VMware View rules configuration

Reply
L0 Member

VMware View rules configuration

Does anyone have any information on how to get user-id to work with a VMware View security server sitting in the DMZ? Right now the only way we can get PCoIP traffic to flow to is by specifying the ip of the VDI machine that is being connected to. What we would like is to define an AD group for remote access and populate the users into that group. Having to add IP's to the pcoip rule is kind of a show stopper since our non-persistent vdi machines are changing ip's all the time.

Highlighted
L6 Presenter

Re: VMware View rules configuration

Hi Alex,

User-id needs user to IP mapping either from AD server or anything else which has binding.

In some cases, syslog servers or Aruba control has mappings. Still user-id can pull the information based on following document.

How to Collect the User-IP Mappings from a Syslog Sender Using an User-ID Agent

Does VMware View Security server, keeps any sort of mapping. If yes you can use above document.

Regards,

Hardik Shah

Highlighted
L4 Transporter

Re: VMware View rules configuration

Hello alex.irzyk,

Based on my search, i could not confirm if vmware security manager stores ip-user mappings or generate logs for user login events. Is it possible for vmware security manager to be configured to write ip-user mapping info to a file? If this is possible, then you can try pulling the mappings from the file containing the ip-user mappings through API. The API guide below gives you the format of the input file that will have the ip-user mapping:

PAN-OS and Panorama 5.0 XML API Usage Guide

Below is the link to the perl script that can be used to confirm if you are able to pull the ip-user mappings using API.

Script to test UID XML API

Hope this helps.

Thanks

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!