Forum Discussion
VMware Horizon View iAPP VDI + HTML5
There is a straight forward (meaning very few options) iApp on devcentral that supports the optimized solution you mentioned. The iApp assumes a single BIG-IP deployment were APM has access to your untrusted (public) network and trusted View networks. APM's trusted connection needs to be able to communicate to your View Connection servers (tcp 443) and to your virtual desktops (tcp 443 & udp 4172). The iApp creates 5 virtual servers; 2 for internal trusted client connections, and 3 for untrusted client connections.
Summary of iApp virtual server creation:
Untrusted ip1:tcp:443 vs - lb auth requests to connection servers and manages html 5 connections to virtual desktops.
Untrusted ip1:udp:4172 vs - manages pcoip connections to desktops
Untrusted ip1:tcp:80 vs - redirects 80 connections to 443
note: apm inserts untrusted vs ip1 into sta ticket on the way back to the client which forces all client desktop connections to APM. APM handles AD authentication and securely proxy's pcoip/html 5 connections, thus replacing the security servers role. Using your split dns, you would point all external/untrusted networks to this address.
trusted ip2:tcp:443 vs - lb auth requests to connection servers
trusted ip2:tcp:80 vs - redirects 80 to 443
Note trusted clients need to have access to virtual desktops via tcp 443 (html 5 client connections), and tcp/udp 4172 (pcoip connections) since apm is not managing/proxying trusted connections to the desktops. Using your split dns, you would point all trusted networks to this ip address.
Sorry for the long narration, I just thought i would give you a little context before jumping into using the optimized solution iapp on DC. There is also a DG noted in the link that you can read through for more through details.
-Greg
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com