Has anyone implemented VMware VDI with SSL VPN? I'm just beginning to look at this, but would love to hear from people who've done it already. Is it even possible to use VDI with the SSL VPN?
Yes, it will work. But you need to configure JSAM or Network Connect.
Yes it is possible, and you are not limitd to using JSAM - you can use WSAM as well. I have configured our IVE cluster to allow HP thin clients with the VDM client on it to access in to the enterprise using WSAM.
Go in to Resource profiles and create a new SAM "Client Application".
Label it however you want, and set the filename to: wswc.exe
path should be: C:\Program Files\VMware\VMware VDM\Client\bin
Set the resource that that it will be talking to.
I have the WSAM autolaunch at login, which lauches the VDM client through a batch file. I tried passing the username and password to the batch and on to the VDM (latest version handles attributes) - however the IVE does not pass the variables to the batch... so no go.
Forgive my ignorance.
If I remember correctly, the VDI system can use RDP, ICA, and a few other protocols. Would it be possible to use an RDP session to connect to virtual desktops instead of using the VDI client with JSAM? My hope is to be platform agnostic on the SSL VPN client side.
No, there is no ica or rdp support for vdi. the vdm client use a kind op rdp protocol, but it is not the microsoft rdp client.
So you can't use the client from the juniper sa.
And then you have the problem that the vdm client talks to the vdm server. That traffic is not html, it can't be rewritten so you have to use jsam, wsam or network connect.
I'm trying to set this up with WSAM but have had no success. I'm able to connect to the VDM web page and the VDM client launches but it never connects. It just sits there for a little while and then closes. I have permissioned every IP address (as a permitted destination) I can think of (port is set to *).
Any assistance would be much appreciated.
Check - User role - Wsam - Wsam allowed serverd
Check your firewall
When jsam is started do you see any traffic over the wsam client?
I'm doing some testing on this at the moment, I have gotten the single sign-on working but beyond the authenticaiton, it takes about 2 mins to load the list of available services (there is only one!), on the LAN it takes about 20secounds max. Once the session is started, the performance over network connect is excellent, but getting there it takes it time. Any other suggestions?