VMware Horizon View 5.2 – Deploying View Connection Server

Andrey Pogosyan

Andrey Pogosyan is a Virtualization Architect who’s focus is on infrastructure virtualization involving mainly VMware and Citrix products. Having worked in the IT industry for 10+ years, Andrey has had the opportunity to fulfill many different roles ranging from Desktop Support and all the way up to Architecture and Implementation. Most recently, Andrey has taken a great interest in the datacenter technology stack encompassing Virtualization, mainly VMware vSphere\View, Citrix XenApp\XenDesktop and Storage (EMC, HP, NetApp).

9 Responses

  1. Manoj says:

    When i add a second replica View connection server it does not get listed in the View Administrator console when I view it from the 1st Connection Server console.

    However, it does appear in the list when I view it from the replica server admin console.

    Is this normal or I have got the install steps wrong?

  2. TwanO says:

    Andrey,

    Can you have different authentication methods on a connection- and replicaserver. I want users who come from the internet to authendticate with two factor RSA authentication, but when the same user logs in with f.e. a zero client from the internal network they just have to provide their active directory credentials. (use of split dns)

    Regards

    • Andrey says:

      Hi TwanO,

      The answer to your question is yes, you can have two factor authentication using either RADIUS or RSA SecureID. You can also target different connection servers (if you have more than one) to use different types of connection methods for scenarios like the one you mention above.

      You’ll need to use Horizon View 5.1 I believe to get this support.

  3. Twano says:

    Andrey,
    Thans for your quick response, but when you say ” you can target different connection servers” do you mean a connection server with a replica with different authentication methods or must it be two separate connection servers, each with its own set of desktoppools.
    I want the same user connecting from the internet authenticating with RSA and connecting from lan with ad credentials to the same desktop pool desktop.
    A replica server replicates its settings from a primary connection server but can authentication settings be different between them?
    Regards

    • Andrey says:

      My understanding is that it’s the standard connection server, not the replica. Basically, when you enable 2FA on the connection server, you can no longer use the standard AD authentication and thus both external and internal users will be forced to use the RSA token to login.

      Once way of getting around that is deploying dedicated connection servers. Meaning one connection server handles only the RSA and the other connection server handles AD authentication. This is normally achieved by using load balancers and security servers. Again, for HA and Load balancing, you’d want to use more than one connection server.

      Typically when designing external access, you tend to use security servers for security purposes, however the security servers need to be paired with connection servers, so if you only want to use 2FA for external access, you’ll need to have dedicated connection servers only for external traffic and separate connection servers for internal traffic.

      Another way to go about it, is to use a load balancer in the DMZ, in front of your connection or security servers. The load balancer can then handle all of the 2FA connections and pass the traffic along to the connection servers, this avoids you having to make any changes to the connection servers or the need to deploy extra connection servers.

      Depending on what solution you go with depends on your environment and budget. However you do have options.
      Here are some links that talk about load balancing with 2FA that I hope will shine some more light on the subject. I can tell you from personal experience, the F5 load
      balancers are great!

      http://www.f5.com/pdf/deployment-guides/vmware-view5-iapp-dg.pdf

      http://pubs.vmware.com/view-51/index.jsp#com.vmware.view.planning.doc/GUID-955BC8CA-B662-43ED-BE39-50C96DF5B282.html

  4. Justice says:

    I’m wondering if there is a way for my zero client to auto-reconnect if my primary connection server goes down. For my purposes if the primary goes down and my client loses connection, I need the zero client to connect to the replica server but connect to the same Client workstation it was connected to. Please if you can let me know if this is possible or if there is another solution I can look at. Thanks

    • Andrey says:

      Hi Justice,

      You should be able to achieve that with a load balancer. The link I posted above gives you an overview of how you can load balance PCoIP connections.

  1. July 18, 2013

    […] starting to come nicely! In the previous articles, we covered the installation of the composer and connection server roles. Now, we’re going to cover the installation procedure of the transfer […]

Leave a Reply