About this book

Most people associate security with network security and focus on firewalls and network monitoring. However, there is more to security than that. Security starts with the establishment of a stable environment, protecting this environment not only from intrusion, but also from malicious intent. It is about tracking the issue and recovering from it. These elements of security are what this book aims to address.

VMware View Security Essentials addresses the topic of security in the corporate environment in a new way. It starts with the underlying virtual infrastructure and then delves into securing your base, your connection, and your client. This is not only a “how-to” book, but is also a book that explains the background and the insights of View security for the experienced professional's desktop virtualization.

This book takes you through the four major View security areas. Each area deals with all the aspects of security and explains the background as well as laying out simple-to-follow recipes to implement a higher security standard.

We start at the Virtualization base and work our way through the various View server types. We will then dive into the problems and issues of securing a connection before we address the security of the desktop itself. We conclude with a look into the backing up of our View installation and preparing for disaster recovery.

Publication date:
July 2013
Publisher
Packt
Pages
130
ISBN
9781782170082

 

Chapter 1. Introduction to View

Virtual Desktop Infrastructure (VDI) not only opens the door to easy desktop virtualization, but it also opens possibilities of security breaches.

We live in a world where security is paramount. As our daily life becomes more and more online-based, we need to understand more about how to secure our life online. The trend toward replacing existing physical desktops with VDI is rapidly strengthening, especially with the strong emergence of tablets and other high-end mobile devices coupled with wider and faster mobile network access. It is not only accessibility that drives the process, corporations are driven by the rising cost of CBD floor space, investment reductions in physical desktops, and the ability to centralize user data and management are key motivators for adoption of VDI. Corporations are reducing the amount of office space by introducing working-from-home schemes, using hot desks and providing the ability to work from anywhere, anytime. VDI makes this possible, thus enabling users to take their desktop home, or to the coffee shop around the corner. However, this introduces new risks to the corporate desktop environment that were not apparent before.

Corporations now have to deal with:

  • Network security for remote users

  • The ability of users to access confidential corporate information offsite

  • Securing data against theft using a simple USB stick

  • Redirecting printing to the nearest printer

VMware View is one of the leading VDI products. Its strength is that it builds upon existing capabilities, features, and investments made into the VMware infrastructure. This book will focus on the essential security features and how to address them using VMware View. Let's start off with defining what View actually contains.

 

VMware View definitions


You might be already familiar with most of this; however, I think a quick refresher is not a bad idea. The VMware View product is based on VMware vSphere. Let's just go over the vSphere 5.1 products that are needed to create a vSphere environment.

  • ESXi: The base workhorse of virtualization. This is where VMs live and run.

  • vCenter: This manages multiple ESXi servers, is responsible for creating cluster, run HA, DRS, and is responsible for features such as vMotion.

  • Single Sign-On (SSO): This is a new addition to vSphere in 5.1 and is responsible for Identity management. However, there is currently no integration for View into SSO.

  • Inventory Service: This keeps an inventory of vSphere objects, making the response time for inventory requests faster, creating less load onto the vCenter service.

  • WebClient Server: VMware announces that the WebClient interface will in future replace the Windows-based vSphere Client. The WebClient has some advantages compared to the vSphere Client; however, it requires people to change their thinking as things look and feel differently.

The View environment consists of the following products that may need to be installed:

  • View Connection Server: This is the main component for View. It contains the HTTPS-based View Administrator interface. The heart of the operation View Connection Server comes in four varieties:

    • Standard: The main component. You will need one install of this. We will look at it in this chapter.

    • Replica: A replica server is used for load balancing and failover capacity. It is basically an additional Standard Connection Server. We will look at it in this chapter.

    • Security: The security server can be deployed in a DMZ and forward incoming View Client connection to a View Standard Server. We will look at this in the Chapter 2, Securing Your Base.

    • Transfer: The transfer server is a buffer service between the View Connection Server and local desktop images (check in and out). We will look at this in the Chapter 2, Securing Your Base.

  • View Composer: This is used to reduce the amount of storage used for the virtual desktops by creating View Linked Clones. It also reduces deployment time of desktops as not the full desktop has to be cloned.

  • View Persona Management: The Persona Manager helps with the synchronization of roaming profiles. It is an extra service that needs to be installed. We will look at this in Chapter 3, Securing the Connection.

  • View Agent: This is installed on the virtual desktop that is the source template for a given pool of virtual desktops. It is also responsible for things like USB redirection and Single Sign-On.

  • View Client: The View Client comes for almost any operating system out there including iPad and Android. It enables the ability to connect to a View Connection Server. It comes in two versions: the normal one and the one that allows to checkout a desktop to a local computer.

  • View desktop: This is a Virtual Machine (VM) that contains a desktop OS and is provisioned by a View desktop pool.

  • ThinApps: ThinApps is a product that allows you to virtualize and package an application. We will not be able to discuss this feature in this book due to the page limitation.

Now after this short inventory, the following diagram illustrates how these components work together:

Tip

Downloading the color images of this book

We also provide you a PDF file that has color images of the screenshots/diagrams used in this book. The color images will help you better understand the changes in the output.

You can download this file from: http://www.packtpub.com/sites/default/files/downloads/0082EN_Graphics.pdf

In addition to this, we have several services that a View installation offers:

  • View Administrative Console: This is the interface that manages the View environment. It is an HTTPS-based interface that is installed as part of the View Connection Server (Standard).

  • View Portal: The View Portal is an HTTPS interface that lets people select and connect to a virtual desktop. It is installed as part of the View Connection Server (Standard).

  • View desktop pool: A View desktop pool is a collection of rules that define how View desktops are deployed.

 

Summary


This short chapter holds the introduction to this book. It gives an overview of the View infrastructure elements, as well as defining the technical terms we will be using.

In the next chapter, we will start with a quick overview and definition of the View environment, followed by security considerations of the underlying vSphere environment. We will also talk about logging and SSL certificates, and build up a View Replication Server and then shortly discuss load balancing it.

About the Author

  • Daniel Langenhan

    Daniel Langenhan is a Virtualisation expert with formidable skills in Architecture, Design and Implementation for large multi-tier systems. His experience and knowledge of process management, enterprise-level storage, Linux and Windows operation systems has made him and his business a highly sought after international consultancy in the Asia-Pacific and European regions for multinational clientele in the areas of Finance, Communication, Education and Government. Daniel has been working with VMware products since 2002 and is directly associated with VMWare since 2008. His proven track record of successful integrations of Virtualisation into different business areas while minimizing cost and maximizing reliability and effectiveness of the solution for his clients.

    Currently, Daniel is operating in the Europe and Asia-Pacific region with his company vLeet GmbH and Melbourne Business Boosters Pty Ltd.

    Daniel's expertise and practical approach to VMWare has resulted in the publication of the following books:

    • Instant VMware vCloud Starter, Packt Publishing
    • VMware View Security Essentials, Packt Publishing
    • VMware vCloud Director Cookbook, Packt Publishing
    • VMware vRealize Orchestrator Cookbook, Packt Publishing
    • VMware vRealize Orchestrator Essentials, Packt Publishing

    He has also lent his expertise to many other publishing projects as a Technical Editor.

    Browse publications by this author
Book Title
Access this book, plus 7,500 other titles for FREE
Access now