A security server is an instance of View Connection Server that adds an additional layer of security between the Internet and your internal network. You can install one or more security servers to be connected to a View Connection Server instance.
The security server software cannot coexist on the same virtual or physical machine with any other View software component, including a replica server, View Connection Server, View Composer, View Agent, or Horizon Client.
Prerequisites
- Determine the type of topology to use. For example, determine which load balancing solution to use. Decide if the View Connection Server instances that are paired with security servers will be dedicated to users of the external network. For information, see the View Architecture Planning document.
Important: If you use a load balancer, it must have an IP address that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines automatically get IP addresses that do not change.
- Verify that your installation satisfies the requirements described in View Connection Server Requirements.
- Prepare your environment for the installation. See Installation Prerequisites for View Connection Server.
- Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running a View Connection Server version that is compatible with the security server version. See "View Component Compatibility Matrix" in the View Upgrades document.
- Verify that the View Connection Server instance to be paired with the security server is accessible to the computer on which you plan to install the security server.
- Configure a security server pairing password. See Configure a Security Server Pairing Password.
- Familiarize yourself with the format of external URLs. See Configuring External URLs for Secure Gateway and Tunnel Connections.
- Verify that Windows Firewall with Advanced Security is set to on in the active profiles. It is recommended that you turn this setting to on for all profiles. By default, IPsec rules govern connections between security server and View Connection Server and require Windows Firewall with Advanced Security to be enabled.
- Familiarize yourself with the network ports that must be opened on the Windows Firewall for a security server. See Firewall Rules for View Connection Server.
- If your network topology includes a back-end firewall between the security server and View Connection Server, you must configure the firewall to support IPsec. See Configuring a Back-End Firewall to Support IPsec.
- If you are upgrading or reinstalling the security server, verify that the existing IPsec rules for the security server were removed. See Remove IPsec Rules for the Security Server.
- If you are installing View in FIPS mode, you must deselect the global setting Use IPSec for Security Server Connections in View Administrator, because in FIPS mode, you must configure IPsec manually after installing a security server.
Procedure
Results
The security server services are installed on the Windows Server computer:
- VMware Horizon View Security Server
- VMware Horizon View Framework Component
- VMware Horizon View Security Gateway Component
- VMware Horizon View PCoIP Secure Gateway
- VMware Blast Secure Gateway
For information about these services, see the View Administration document.
The security server appears in the Security Servers pane in View Administrator.
The VMware Horizon View Connection Server (Blast-In) rule is enabled in the Windows Firewall on the security server. This firewall rule allows Web browsers on client devices to use HTML Access to connect to the security server on TCP port 8443.
What to do next
Configure an SSL server certificate for the security server. See Configuring SSL Certificates for View Servers.
You might have to configure client connection settings for the security server, and you can tune Windows Server settings to support a large deployment. See Configuring Horizon Client Connections and Sizing Windows Server Settings to Support Your Deployment.
If you are reinstalling the security server and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.