VMware Horizon 6 install – Part 2 security server

Posted by on June 26, 2014 in Horizon Suite, View | 7 comments

This is the second part of this multi part series on installing VMware Horizon 6. The first part covered installing Horizon View connection servers and replica servers. In this post I will cover the install of a View Security Server, these servers are used for brokering external network connections into your datacenter for Horizon. The security servers are located in your DMZ network and establish a secure connection back to a linked connection broker.

You can install multiple Security Servers into a View environment. There is a 1:1 relationship between a security server and a connection server. This means if you want 2 security servers you will need at least 2 connection servers. VMware recommends that most customers build separate connection servers just for pairing with your security servers. This might not be necessary for smaller install.

 

Other posts in this Horizon series.

VMware Horizon 6 install – Part 1 connection servers

VMware Horizon 6 install – Part 3 SSL certificates

VMware Horizon 6 install – Part 4 configuring RDS pool

VMware Horizon 6 install – Part 5 setting up RDS desktops

VMware Horizon 6 install – Part 6 setting up RDS applications

 

Install Horizon 6 security server

To start off you will need to log into the View Administrator. First click on Servers from the View Configuration area, then click on the connection server that you will be pairing the security server with. Last from the More Commands button choose to Specify Security Server Pairing password, this is a unique password that will allow the two servers to establish a secure connection.
horizon6-security-1

Step 2: A pop-up window will open for you to enter in the Pairing Password. Enter your password here twice and choose the timeout value, this is the amount of time the password will be good for. You will need to install and link the security server before the timeout period ends.

horizon6-security-2

 

Step 3: I’m going to skip a few steps on the install part. You use the same connection server install file and the steps are the same up to this point. Here you will choose to install the Security Server option and proceed.

horizon6-security-2b

 

Step 4: On this step you will be prompted to enter the Connection server password that you created at the beginning of this post.

horizon6-security-3

 

Step 5: This step asks you to provide the hostname or IP of the connection server that you are pairing with the security server being built.

horizon6-security-4

 

Step 6: Last up is where you specify the External URLs that you can point clients to for access. The default values have been left in, if you install multiple security servers you will use a friendly URL and that will load balance to these URLs.

horizon6-security-6

 

Step 7: Much like in the other install the installer will auto configure the Windows Firewall. This is important unless you want to spend a bunch of time manually identifying ports and creating rules for them yourself. Not my idea of fun.

horizon6-security-7

 

Step 8: Last up the installer is confirming the install location and you are ready to install.

horizon6-security-8

 

At this point you now should have connection server(s) and security server(s) built. The next step will be to install the SSL certificates to secure all of the servers that you have built. This is covered in part three of this Horizon install series.

 

 

About Brian Suhr

Brian is a VCDX5-DCV and a Sr. Tech Marketing Engineer at Nutanix and owner of this website. He is active in the VMware community and helps lead the Chicago VMUG group. Specializing in VDI and Cloud project designs. Awarded VMware vExpert status 6 years for 2016 - 2011. VCP3, VCP5, VCP5-Iaas, VCP-Cloud, VCAP-DTD, VCAP5-DCD, VCAP5-DCA, VCA-DT, VCP5-DT, Cisco UCS Design

7 Comments

  1. Minor typo:
    “Step 7: Much link”
    Should be “Step 7: Much like”

    Good post. Thank you.

    • Cleaned up, thanks for the heads up.

  2. Hi Brian,

    Great set of posts on view 6. I have a question about a comment at the top of the page where you wrote “. VMware recommends that most customers build separate connection servers just for pairing with your security servers. ”

    Would this mean having an environment with 2 connection servers and one of them is tied to the security server. How would that work?

    Thanks. Looking forward to the rest of the series.

    Kass

    • Hello Kass, The options are many for this. I will try to cover two to give you the idea.

      #1 You have two connection servers for internal connections, these are load balanced for HA. You then have a single to a pair of security servers and they use the same connection servers.

      #2 You still have the two internal connection servers. But to keep traffic separated you also have a pair of connection servers that are paired and dedicated to the security servers. Depending on the size of the environment this is a recommended model to control and monitor your external traffic flow.

      • Hi Brian,

        ahh got that, it now makes sense. Thanks for clarifying that point. Appreciate it.

        Kass

  3. Hi Brian,

    If a environment is without the backend firewall, do we still need a security server in place? Can we just point the external client to the connection server?

    Thank you

    • Hello,

      In theory you could, but that would be a very unsecure way to provide connectivity. I would still use the security servers or a load balancer appliance that is in front of your connection servers for external access. You don’t want Windows domain servers exposed to the external world.

Trackbacks/Pingbacks

  1. VMware Horizon 6 install - Part 1 connection server | VirtualizeTips - […] VMware Horizon 6 install – Part 2 security server […]
  2. VMware Horizon 6 install - Part 5 setting up RDS desktops | VirtualizeTips - […] VMware Horizon 6 install – Part 2 security servers […]
  3. VMware Horizon 6 install - Part 2 SSL Certificates | VirtualizeTips - […] VMware Horizon 6 install – Part 2 security servers […]

Leave a Reply

%d bloggers like this: