Horizon 6 with NSX dramatically simplifies networking and security. For example a good majority of customers using Horizon and NSX have one primary rule “not to let desktops talk to each other”.
NSX provides Firewalling & Security, Load Balancing, Logical Switching and Routing in software. Virtual Firewall distribution attached to a View desktop is a common use case without compromising the flexibility or mobility of virtual desktops. In addition we can also protect the Horizon Infrastructure, Desktop Pools and User Access Control using NSX.
One great capability, is firewalling based on USERID. Imagine firewall rules that apply no matter what desktop the user logs into. One new thing on the Horizon Roadmap is “Access Point” which is an virtual appliance based Security Server.
There is a fling (A tool provided for free from VMware labs but not supported from VMware) coming out that allows you to inject the service groups from within Horizon to NSX. This allows you to apply security natively to Horizon service groups within NSX’s distributed firewall interface.
In addition you can use NSX Load Balancing for rudimentary load balancing of your Horizon Connection Services. The integration of NSX and Horizon creates new design opportunities. In a traditional Horizon environment you typically create pools by team functionality. With AppVolumes and NSX integration you come closer to a one Pool rule. The idea is that eventually you would have one Pool and use AppVolumes and Firewall rules to segment vs. logically by pool. While the Horizon development team is almost there, it is still the very early stages for this “One Pool” type architecture.
It is possible with NSX and Agentless AV in VDI to quarantine a View desktop when a security flag is tripped. This does not require the user to log on or off, it is dynamically applied removing the vulnerability in the View desktop off the network.
No comments:
Post a Comment