TMS and improved security server TCS

Similar Questions

• URL to connect to the server and DMZ security server

  How everyone puts in place the URL to their connection and security servers?

  I would like to set up a friendly URL for users and technical staff do not forget to connect to the infrastructure of the view, but I have to have 2 separate URLs for the network internal and external WAN connections?

  A few weird DNS environments here too... so I would be useful to have detailed answers, parts of my LAN use external DNS and some parts use internal DNS... and it is out of my control to change this configuration.  Thank you.

  I've done that to add a manual in my internal to resolve DNS extries say view.abc.com to the internal IP address. then on my hosted public DNS, I would resolve external public IP address view.abc.com.

• SSL certificate for the Security Server external facing

  Dear all,

  Today, I bought an external SSL certificate of DigitCert for our security server. I imported the certificates in the personal certificate (computer account) on the Security Server store. DigiCert provided three certificates, root CA, CA server and the other with the name of our domain. I renamed the vdm to the friendly name of the existing self-signed certificate and used the friendly name for the certificate vdm has our domain name. Subsequently, I rebooted consulting on the Security server. They are all released on except the "Display Blast Secure Gateway" service which entered the suspended state.

  On our facility, we have a connection to the server and a security server. To the Security Server, we use a different domain name for connecting to the server. We have an internal PKI and the connection to the server uses an SSL certificate.

  connection to the server = server01.internaldomain.com

  Security Server = server02.externaldomain.com

  Why the certificate cannot be loaded to view Blast Secure Gateway? I missed something?

  Thank you

  Edy

  I solved it. It was with the private key of the certificate. This is the reason that the Blast Secure Gateway could not load.

• Problem with USB auto connect with clients that connect through the Security server...

  Lack of VMware View 5.0.1 with 2 servers connection and a security server. When the clients connect directly to the server connection, USB connection works very well... users can use their USB drives and other devices with their VM. The problem occurs when they attempt to use their USB devices when negotiated through the Security server.

  I know that port 32111 (TCP) must be open between the server security and the connection to the server, but even after doing so it does not always work... customers just to get the scrolling message of office in the USB menu initialization.

  Our current facility is:

  External IP address-> DMZ (Security Server)-> connect to server

  Entrust us our firewall config through our ISP (we are not overloaded with scientists here, it's just me, so things like little help my work load). They are certainly not incompetent (or at least were not in the past). I had to open the external 32111 IP port to the DMZ, then of the DMZ to our connection server that is used for external connections. Everything about VMware View works perfectly for the clients that connect this way, but not USB devices.

  One thing I give is if our having a configuration of VLAN dedicated for customers views influence what either. I'm trying to keep an eye on what ports are open that for our firewall for my records, but I do not see where I openly opened ports on the internal side of security server to our internal network. He must have the port opened directly from the internal face of security server of vmware 32111 discovers clients?

  The firewall Guys tell me that they checked over and over that port 32111 is open throughout the. They also said that they tried to telnet 32111 to our security server port and have nothing back (should have gotten garbage at least according to them).

  An idea of the next steps to take? It is obviously a blocked port, I just have no idea why at this stage.

  I know that port 32111 (TCP) must be open between the server security and the connection to the server, but even after doing it still does not work

  This is not what it takes. The agent is listening on the port 32111, you must open the firewall to allow connections to the Security server for the desktop on port 32111 (same thing you must allow RDP and PCoIP).

  Mike

• Telepresence TMS Server TCS

  Hello. I need some good practices on this matter.

  We have a soft copy of appliance server Telepresense TMS and TCS.

  Is it a good idea to install a MSDS on the TCS Server?

  Thus, TCS and TMS applications will be available on the same IP address

  WHAT?

  Do that don't even think to it, not a good idea at all. If I had to explain all the problems that this may cause to the applications I could write all night.

  Setting up a dedicated server for the TMS.

  / Magnus

• How will I be informed when getting in and out a site with a secure server

  I can't find where to set the option for this. I could on Firefox 3.6
  Firefox 3.6 gives me a pop up that says I'm entering or leaving a site with a secure server. It's PARAMETERS in the Messages of warning on the Security tab in the window options. When you push the button PARAMETERS, a number of checkboxes allow for different parameters. I can't find it in Firefox 8.

  The settings for the 5 Warning Messages has been removed from security section in Firefox 4 and newer versions. These settings should be accessible through Subject: config now. So you're looking for the first and the third in the list below "parameters of the former in Firefox 3.6 on the Security Panel.

  See: http://kb.mozillazine.org/About:config

  1. type of topic: config in the URL bar and press the Enter key.
  2. If you see a cautionary, accept it (promise to be careful)
  3. Filter = security.warn_
  4. Double-click the pref in the lower panel on the subject: config display to toggle to true or false according to the descriptions below (scroll down to security.warn to see these particular preferences)
     • http://kb.mozillazine.org/About:config_entries #Security.

  Parameters of the ancients in Firefox 3.6 on the Security Panel
  
  Display a dialog warning when:

  • I'm about to view an encrypted page
    • Pref: security.warn_entering_secure
  • I'm about to view a page that uses low-grade encryption
    • Pref: security.warn_entering_weak
  • I leave a page encrypted to one that is not encrypted
    • Pref: security.warn_leaving_secure
  • I submit, information that is not encrypted
    • Pref: security.warn_submit_insecure
  • I'm about to view an encrypted page that contains unencrypted information
    • Pref: security.warn_viewing_mixed

  If this answer solved your problem, please click 'Solved It' next to this response when connected to the forum.

  Not related to your question, but...

  You may need to update some plug-ins. Check your plug-ins and update if necessary:

  • Plugin check-> http://www.mozilla.org/en-US/plugincheck/
  • Adobe Shockwave for Director Netscape plug-in: install (or update) the Shockwave with Firefox plugin
  • Adobe PDF plugin for Firefox and Netscape: Installation/update Adobe Reader in Firefox
  • Shockwave Flash (Adobe Flash or Flash): updated Flash in Firefox
  • Next-generation Java plug-in for the Mozilla browser: install or update Java in Firefox

• Question TMS and conductor - conferences to improve safety by using conference

  Hi people,

  Currently, I implement some projects involving Cisco Telepresence conductor and I was wondering the benefits that conductor brings to the video network, it's really a great solution!

  Discover the benefits of the conductor, I created the following deployment:

  

  It works very well! The customer is very satisfied with the level of security when using this deployment. Their multi-point conferences is safer now.

  Well, when I created this topology I considered not how the environment would work when planning conferences, with TMS and conductor because this client has yet to TMS. Then, I was just shocked when I opened the TMS deployment guide e conductor and find the following statement:

  Note: The exposed conductor TelePresence conference type is not supported in Cisco TMS. Only models conference using the conference meeting type are supported.

  Page 13 - http://www.cisco.com/en/US/docs/telepresence/infrastructure/tms/config_guide/TelePresence_Conductor_with_Cisco_TMS_Deployment_Guide_XC1-2_TMS14-1.pdf

  I almost jumped the bridge... Now, I know that my great topology no longer works with TMS.

  Well, here are my questions:

  Why do we have this limit?

  That Cisco plans to fix this?

  The guide is related to the conductor XC1-2 and 14-1 TMS, something has changed in TMS 14.2.2 and XC2.1?

  I'd appreciate any help really, really!

  Thanks in advance.

  Paulo Souza

  Please note the answers and mark it as "answered" as appropriate.

  Paulo Souza wrote:
  [...] I am wondered the benefits that Conductor brings to the video network, it is really a great solution!

  Agreed! The driver of the telepresence really is a great product.

  Why do we have this limitation?

  Because the feature was never implemented on the side TMS. It was decided that the other characteristics are more important and should be a priority. There is nothing on the type of conference 'Read' which is inherently incompatible with the TMS, but work needs to be done first.

  Examples:

  • The control of conference centre: you will probably see the entries in double Conference if you are using a 'read' conference
  • TMS does not differentiate between the presidents and guests during the creation of scheduled conferences 'Conference' on the conductor.

  None of them are very difficult to solve from a development point of view, but they are not trivial to apply or test either.

  Does Cisco have plans to fix that?
  

  Nothing specific is planned, don't. As always: if it is a problem to your customer, make a request to feature through your account manager or another Cisco point of contact.

  The guide is related to Conductor XC1-2 and TMS 14-1, has any thing been changed  in TMS 14.2.2 and XC2.1?
  

  Conductor XC 2.1 and TMS 14.2.2 is a combination not supported, but nothing has been changed to

  2.2 XC and 14.3 TMS: types of conference 'Read' are not yet supported.

  Best regards

  Kjetil

• Horizon view connection and security server matching

  Hello friends,

  I need some clarification on security and the matching server connection. If I understand well earlier in login server and security versions matching is one-to-one.

  Is this same behavior on the Horizon 6 as well? I can read that we can connect several Security Server single instance to connect to the server. But the reverse is possible yet? What are the combinations is achievable or supported?

  Documentation centre for Horizon 6 version 6.1

  still one by one,

  If you need high availability just add another server of connection and pair it with another security server

• Discovers server and firewall security problems

  I throw myself to everyone thank you.  After 4 days of trying to get the firewall configured for my security server, still no joy.

  Unfortunately, the firewall management is outsourced and I can only ask to put rules in, but have no way to see if they are actually there or whatever it is in conflict.

  I put "sniffer" on the Security Server, the connection to the virtual server and the client.

  What I see is that the client connects and request the credentials, the credentials are passed to the desktop computer - if I am connected to the desktop computer, I get the hang.  But I get a white screen at the level of the customer and after about 30 seconds, it says it is disconnected.

  I can connect to the desktop computer using HTML, but not the full client.  On the "sniffer" I see no traffic on port 4172 on the boxes.  4172 is open for UDP and TCP on the front and backend firewall.

  Is there anywhere I can look, newspapers etc. to see what happens or does not happen in this case?  We have opened the ports for MMR and USB - R.  Essentially followed the right document on vmware pubs for security in the DMZ server - but I have some ideas on where to find the next.

  I use a Mac client to connect to it... it is anyway seen 5.3, according to me, the last version 5.x.

  If someone could give me some advice on where to find other than the firewall, or the sequence of the connection so that I can check with the sniffer which is getting blocked and what is not get thru, I would appreciate it a LOT.

  Thank you

  Bill

  It depends on if you have configured tunnel. Check your settings in SS and CS for tunneling. If you all tunnel then you should see the traffic pass customer <->ss <->cs <->agent otherwise he might go customer <->ss <->agent

• Security server certificates and naming

  Hello

  I create a security server to test some of the features of the Horizon. My question is about the certificates. I want to keep it as secure as possible. If I have the name of the Security server different from the external URL will this cause issues with certification? So my server would be say S132985SV1 and my external URL is access.amazingcompany.com. View would be ok with a different external certificate name (the name on the certificate would be the URL that would be different for the name of the physical server). Or will I have to the name of the Security Server similar to my external URL 'access.amazingcompany.com' for the certificate works properly?

  Thank you

  It is a very common configuration.

  The idea here is that the external name is the one with the certificate. This way the View Client can validate as being approved.

  In this case, you create a regular certificate issued for the external name and add short security server and the full DNS name for the same certificate San (Subject Alternative Name).

  In short, a common name for the external name certificate and adds the Security server to the SAN certificate fields.

  For more details, please see:

  https://pubs.VMware.com/horizon-view-60/topic/com.VMware.ICbase/PDF/horizon-view-60-scenarios-SSL-certificates.PDF

  See you soon,.

  JesusM

• I can't get Photoshop and Lightroom to download keep may not find the secure server?

  I can't get Photoshop and Lightroom to download keep may not find the secure server?

  Please read https://forums.adobe.com/thread/1499014

  -try some steps such as changing browsers and disable your firewall

  -also clear the cache of your browser if you start with a fresh browser

  -check the file hosts for blocked entries https://forums.adobe.com/thread/1912777

• Set up the RSA only for security server and not internally?

  Greetings,

  In the view Configuration > servers > Edit View connection servers > authentication, you can enable the RSA. However, I would like to use RSA for people who connect through the Security Server and not those who log internally.

  Does this mean that my only option is to add another view connection server and point the Security Server on this connection to the server on which I have activate the RSA?

  If so is not necessarily a problem, but it would mean, I have 3 servers of connection and server 1 safety for an environment of view rather small.

  Ideally, I was balancing these aswell which would mean 4 servers connection and 2 security servers. It is perhaps a little exaggerated, heh.

  Anyone know of an alternative solution?

  Thanks in advance!

  The way you describe it is the way to do it. The Security server is always associated with a connection to the server, so no way around it.

• Peripheral NAT between Security Server and Connection Manager - View 4.6

  Hi all

  I'm trying to deploy a view environment 4.6 - with a view Security Server in the DMZ.

  The DMZ is a NAT entirely would be and isolated network (single firewall, configuration 3-leg-GB-2000 is the model of the firewall).

  
  At this point, just trying to get RDP to work with this configuration.

  The firewall configuration is as follows:

  -Security server IP - 10.1.1.49/24

  -The alias created to view connection server - 10.1.1.100 (NAT IP)

  -Tunnel NAT (with port 8009 and 4001) created between the server connection view and real IP 10.2.2.229 server connection alias

  -The alias created for the view Desktop - 10.1.1.101 (NAT IP)

  -Tunnel NAT (with port 3389) created between Desktop and view real IP Destop 10.2.2.239 view alias

  I can RDP directly since the Security server to the desktop (via the 'alias' 10.1.1.101 IP) view correctly.

  I can connect successfully from the internal network (via IP real office 10.2.2.239).

  When I try to connect via the server of security (from the outside) I get the connection for the initial connection manager, and I choose the pool to connect to. However I'm unable to start a desktop session. The error I get is "the office is currently not available.

  In the event logs on the Manager server connection that I see that the real IP (10.2.2.239) is used to connect to the desktop view - which will not work in this scenario (the 10.1.1.101 alias should be used).

  Has anyone deployed a server of security seen in this scenario?

  Thanks in advance!

  Not sure if it works or not, but there is a GPO that changes the rules to connect using the DNS name.  Is the name DNS returns the correct value, you must connect as?

• View 4.6 and security server

  The Security Server and the connection must be in different local networks?

  I installed a DEMO, both for the same cause of LAN, there is no real DMZ there.

  Servers are 2008 r2 64-bit, I opened the 4172 ports and 443 to j.4 server,

  When clients connect to the connection to the server or the security gateway, they can connect to the virtual desktop, but trying to connect on the internet, there is a problem, the client can connect to the Security Server and enter the credentials, but trying to connect to the office virtual has a white screen and after a few seconds will appear an error message 'the connection to the remote computer has done '.

  Is this the same local network, which is the problem here? or something else that i'm missing?

  Another thing, the FW performed the NAT to the Security Server, in the fields of configuration to the Security Server, I put the public ip address.

  Thank you

  They can be on the same local network.

  You get the symptoms you see if you have not done all 3 installation steps correctly.

  Most people on this forum who suffer from what you see remedy through each of the 3 steps of Setup again very carefully.

  http://communities.VMware.com/docs/doc-14974

  Let us know who it was.

  Mark

• Using Security Server RDP session and inwardly with PCoIP

  Sorry about the long title, but I'm having a few configuration issues.  I created a pool of virtual machines to users to use on the local network and an external location.  The "Protocol of remote display" is set to PCoIP and 'Allow the user to choose the Protocol' is set to Yes, as shown in the screenshot below:

  

  When you use the view on the local network, all right.  PCoIP is used and everything is nice and fast.  If I ask a user to connect to inexternally using the server security, so I have to ask the user to change the default of PcoIP to RDP Protocol, as it is the only protocol supported.  Ask users to configure things themselves led to many calls to helpdesk!

  Can anyone offer any advise on how to have a pool set up for RDP and PCoIP depending on?

  Thank you

  Stuart

  that thread has been discussed recently and it was a month ago and unfortunately not.

  as security for this version server only supports RDP, I believe (if defined PCOIP is default) user will be automatically on autoswitch RDP and PCOIP when connected via the Security server.