What NAT ports in the firewall for VMware View Server Security?

Similar Questions

• The installation of VMWare View Server program

  Hello

  I have a solution of ESXi, vSphere 5 where I host all my virtual servers with a virtual vCenter Management Standard.  I'm working on that I need for a configuration of VMWare View and I was hoping someone here could help me.

  I have 12 physical blades to host my VMWare View solution (according to the calculations of number of jobs) and I have VMWare View Bundle licenses.

  Ive been reading through the notes and he says that this set comes with an edition of vCenter.

  A few questions:

  My existing vCenter instance should be used to manage the VMWare View host or do I need to install a separate instance of vCenter VMWare View and use the license in the bundle?

  I guess I should install ESXi instances in the beam that will allow me to supply only desktop computers?

  If I have servers connection and composer, should they be hosted in Clusters VMWare View or the cluster of servers existing vsphere 5?

  If this is the case, I also have a question about the network configuration.  When I install the ESXi for VMWare View, will I still have a requirement for a management console, the vmkernel, and the 'Front End' (for users IP address) vnic to the vswitch?

  Another question about the round rbin DNS.  I try to also install Connection 2 and 2 servers of composer whose load is balanced.  Anyone has any info on setting up of Robin DNS?

  Thank you very much

  We use a 6 with network storage based physical NETWORK adapter configuration.

  You will have a default port for management.  vMotion is split to its own IP address, and these two vmkernel ports are on the same vSwitch, with natachasery used by one and waiting for the other.

  iSCSI must be separated from its own vSwitch and pair of NICs as well supported by linked vmkernel ports for redundancy and load balancing.

  This leaves at least another vSwitch and pair of natachasery to the actual traffic of vm.

  -KjB

  Post edited by: kjb007: said vSwitch

• Provision of servers across the Web using VMware View 4.0

  Hello

  I have an obligation to provide servers via http. I have the license for Vmware View, but have no idea where to start? I installed view a server in the DMZ, but we must talk back to the field so I put discarded it.

  My ultimate goal is to open a web browser and type the address of a server, and log in to access to the server via the web browser.

  Any help would be greatly appreciated.

  Rgds,

  Paul.

  View supports the addition of server farms existing Terminal Server to it's broker for connections giving the user a single place to connect to their strong server and virtual desktop terminal server.   All you have to do is create a new pool and add your terminal servers to the pool.  Notice only addresses the brokerage operations of connections to Terminal servers.

• With VMware View Server using LDAPS (port 636)

  I've been responsible for something that seems impossible/not supported.

  VMware View Server uses port 389 for LDAP.  My task is to do view to use instead the port 636 (LDAP over SSL).  The accusation is that the replicated servers in VMware View data not encrypted between other on port 389.

  So far in my quest, I did no progress in this project.  However, I was able to test that manual connections can now be performed (with ADSI Edit) with port port SSL 636 other replicated servers view.  Problem is that the view seems to have hard-coded to use port 389 and cannot be moved to use LDAPS.

  There are instructions to do something like this in vCenter (http://www.vstable.com/2012/01/27/vcenter-5-active-directory-web-services-error-1209/) (Security Virtual Lab: & amp; nbsp;) Architecture - Blog - proSauce), but nothing related to the sight of the surfaces in a Google search.

  Someone at - it have a Yes or whinny if possible?

  EDIT: Moved to the correct community.

  It is not easy being responsible for something impossible!

  Connection view servers have an AD LDS instance, and replication between servers using the AD LDS replication. This is a replication mechanism secure by using the replication RPC, LDAP and Kerberos and secure without having to implement LDAP over SSL on 636.

  The articles you refer to are actually on the definition of a port number unused LDAPS access of Web Active Directory Services with vCenter Server to get rid of an event without danger. It does nothing to do with replication between LDAP servers. View prevents remote access Active Directory Web services anyway with a specific firewall rule so that remote users have no access to it.

  The only reason why you can use LDAPS with AD LDS is if you support simple LDAP connections. The use of SSL would mean that the simple bind passwords are not sent in the clear. In the case of the view, simple LDAP connections are not enabled in any case.

  In summary, what you're trying to do is useless.

  Mark

• Unable to connect to the host via VMWare View Security Server 4

  I have installed and configured the VMWare View connection server and can connect to the virtual machine (Windows XP Pro) shareed via the customer to view without a problem. The problem Im having is that I have configured the Security server in my zone demilitarized and authorized the appropriate DMZ ports and the port 80 and 443 to the outside on my DMZ. Access the public URL and he invites me to authenticate what I do and it then publishes my office pool. I click to connect to the shared pool and it says connection for about 5 drops of s and then just my connection. Now, if I go to my security on my DMZ server, I can connect to the thin desktop via RDP.

  Thank you

  eeg3 is correct if you have a direct connection enabled on the broker for connections paired with security server then you would be forced to open 3389 to the outside world since the workstations would try to connect directly to the desktop.    The right way to go forward is to create the replica with disabled direct connection and combine security with this box server.

  If you have found this device or any other useful post please consider the use of buttons useful/correct to award points

• Several areas in the Horizon of VMware View AD

  Hi guys, I want to test creating Pools with 2 Active Directory domains. I have set up my environment as follows:

  
  

  Domain A

  
  

  1. connecting to the server

  Server 2-composer

  3-Security Server

  4 - vCenter Server

  
  

  Domain B

  1. connecting to the server

  2. created a separate account to View Composer

  For now seen Horizon 5.3.2 is fully functional on the field. But I need your help deployment pool using domain B. After you have configured the connection Server (joined to Domain B), I tried to add domain B by using view composer account by logging in to view Admin(Domain A) > Edit vCenter Server > change display composer settings > check server information (under Domain) but I'm 'Bad domain name.

  
  

  You guys please help or send me a link of approval one way of installation which is required for VMware View, so that I can deploy Pool using domain B.

  
  

  Without creating confidence, I added redirector conditional field B on the field which allow me to add domain B without "Bad domain name" pop up. But I don't know what to do next. Anyone can guide me please.

  
  

  Concerning

  Hello

  I've done below the configuration to create 2 different pools where VM is joined to 2 different domains.

  I have Domain A and domain B, having 2 confidence way configured by the AD team.

  I sent 3 win 2 k 8 Server and added to the field.-a. On a single server, I installed vCenter & composer on one server I installed the login server & the other I did the Server fall back to the existing connection server.

  In connect to server, I added vCenter & composer. I have 2 different users who have domain join rights in Domain A and domain B.

  Domain-A\abcUser

  Domain-B\xyzUser

  I added above 2 users in the view composer under domain settings. PFA.

  When creating a pool, in the comments tab customization for users of domain-A, I chose identifier of domain-A\abcUser machine Domain-A and the AD container, which is present in Domina-A place machines.

  for domain B user created another pool, and tab customization of comments, I chose domain-B\xyzuser and the AD container that belongs to the domain B to place machines.

  If you want to add a different machines, you must not deploy a connection/replica server in each domain. Just add the ID domain user under domain composer view tab and choose the right ID when creating the pool.

• Customizing the portal of VMWare View 5 Page

  HELO all,.

  We test Vmware view 5 for an implementation of the medim scale possible. We have all the settings and it works fine. There is one thing that the sentence is me: the Portal Page. Normally, the portal page tells you that you must install the client and it redirects you to the Vmware View client download page. I managed to find documentation that tells you how to customize and I had to show him a few links that will download the client to our own server. I have attached a screenshot with where I am now (vmwareviewcurrentportal.jpg) right; What is the best... but watch some training videos, I noticed that, after the trainer install Vmware View connection to the Portal Services looks diferent (in a better way). I've attached screenshots of what its like (VmwareViewDesiredPortal.JPG) looks like w.

  Essentially: it has radio buttons in the software selection and a download button. After choosing your Customer Portal redirects you to a page (VmwareViewDesiredPortalInstructions.JPG) of the instructions.

  -I know that it is a kind of model because the images to help guide are stored in C:\Program VMware View\Server\broker\webapps\ROOT\portlets\client\images on the Vmware View connection server.

  The question is: how setup/activate this portal? Any help would be greatly apreciated.

  Thank you

  Adrian

  Fear not, we stayed at a compatible screen for all types of customers. I'm sorry.

• Disaster recovery for VMware View

  I am trying to design a site recovery for vmware view on 100 VDI environment.

  I head office:-Equallogic PS6110 the same DR site storage

  -Data Center, Cluster 1,

  -1 vCenter, 1 server, 1 replica server connection, 1 SQL server, Active directory

  How can help pls I conceive the DR site? The head office is in production.

  without need to use RS.

  Do you know what RPO and RTO you should keep disaster?

  What distance between your primary and DR site?

• Error "Failed to connect to the remote computer" VMware View Client

  Hello everyone. I'm currently testing the package VMware view, but stuck on a problem, I can't understand.  I have already tried Googling every possible thing, but still came short on what to do.

  Currently I have:

  Server ESXi 3.5

  -vCenter Server

  -Connection to the server

  -3 swimming pools installed individual office xp host w/view agents

  At the moment, I seemed straight installation because I am able to connect using VMware client/portal with any full blown windows box anywhere in the internal network.  The problem I have is when I try to load the client software VMware view on a HP Neoware e90 box running windows xp embedded.  When I loaded the software and try to connect, I get the address connection server, authentication screen passes, but receives the error "the connection to the remote computer failed" when I try to select one of the desktop images in the list.

  I am capable of everything everywhere, ping from thin client to conn. Server, thin client desktop image and vice versa.  I am also able to RDP in the desktop images in the light client area but just can't understand why it won't pass this error above.  I tried to disable the firewall on everything, but it still doesn't seem to work.  Am I missing a simple step or has someone else has encountered this problem before? Any help would be greatly appreciated. Thank you.

  When you have disabled the firewall was that the firewall or service / network level? If it was at the level of the network, then you must disable the service and stop it. If you have the service, then can you get the logs of the client and post them. Often this info can indicate where he is faced with a problem.

  You want to make a difference in the future of VMware products? Feature to ask your ideas ( http://www.vmware.com/support/policies/feature.html )!

• In the Internet properties and connections and the local network settings, I uncheck the box for a proxy server, but in a few moments, the computer checks the box

  In the Internet properties and connections and the local network settings, I uncheck the box for a proxy server (because it is blocking my access to Internet Explorer), but within moments, the computer checks the box. What can I do to stop the area of the check proxy server box?

  original title: LAN settings

  Have you checked for viruses?

  http://www.eset.com/us/online-scanner/

  It is very common that the virus to do.

• Do need me a separate license for VMware vCenter Server Heartbeat for a remote SQL Server database?

  Do need me a separate license for VMware vCenter Server Heartbeat for a remote SQL Server database?

  Only a single vCenter Server Heartbeat license is necessary to protect the components of the vCenter Server installed remotely, including SQL Server. A single license is also used for several UNIQUE for vCenter Server services protected authentication servers. A license is required per instance of vCenter Server.

• Wanted to know the command for GUI-based server in windows Server 2016

  Please let us know the command for GUI-based server in windows Server 2016.

  Hello

  Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.

  http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer

  See you soon.

• [ADF, JDev12.1.3] "Impossible to book the .lok for Integrated WebLogic Server (IntegratedWebLogicServer) file."

  Hallo,

  Sometimes my Jdeveloper breaks down and it is not possible more interact with it and the only solution for me is killed by the Windows Task Manager.

  When I open it again and I try to run an application THAT WLS cannot start and this message appears:

  It is not possible to reserve the .lok for Integrated WebLogic Server (IntegratedWebLogicServer) file.  In general, it is because another instance of this server is already running in the WebLogic domain (C:\Users\federico\.jdeveloper\system12.1.3.0.41.140521.1008\DefaultDomain).

  I tried also to stop WLS manually using the stopWebLogic batch file, but without success.

  The only thing that solves this problem is to restart the machine, but it's very annoying.

  You kindly help me?

  Thank you

  Federico

  Have you tried to simply remove the *.lok file?

  Once the file has disappeared, he should run again.

  If another process keep the lock, you can use tools such as unlocker to release the lock and remove the file after that.

  Timo

• How to list the columns for a view

  Dear experts

  I know how to list the columns in a table. This easy by querying the data USER_TAB_COLUMNS dictionary.

  But my problem is how to issue a query that returns the columns for a view?

  Thanks in advance

  USER_TAB_COLUMNS stores the metadata for both views.

  Select * from user_tab_columns where table_name = 'YOUR_VIEW_NAME"of order of column_id.    -Replace with your view_name (mandatory course)

  See you soon,.

  Manik.

• How to fix VMware View Server certificate revocation check connection error?

  Dear community,

  For about 2 weeks, I feel a revocation of the certificate check error in our environment Horizon see 6.2. The strange thing is that, within 12 hours about two (replication) connection servers and the vCenter Server / server of composer (on the same machine) are considered as having invalid certificates, even if, in fact, they are valid (CA certificates). We use no security servers.

  The view admin console shows the following for servers connection:

  The server certificate is not approved.

  The server certificate cannot be verified.

  For the vCenter, he said (that I have validated manually the certificate):

  No problems found.

  Certificate is not approved, but the thumbprint of the certificate is accepted.

  With the connection series on 'full', States that the login server logs for the vCenter server:

  TRACE (B 17-0 - 0E98) < VCHealthUpdate > [NativeKeyVault] validateCertificateChain response: {result = FAIL, EndEntityReasons = cantCheckRevoked, ChainReasons = invalid, SelfSigned = false, EndErrorCode = 16777280, EndInfoCode = 258, ChainErrorCode = 16777280, ChainInfoCode = 256, PolicyErrorCode =-2146885613}

  As far as I can see there no similar entries for login server certificates in the newspaper.

  At the moment I am under the environment with composer and vCenter certificates manually valid and invalid connection (red) server certificates (as view clients and browsers are not disabled).

  I already checked that I am able to do everything 'green' again via setting the registry key 'CertificateRevocationCheckType'2 (as described here Configure the server certificates certificate revocation check). This brings me to the conclusion that one of the intermediate certificates cannot be validated. So, I had the information a "version" of an intermediate (intermediate certification authority) certificate has been revoked. There seems to be no coincidence - like the time point is as well, but this particular version does not appear to be used in the servers of my connection.

  However, even with full logging enabled, I can't information which (intermediate) certificate cannot be validated and why. I expected to see something like 'OCSP verification' or 'check the CRL' but I can't find it in the newspapers. However, I noticed that one of the intermediate certificates lacked the OCSP URL (even if the field "Authority Information Access" existed). Of course I updated the certificate with a version that contains the OCSP URL, but it has not changed anything.

  In addition, I checked manually all of the certificates in the chain with openssl (for OCSP) and CRLs as well, but everything seems to be OK (all URLS are accessible and no opportunity of certificate has been revoked). Actually, I do not interpret the error as "that the connection to the server is an invalid certificate because it has been revoked", but "it cannot check if it has been revoked. The servers do not need a proxy and nothing configured, so (I checked the proxy settings system context, also).

  For now, the problem is not critical, such as 'red' status connection server has no effect on our customers and so I could turn off certificate revocation check (or switch to check that the certificate of the server (2)). But of course, I would really solve the problem.

  Is there someone who can give me a hint on what to check, for example, how do I know which certificate cannot be controlled and why? Someone had the same or a similar problem? Support VMware is working on the problem as well, but they seem don't know is not the problem, either.

  I appreciate the thoughts and responses! Thank you!

  Best regards

  Fabian

  Dear community,

  During this time, I was able to correct the error described at the beginning of this thread. Jump to the end to see what could probably help you...

  1. At first, I installed an additional standalone VMware View Server connection in order to check the following related certificates:
     1. VMware support always told me to renew my certificates because they "were not valid" etc. - even if in fact they were (like external URL calls and attested manual verification and tests).
     2. That's why I created new additional certificates for the login server and configured to include the vCenter even as my production environment - only difference was I didn't inlcude the composer who runs the server vCenter himself.
     3. The result was that the server was "green" including both the vCenter Server certificate which could be 'not reliable' by the environment of production - strange, huh?
  2. After I reset the additional server to a turned wink where connection to the server was not yet installed (before that, I uninstalled the connection to the server in case there is information in vCenter thereon) and reinstalled as a replica of the production environment server. Somehow I expected this, but still quite strange the vCenter Server (and composer) now again was considered "invalid", even if the certificate of the server connection itself considered still valid and green. For test purposes, so I put certifice revocation checking on '2' (only one server certificate check) - but only on the 'old' production servers' and 'magical' everything has been considered valid. So as I see it, there seems to be some sort of information stored on the 'old' connection servers that makes them believe that invalid certificates and that the information is replicated on the third server unless I lower the revocation of the certificate controls on these servers. Altervative explanation could be that VMware View does not accept certificates with aliases that do not include the 'real' server name - that is / was in fact certificates the old servers connection. The new server certificate connection included the real name and the alias. I understand if this is the case, but then I expect that it be documented somewhere (I have not found this information) and also wouldn't understand why it worked without problem for several years before.
  3. After finding that out, I created new certificates for the 'old' connection servers, including aliases and real names and replaced the certificate on one of the servers (and restarted the login server) - only a few successfully. Once I put the revocation checking on '4' again on this server, the login server certificate was still considered valid, but not the vCenter and certificate of composer.
  4. Now, I've uninstalled the old login server (removed from the view) and reinstalled completely (including an update of the 2008 R2 2012 R2 OS) and after I have it reintegrated into the environment, everything remained green - as long I have will activate revocation checking on the second login server "old." This is why I did the same with this (completely reinstalled and reinstated it) and now everything is green with the revocation checking enabled on all replicas of server connection.
  5. The next step I uninstall the additional replica because I created only for troubleshooting purposes.

  So what will no doubt help in similar cases:

  • Reinstall the servers of connection one by one, including:
  • Uninstalling html access (if used), uninstall the login server to view, uninstall 'VMware' AD LDS Instance.
  • Removal of the connection to the server of replication group: run "s - r s uninstalled_ vdmadmin.exeservername" on one of the servers connection remaining.
  • Reinstall/Update OS (may not be necessary, but I did not test that)
  • Reininstall, return to the login server replica. If you used the certificates which included only the alias of the server I recommend you to create new ones, including the name of the server as well, but maybe it's not necessary as well. If you want to keep the certificates which only inlcude the alias it will be necessary to install this certificate after the first replication of the servers (see below).

  My question for technicians of VMware/developers: It is supported to use certificates include only the server alias. Otherwise why it worked before and where is it documented? Where are certificate cached information so that simply replace the certificate was only some, and not a complete success (see above). FYI - when I paired initially replicas that I had to install the CA (including only the pseudonym) after the first replication - now with certificates (including the server name and the alias), I could install the certificate before you replicate (= the login server installation).