Most people associate security with network security and focus on firewalls and network monitoring. But security is more than that. It starts with establishing a stable environment, protecting this environment not only from intrusion but also from malicious intent. Last but not the least it is about tracking the issue and recovering from it. All this is security and needs to be addressed.
Chapter 1, Introduction to View, gives a short overview of what a typical View environment contains as well as definitions of all the technical terms we will be using.
Chapter 2, Securing Your Base, explains that a VMware virtual machine image is hardware independent, replacing the physical corporate desktops with thin clients makes changes to the corporate desktop image a lot easier as well as centralizing the management of it. This centralization also creates the need to rethink provisioning and redundancy compared to the traditional IT methods. As everyone who uses a vDesktop is now dependent on the centralized virtual environment, it is of the upmost importance that this infrastructure is safe and available. We will discuss how to harden the View servers and integrate them into the existing VMware vSphere settings, such as HA, DRS, and event monitoring. We will also take a bit of time to understand how View logfiles work and how to read them.
Chapter 3, Securing the Connection, explains that corporate working environments are not limited to one site and it becomes more and more important for personnel to work from other places than the office. In being able to operate in the new mobile world it is even more important to secure your environment against intrusion. This chapter focuses on network security like firewalls, DMZ deployments, and user authentication.
Chapter 4, Securing the Client, addresses the issue of securing the client which most corporations find critical. Most corporate data theft comes from within the organization not from external threats and data theft. This means not only the control of who is able to log into what is of importance, but also addressing the usage of USB devices that can be used to extract corporate data.
Chapter 5, Backup and Recovery, deals with fundamental things that most people don't associate with security, but which still is of the upmost importance. Backup and restore of the VMware View environment itself is explained in this chapter.
In this book we are focusing on VMware View 5.1 based on a VMware vSphere 5.1 environment. A typical View environment consists of:
VMware ESXi 5.1 server
VMware vCenter 5.1 (including SSO and all other requirements)
Shared storage
VMware View 5.1
Windows desktop images
In regards of the ESXi servers, as of writing of this book there are two versions of ESXi 5.1: the standard one (Build 799733) and the View 5.1 compatibility version (VMware-VMvisor-Installer-201210001-838463.x86_64.iso). Only the View 5.1 supported ESXi 5.1 version should be used, see also VMware KB 2035268.
I also assume that you have a working knowledge of VMware View and are able to do the following tasks:
Installing VMware View Servers
Deploying a Windows 7 Workstation template in View
Deploy desktop pools
Access vDesktops via the View Client and HTTP interface
Later we will make use of additional View Connection Servers, View Transfer Servers, and View Security Servers. As I like to show you in this book how to configure and secure View, as space is limited, you will need to familiarize yourself with how to install the basic features. We will however discuss all the details of the security design and how to configure the components.
In addition to all this you need to have either physical or virtual network infrastructure. In Chapter 3, Securing the Connection, we will play with the network features. For this you need to be able to configure a firewall (blocking ports, enabling NAT, and Port forwarding), and create an isolated network. If you don't have the hardware for this I would suggest having a look at VMware vShield.
This book is written for the novice as well as for the professional. As a novice, you should have some experience with View, at least you should have it installed once. As a professional it will give you a deeper understanding on how the different View components play together to generate security.
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "The URL contains the HTTPS protocol as well as port 443."
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "Navigate to View Configuration | Servers."
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/submit-errata, selecting your book, clicking on the errata submission form link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.