I have been using this for quite a while on my homelab, especially since VMware vCloud Director introduced nice networking self service capabilities (vShield Edge router VM and L2 on demand networks).
Recently I’ve just reinstalled a whole bunch of products from the VMware vCloud Suite which I use for my work, and I thought I would write about how to setup this broker-less PCoIP infrastructure which is really efficient and practical to use for a small environment that doesn’t need the whole VMware View Horizon features.
When hosting different services, you might not have many public IPs available to consume, and therefore you would probably look into NAT routers, which is a simple way to publish your services through an unique public IP, and only create the appropriate NAT port forwarding/associated firewall rules to make it available externally.
When we are talking about View & PCoIP, one of the biggest problem is that the view agent was NOT aware of the public IP (NAT Setup), which was the role of the other View infrastructure components to take care of. (Secure Gateway/Connection broker). In a constrained environment you might not have enough resources, or the need of such advanced infrastructure, and VMware created the View Agent Direct Connect plugin, which basically takes that role within the Desktop VM.
It will basically through some Windows registry keys be aware of the External IP & Ports, and will take care of that missing network mapping while answering requests.
- VMware View Agent
- VMware View Agent Direct Connect
Then a few Windows Registry keys to setup properly the NAT redirection mappings in :
HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc\VMware VDM\Agent\Configuration\XMLAPI
As shown here :
Description of each parameter:
- httpsPortNumber (REG_SZ): The most important port, basically the one you will connect to.
- externalIPAddress (REG_SZ): This is the external public IP address of your NAT router.
- externalRDPPort (REG_SZ): Port for RDP, can use +X to get a relative port based on httpsPortNumber
- externalPCoIPPort (REG_SZ): Port for PCoIP, can use +X to get a relative port based on httpsPortNumber
- externalFrameworkChannelPort (REG_SZ): Port for USB redirection, can use +X to get a relative port based on httpsPortNumber
After the settings have been applied, you will just need to restart the View Agent service, and you should be able to connect to your desktop through your view client using the following address : externalIPAddress:httpsPortNumber
Also I did change my httpsPortNumber for a simple reason, is that the default 443 port is used by another application (apache) in my setup, but you could keep the default if you don’t intend to use something on that port.
Keep in mind that you will need to take care of the NAT Port forwarding rules, I have given an example just below with my linux setup & my iptables rules (firewall rules not included)
# HTTPS port
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11443 -j DNAT --to 192.168.42.131:11443
# PCoIP Port
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11444 -j DNAT --to 192.168.42.131:4172
iptables -A PREROUTING -t nat -i eth0 -p udp --dport 11444 -j DNAT --to 192.168.42.131:4172
# RDP Port
iptables -A PREROUTING -t nat -i eth0 -p udp --dport 11445 -j DNAT --to 192.168.42.131:3389
# Framework Channel Port (USB Redirection)
iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 11446 -j DNAT --to 192.168.42.131:32111
PS: Here is my Desktop VM, check my registry settings and iptables rules on the Linux NAT box.
Hope this helps :-)