Let me make sure I’m understanding your configuration correctly: You have a View Connection Server on an internal IP address (NATed?) with some amount of virtual desktops that are also on internal IP addresses. Those IP addresses are not directly reachable from outside of your organization.
You also have a View Security Server that’s acting as an external gateway for your Connection Server—the security server has an external IP and has PCoIP gateway enabled so it can pass traffic back to your Connection Server to allow for connections coming from outside of your org. As far as I know in View 5, there’s no way to restrict which users are allowed to use a Securitiy Server without also restricting them from being able to use the Connection Server as well—so, to ban them from external access you would also have to ban them from internal access. A lot of this is likely because of how the Security Server functions. Security Server just acts as a transparent pass-through to your Connection Server (it basically sets up a small 1-to-1 vpn) and doesn’t really process anything it receives. This is definitely something they could add in the future though, especially if enough of us request it from them. I also haven’t tried View 6 yet so perhaps it’s something that’s already improved. ---- Jack Kramer On Jun 19, 2014, at 4:16 AM, Gavin Wilby <[email protected]<mailto:[email protected]>> wrote: Morning all, I have started working with a pre set-up VDI, that is wholly VMWare 5. We use Horizon clients to connect to a View server, or we have the small Wyse terminals that do the same thing. The View server is internally addressed and connected to via IP, but it’s also accessible via the Internet through a Security server in our DMZ, also via an external fixed IP. What has become clear is that if the user knows the External IP, then they can connect to the desktop on the View server, and there seems to be no way of being able to allocate a group of users that can/ cannot access their desktop outside of the office. This seems like a massive omission, unless I am missing something vital, as we do have some users that management would prefer not to log in from home to their desktops. The firewall can be configured to prevent the connections but none of the users that we want to allow will have fixed IP addresses. Anyone come across this and have a solution? Gavin Wilby SMP Partners Limited, SMP Trustees Limited and SMP Fund Services Limited are licensed by the Isle of Man Financial Supervision Commission. SMP Accounting & Tax Limited is a member of the ICAEW Practice Assurance Scheme. SMP Partners Limited registered in the Isle of Man, Company Registration No: 000908V Directors: M.W. Denton, M.J. Derbyshire, P.N. Eckersley, S.E McGowan, O. Peck, J.J. Scott, S.J. Turner SMP Trustees Limited registered in the Isle of Man, Company Registration No: 068396C Directors: A.C. Baggesen, M.W. Denton, O. Peck, J.J. Scott, J. Watterson, J. Cubbon SMP Fund Services Limited registered in the Isle of Man, Company Registration No: 120288C Directors: V. Campbell, M.W. Denton, P.N. Eckersley, D.A. Manser, S.E McGowan, O. Peck, J.J. Scott, R.K. Corkill SMP Accounting & Tax Limited registered in the Isle of Man, Company Registration No: 001316V Directors: I.F. Begley, A.J. Dowling, P. Duchars, P.N. Eckersley, J.J. Scott, S.J. Turner SMP Capital Markets Limited registered in the Isle of Man, Company Registration No: 002438V Directors: M.W. Denton, M.J. Derbyshire, D.F Hudson, S.E McGowan, O. Peck, J.J. Scott. SMP Partners Limited, SMP Trustees Limited, SMP Fund Services Limited, SMP Accounting & Tax Limited and SMP Capital Markets Limited are members of the SMP Partners Group of Companies. <http://www.smppartners.com/disclaimer.html> This email is confidential and is subject to disclaimers. Details can be found at: http://www.smppartners.com/disclaimer.html ______________________________________________________________________ This email has been scanned by the Symantec Email Security.cloud service. For more information please visit http://www.symanteccloud.com ______________________________________________________________________
