Enhancing VMware Horizon View with F5 Solutions

Similar documents
Prompta volumus denique eam ei, mel autem

Improving VDI with Scalable Infrastructure

Deploying the BIG-IP LTM with IBM QRadar Logging

Archived. Configuring a single-tenant BIG-IP Virtual Edition in the Cloud. Deployment Guide Document Version: 1.0. What is F5 iapp?

Enabling Long Distance Live Migration with F5 and VMware vmotion

F5 and Nuage Networks Partnership Overview for Enterprises

Meeting the Challenges of an HA Architecture for IBM WebSphere SIP

Archived. h h Health monitoring of the Guardium S-TAP Collectors to ensure traffic is sent to a Collector that is actually up and available,

Large FSI DDoS Protection Reference Architecture

Deploying the BIG-IP System with Oracle Hyperion Applications

Deploying the BIG-IP System with CA SiteMinder

Deploying the BIG-IP System v11 with DNS Servers

Data Center Virtualization Q&A

The Programmable Network

VMware vcenter Site Recovery Manager

Complying with PCI DSS 3.0

Deploying a Next-Generation IPS Infrastructure

Deploying WAN-Optimized Acceleration for VMware vmotion Between Two BIG-IP Systems

Archived. Deploying the BIG-IP LTM with IBM Cognos Insight. Deployment Guide Document version 1.0. What s inside: 2 Products and versions tested

Secure Mobile Access to Corporate Applications

Optimize and Accelerate Your Mission- Critical Applications across the WAN

DESIGN GUIDE. VMware NSX for vsphere (NSX-v) and F5 BIG-IP Design Guide

The F5 Intelligent DNS Scale Reference Architecture

Deploying the BIG-IP LTM and APM with VMware View 4.6

Load Balancing 101: Nuts and Bolts

Validating Microsoft Exchange 2010 on Cisco and NetApp FlexPod with the F5 BIG-IP System

Deploying a Next-Generation IPS Infrastructure

Archived. For more information of IBM Maximo Asset Management system see:

Geolocation and Application Delivery

Load Balancing 101: Nuts and Bolts

Securing the Cloud. White Paper by Peter Silva

Providing Security and Acceleration for Remote Users

Optimizing NetApp SnapMirror Data Replication with F5 BIG-IP WAN Optimization Manager

Addressing Security Loopholes of Third Party Browser Plug ins UPDATED FEBRUARY 2017

Enhancing Exchange Mobile Device Security with the F5 BIG-IP Platform

Distributing Applications for Disaster Planning and Availability

Managing BIG-IP Devices with HP and Microsoft Network Management Solutions

Multi-Tenancy Designs for the F5 High-Performance Services Fabric

WHITE PAPER. F5 and Cisco. Supercharging IT Operations with Full-Stack SDN

Document version: 1.0 What's inside: Products and versions tested Important:

APM Cookbook: Single Sign On (SSO) using Kerberos

F5 iapps: Moving Application Delivery Beyond the Network

Managing the Migration to IPv6 Throughout the Service Provider Network White Paper

Deploying F5 with VMware View and Horizon View

Citrix Federated Authentication Service Integration with APM

SAS and F5 integration at F5 Networks. Updates for Version 11.6

Global Distributed Service in the Cloud with F5 and VMware

Simplifying Security for Mobile Networks

VMware AirWatch Integration with F5 Guide Enabling secure connections between mobile applications and your backend resources

Server Virtualization Incentive Program

Archived. Deploying the BIG-IP LTM with IBM Lotus inotes BIG-IP LTM , 10.1, 11.2, IBM Lotus inotes 8.5 (applies to 8.5.

Session Initiated Protocol (SIP): A Five-Function Protocol

Protecting Against Online Banking Fraud with F5

F5 in AWS Part 3 Advanced Topologies and More on Highly Available Services

SECURE, FLEXIBLE ON-PREMISE STORAGE WITH EMC SYNCPLICITY AND EMC ISILON

Unified Application Delivery

The F5 Application Services Reference Architecture

Cookies, Sessions, and Persistence

Deploying the BIG-IP LTM with Oracle JD Edwards EnterpriseOne

Agility 2018 Hands-on Lab Guide. VDI the F5 Way. F5 Networks, Inc.

Prompta volumus denique eam ei, mel autem

DEPLOYMENT GUIDE. Load Balancing VMware Unified Access Gateway

Cisco HyperFlex and the F5 BIG-IP Platform Accelerate Infrastructure and Application Deployments

SNMP: Simplified. White Paper by F5

VMware Horizon 7 Administration Training

v.10 - Working the GTM Command Line Interface

HySecure Quick Start Guide. HySecure 5.0

Deploying F5 with VMware View and Horizon View

BIG-IP Global Traffic Manager

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

ActivIdentity 4TRESS AAA Web Tokens and F5 BIG-IP Access Policy Manager. Integration Handbook

Converting a Cisco ACE configuration file to F5 BIG IP Format

Parallels Remote Application Server

F5 Reference Architecture for Cisco ACI

PCI DSS Compliance. White Paper Parallels Remote Application Server

F5 icontrol. In this white paper, get an introduction to F5 icontrol service-enabled management API. F5 White Paper

BIG-IP APM: Access Policy Manager v11. David Perodin Field Systems Engineer

VMware Enterprise Desktop Solutions. Tommy Walker Enterprise Desktop Specialist Engineer Desktop Platform Solutions

BIG IQ Reporting for Subscription and ELA Programs

VMware Horizon View Deployment

TECHNICAL WHITE PAPER DECEMBER 2017 VMWARE HORIZON CLOUD SERVICE ON MICROSOFT AZURE SECURITY CONSIDERATIONS. White Paper

Unified Access and Optimization with F5 BIG-IP Edge Gateway

One Time Passwords via an SMS Gateway with BIG IP Access Policy Manager

Network Functions Virtualization - Everything Old Is New Again

Vendor: Citrix. Exam Code: 1Y Exam Name: Designing Citrix XenDesktop 7.6 Solutions. Version: Demo

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Protecting Against Application DDoS A acks with BIG-IP ASM: A Three- Step Solution

NGIPS Recommended Practices

VMWARE HORIZON 7. End-User Computing Today. Horizon 7: Delivering Desktops and Applications as a Service

Parallels Remote Application Server

Parallels Remote Application Server

Atlas Technology White Paper

The Dynamic DNS Infrastructure

Brocade Virtual Traffic Manager and Parallels Remote Application Server

302 BIG-IP DNS SPECIALIST

Automating the Data Center

BIG-IP Access Policy Manager : Portal Access. Version 12.1

VMware Horizon View. Read more VMWARE solutions. Contact Us MicroAge.com

Identity Firewall. About the Identity Firewall

TECHNICAL WHITE PAPER DECEMBER 2017 VMWARE ALWAYSON DIGITAL WORKSPACE DESIGN GUIDE. Version 3.1

Transcription:

Enhancing VMware Horizon View with F5 Solutions VMware Horizon View is the leading virtualization solution for delivering desktops as a managed service to a wide range of devices. F5 BIG-IP devices optimize the user experience and help ensure maximum performance, availability, scalability, and security for View implementations. White Paper by Simon Hamilton Wilkes

Introduction Desktop and endpoint device management has long been a challenge for IT organizations. End users demand flexibility, multiple access options, and desktop customization, while business units often require multiple desktop types based on their business and technical requirements: Windows 7 for sales and staff in the field, Windows XP for accounting, Mac for creative design, and Linux for technical staff. This kind of multi-level matrix can be a major management headache on its own. But add in support for all the different desktop needs, plus remote support for those on laptops, and desktop management can all but consume an IT organization's budget and time. VMware End User Computing VMware Horizon View-part of VMware's Horizon Suite of products-alleviates two significant management headaches: location and standardization. To solve the location problem, virtual desktop infrastructure (VDI) deployments virtualize user desktops by delivering them to individual clients over the network from a central location. Those desktops are stored and run in the data center, rather than having individual desktop and laptop machines in the field running localized operating systems. This seamless virtualization goes undetected by users. To solve the standardization problem, VMware enables business groups that have specific desktop needs to be clustered together in the data center and managed as a unit. For example, when all the Windows machines need a new service pack, it can be installed to the master image in the data center and then delivered to users the next morning when they log in to their virtual desktops. Administrators can package applications with VMware ThinApp and manage access though Active Directory permissions rather than installing them on individual images. Because IT staff no longer have to visit each local system or push software installs down through remote tools, users aren't forced to reboot during the business day. Virtual platform providers host VDI solutions, such as View, as part of their hypervisor platforms in the data center. This enables companies to deploy and manage virtual servers and virtual desktops at the same time and in the same place, which cuts down on management time and costs because IT can manage these two virtual technologies as a single solution. Organizations consistently cite user experience as critical to the success of their virtual desktop deployments: performance has to compare favorably to a conventional desktop, while availability and security must be even greater. F5 offers a variety of solutions to help organizations maximize the success of these 1

F5 offers a variety of solutions to help organizations maximize the success of these critical elements in their View desktop deployments. As a VMware partner, F5 has thoroughly tested and documented the benefits of using its Application Delivery Networking solutions with View to address secure access, username persistence, load balancing, server health monitoring, and more. Performance, Scalability, and Security The larger the VMware Horizon View deployment, the more View Connection Servers are needed to handle the concurrent desktop connections. F5 BIG-IP Local Traffic Manager (LTM) provides valuable load balancing and health monitoring, resulting in higher system availability and greater scalability-and ultimately, a better user experience. Additionally, an F5 iapps Template makes configuration straightforward by simplifying setup and preventing human error. View client connectivity utilizes multiple ports and protocols that must be directed at the same View Connection Server for a successful session, and while PC-over-IP (PCoIP), the View desktop streaming protocol, is UDP-based, SSL-wrapped TCP connections are utilized for authentication and USB. Administrators can save capacity on the View Connection Servers by offloading encryption to the BIG-IP devices. Enhancing Security and Access Control Ensuring secure remote access is critical to protecting corporate information. VMware satisfies this with its Security Gateway, a PCoIP proxy that is installed on multiple Windows Server 2008 R2 machines. To route incoming connections to the internal network, these need to be installed in an organization's DMZ. While this is very effective for zero clients (appliances that do not run a traditional operating system), organizations may prefer a more robust solution for thin clients based on Windows, OS X, Linux, Android, and ios. F5 addresses this with BIG-IP Access Policy Manager (APM), which performs prelogin checks to the endpoint device prior to allowing the login sequence to begin. BIG-IP APM can determine if antivirus software or a personal firewall is running on the endpoint and whether it is up to date, and it can enforce a specific operating system patch level, View client installation version, and a host of other pre-login checks. BIG-IP APM can direct the user to a remediation page for further instructions or even turn on antivirus software or firewalls for the user. It can also enforce Active Directory group policies on corporate-owned and non-corporateowned assets for the duration of the connection. BIG-IP APM supports a broad range of authentication mechanisms, including two- 2

BIG-IP APM supports a broad range of authentication mechanisms, including twofactor schemes and various back-end directory services. Once authenticated, highperformance View PCoIP can be transported within the DTLS (Datagram Transport Layer Security) protocol. This provides the security organizations need to transport View communications without the performance degradation that a common SSL VPN solution suffers. There can be an automatic fallback to TCP SSL VPN if a highperformance UDP tunnel cannot be established. The BIG-IP Edge Client can also apply rate-shaping functions so PCoIP traffic receives priority over other UDP network traffic from the client. This ensures that even if the user is running other programs, the virtual desktop user experience remains a positive one. For zero clients or where endpoint inspection is not desired, the PCoIP proxy functionality in BIG-IP APM can be used. This removes the requirement for VMware Security Gateways in the DMZ along with their 1:1 mapping to View Connection Servers. The BIG-IP APM appliance proxies the PCoIP connection, passing it internally to any available Connection Server within the View pod, which interprets the connection as a normal internal PCoIP session. This provides the scalability benefits of a BIG-IP appliance and gives BIG-IP APM and BIG-IP LTM appliances visibility of the PCoIP traffic so that more advanced access management solutions can be used. 3

Figure 1: The F5 BIG-IP system and VMware Horizon View topology. Simplified Authentication for Users Streamlining the authentication process for remote workers is important to a good user experience. BIG-IP APM securely caches login credentials and enables authentication pass-through during the login process, so users can log in once, access their desktops immediately, and stay logged in as long as they are using the system. This single sign-on provides a seamless user experience, minimizes the security risk, and reduces password lockout calls to the help desk. VMware Horizon View now supports multi-factor authentication with RADIUS, though without fallback to redundant authentication servers. BIG-IP LTM fills this void by load balancing and performing health checks on the RADIUS servers to ensure availability. Local and Global Access Management 4

Local and Global Access Management Persistent and Non-Persistent Desktops VMware Horizon View has two types of desktops: non-persistent, in which a generic desktop image is given to users and upon logout returns to its initial state, and persistent, in which all user changes persist, just as they would on a physical PC. This is an important distinction when supporting mobile users, as those with persistent desktops will expect to be connected to their unique image wherever they may be, whereas non-persistent users can be directed to the nearest available source. Username Persistence VMware Horizon View scale-out is based on infrastructure "pods," each of which can host up to 10,000 source desktops. If administrators want to serve more users with multiple pods, or divide the infrastructure for management reasons, they must connect users to the correct pod. View's built-in persistence mechanism uses a J- session ID, which is baked into the client access device or client software, that could give the jarring experience of receiving a fresh desktop after a short move from one client device to another. The F5 solution reconnects users to their existing sessions transparently. This persistence based on username is very powerful when users are moving between multiple devices and locations (such as medical staff in a hospital), but they want to retain access to a non-persistent desktop for a period of time. Single Namespace When many sites are possible desktop location sources, (and those sites are potentially in different geographies), using BIG-IP LTM in conjunction with BIG-IP APM and BIG-IP Global Traffic Manager (GTM) is ideal. Clients can be initially directed by BIG-IP GTM to their nearest site. If, post authentication, the BIG-IP system determines their desktop resides elsewhere, BIG-IP GTM can transparently redirect them. This permits active/active multi-site View deployments with an infrastructure that can dynamically direct connections to provide high availability and a seamless user experience. The connection flow starts when a user launches the View client and it performs a 5

The connection flow starts when a user launches the View client and it performs a DNS lookup; BIG-IP GTM receives this request and makes an initial decision on the correct destination for the session, based, for example, on the geographic IP lookup of the client's DNS server. The View client connects and authenticates with the View Connection Server IP address BIG-IP GTM has provided. BIG-IP APM monitors the Microsoft Active Directory (AD) authentication process by querying AD itself to look for a custom parameter that specifies the user's desktop location. If the initial connection is not to the correct site or pod, BIG-IP APM replays the authentication transaction to the correct location and establishes a PCoIP View session. The entire dynamic decision and redirection process is invisible to the user. This solution has the advantage of AD being a distributed replicated database, so the user's desktop location can be determined with a single lookup. Figure 2: Single namespace logical connection flow. Conclusion The BIG-IP system provides secure remote access from a full selection of client devices, with endpoint inspection where appropriate and a full range of authentication options. BIG-IP LTM and BIG-IP APM improve the user experience by providing single sign-on and enhancing the reliability and performance of RADIUS or Active Directory. With the iapps Template for VMware Horizon View, administrators can configure these features accurately with minimum effort. There's no doubting the advantages of deploying a virtualized desktop solution like 6

There's no doubting the advantages of deploying a virtualized desktop solution like View throughout the enterprise. By deploying the F5 BIG-IP system alongside it, organizations can achieve even higher availability and scalability. Leveraging BIG-IP LTM, BIG-IP APM, and BIG-IP GTM allows IT staff to integrate multiple View pods or physical sites for source desktops-all without disrupting the user. In enabling users to reconnect to their existing persistent desktop source when required, and providing a dynamic and agile infrastructure that can adapt to planned and unplanned events, the BIG-IP system is key to successful VMware Horizon View deployments. F5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119 888-882-4447 www.f5.com Americas info@f5.com Asia-Pacific apacinfo@f5.com Europe/Middle-East/Africa emeainfo@f5.com Japan f5j-info@f5.com 2015 F5 Networks, Inc. All rights reserved. F5, F5 Networks, and the F5 logo are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identified at f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5. 0113 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback