A security server is an instance of View Connection Server that adds an additional layer of security between the Internet and your internal network. You can install one or more security servers to be connected to a View Connection Server instance.

The security server software cannot coexist on the same virtual or physical machine with any other View Manager software component, including a replica server, View Connection Server, View Composer, View Agent, View Client, or View Transfer Server.

Determine the type of topology to use. For example, determine which load balancing solution to use. Decide if the View Connection Server instances that are paired with security servers will be dedicated to users of the external network. For information, see the VMware View Architecture Planning document.

Important

If you use a load balancer, you must have static IP addresses for the load balancer and each security server. For example, if you use a load balancer with two security servers, you need 3 static IP addresses.

Verify that your installation satisfies the requirements described in View Connection Server Requirements.

Prepare your environment for the installation. See Installation Prerequisites for View Connection Server.

Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running View Connection Server 4.6 or later. You cannot pair a View 4.6 or later security server with an older version of View Connection Server.

Verify that the View Connection Server instance to be paired with the security server is accessible to the computer on which you plan to install the security server.

Configure a security server pairing password. See Configure a Security Server Pairing Password.

Familiarize yourself with the format of external URLs. See Configuring External URLs for PCoIP Secure Gateway and Tunnel Connections.

Verify that Windows Firewall with Advanced Security is set to on in the active profiles. It is recommended that you turn this setting to on for all profiles. By default, IPsec rules govern connections between security server and View Connection Server and require Windows Firewall with Advanced Security to be enabled.

Familiarize yourself with the network ports that must be opened on the Windows Firewall for a security server. See Firewall Rules for View Connection Server.

If your network topology includes a back-end firewall between the security server and View Connection Server, you must configure the firewall to support IPsec. See Configuring a Back-End Firewall to Support IPsec.

If you are upgrading or reinstalling the security server, verify that the existing IPsec rules for the security server were removed. See Prepare to Upgrade or Reinstall a Security Server.

1

Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer.

The installer filename is VMware-viewconnectionserver-x86_64-y.y.y-xxxxxx.exe, where xxxxxx is the build number and y.y.y is the version number.

2

To start the View Connection Server installation program, double-click the installer file.

3

Accept the VMware license terms.

4

Accept or change the destination folder.

5

Select the View Security Server installation option.

6

Type the fully qualified domain name or IP address of the View Connection Server instance to pair with the security server in the Server text box.

The security server forwards network traffic to this View Connection Server instance.

7

Type the security server pairing password in the Password text box.

If the password has expired, you can use View Administrator to configure a new password and type the new password in the installation program.

8

In the External URL text box, type the external URL of the security server for View Clients that use the RDP or PCoIP display protocols.

The URL must contain the protocol, client-resolvable security server name, and port number. Tunnel clients that run outside of your network use this URL to connect to the security server.

For example: https://view.example.com:443

9

In the PCoIP External URL text box, type the external URL of the security server for View Clients that use the PCoIP display protocol.

Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name.

For example: 10.20.30.40:4172

The URL must contain the IP address and port number that a client system can use to reach the security server. You can type into the text box only if a PCoIP Secure Gateway is installed on the security server.

10

Choose how to configure the Windows Firewall service.

Option

Action

Configure Windows Firewall automatically

Let the installer configure Windows Firewall to allow the required network connections.

Do not configure Windows Firewall

Configure the Windows firewall rules manually.

Select this option only if your organization uses its own predefined rules for configuring Windows Firewall.

11

Complete the installation wizard to finish installing the security server.

The security server services are installed on the Windows Server computer:

VMware View Security Server

VMware View Framework Component

VMware View Security Gateway Component

VMware View PCoIP Secure Gateway

For information about these services, see VMware View Administration.

The security server appears in the Security Servers pane in View Administrator.

Note

If the installation is cancelled or aborted, you might have to remove IPsec rules for the security server before you can begin the installation again. Take this step even if you already removed IPsec rules prior to reinstalling or upgrading security server. For instructions on removing IPsec rules, see Prepare to Upgrade or Reinstall a Security Server.

Configure an SSL server certificate for the security server. See Configuring SSL Certificates for View Servers.

You might have to configure client connection settings for the security server, and you can tune Windows Server settings to support a large deployment. See Configuring View Client Connections and Sizing Windows Server Settings to Support Your Deployment.

If you are reinstalling the security server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.