Applies To:
Show VersionsBIG-IP APM
- 13.1.1, 13.1.0
Overview: Accessing a View Desktop from an APM webtop
In this implementation, you integrate Access Policy Manager® (APM®) with VMware View Connection Servers and present View Desktops on an APM dynamic webtop. APM authenticates to a View Connection Server and renders the View Desktops. APM load balances the View Connection Servers for high availability.
APM supports the necessary connections with two virtual servers that share the same destination IP address.
Task summary
About client requirements to launch View Client from a webtop
If you want to use Access Policy Manager® (APM®) to launch a View Client from an APM webtop, you must install the standalone View Client on your client. The standalone View Client is available from VMware.
About APM support for VMware View USB redirection
Access Policy Manager® (APM®) can be configured to support USB redirection for View desktop resources. Redirection enables a remote desktop resource to access a USB drive on the client as if it was physically present on the desktop.
About SSO and Horizon View HTML5 client
Single sign-on (SSO) does not work with the VMware Horizon View HTML5 client. After logging on to and authenticating with Access Policy Manager®, a View Horizon HTML5 client must still provide credentials to connect to a View Connection Server. This limitation is due to the nature of the technology used in the client.
About the iApp for VMware Horizon View integration with APM
An iApps® template is available for configuring Access Policy Manager® and Local Traffic Manager™ to integrate with VMware Horizon View. The template can be used on the BIG-IP® system to create an application service that is capable of performing complex configurations. You can download the template from the F5® DevCentral™ iApp Codeshare wiki at https://devcentral.f5.com/wiki/iApp.VMware-Applications.ashx. A deployment guide is also available there.
About ACLs to control access from remote desktop resources
When you create a remote desktop resource, Access Policy Manager® (APM®) automatically creates an allow ACL for the IP addresses and ports specified in the resource. To disallow access to any other IP addresses and ports, you must create ACLs that deny access to them and assign the ACLs in the per-session policy. F5 recommends that you create an ACL that rejects access to all connections and put it last in the ACL order.
Configuring an ACL to reject all connections
Creating a pool of View Connection Servers
Configuring a VMware View remote desktop resource
Configuring a full webtop
Creating an access profile
Verifying log settings for the access profile
Creating an access policy for a dynamic webtop
You have an access policy that is configured to enable APM dynamic webtop after the appropriate authentication checks.