Posted July 15, 2011

VDI at Home: Building a 10-user Environment for $500 (Part 1)

By Force 3, Data Center Team

Categories: Blog, Data Center, VMware

Setting up VMware View Security Server

Now that I have the base VMware View setup, I really wanted to watch videos on my iPad from Starbucks. To access the VMware View environment from outside, the VMware View security server must be setup. The security server is an outside PCoIP tunneling mechanism linked to the connection broker. If a static IP address for the security server is available, it’s an easy job. However, with a dynamic IP address, typical of a home internet service provider, it’s another matter.

The main problem is that a security server setup requires an IP address and DNS name, which means that I need to automatically update the WAN IP address changes to the security server configuration. The dynamic DNS can be used for outside DNS name resolution. After much Googling, I found the solution from Gabe’s Virtual World Blog.

  1. First, set up a dynamic DNS. I used In order to update the WAN IP address changes, a dynamic DNS update client needs to be installed on one of the servers.
  2. Next, set up the security server. The security server is not joined to the domain since it sits in the DMZ. Uninstall all unnecessary programs and turn on the Microsoft Windows firewall. Install the connection broker software and choose the security server role. You will have to enter a password to pair it with the connection broker. A security server hardening guide can be found at
  3. Configure the router to forward ports 80, 443 and 4172 to the security server. Ports 80 and 443 are TCP only. Port 4172 is both UDP and TCP.
  4. Configure the connection broker. The connection broker’s external URL is the local host name (ex: https://connectionsvr:443). The PCoIP URL is an internal IP address (ex:
  5. Configure security server from the VMware View Manager window. The security server external URL is the public dynamic DNS name (ex: and the PCoIP URL is the external dynamic IP address (ex: The PCoIP URL needs to change whenever your router gets new WAN IP address.
  6. Set up the power shell script in the connection broker server. Set the task manager to run every hour or so. In order to run the Microsoft Windows Power shell script, I had to install the vSphere Power CLI (downloaded from VMware site [AP2] ), and VMware View Power CLI (located on the C:Program FilesVMwareVMware VMware ViewserverextrasPowershelladd-snapin.ps1).
  7. I modified the Powershell script to update without checking for IP address changes:

Add-PSSnapin VMware.VimAutomation.Core

Add-PSSnapin VMware.VMware View.Broker

# Name of the Security Server

$SecurityServer = ‰slsecsvr‰

# For logging creating a timestamp

$TimeStamp = Get-Date -format yyyy-MM-dd-H-mm

# Filling $CheckedIP with the external IP address, using service

$wc = New-Object net.WebClient

$CheckedIP =


# Now check the current ExternalPCoIPURL entry

$CurrentSettings = Get-ConnectionBroker

$CurrentIP = $CurrentSettings.externalPCoIPURL

Update-ConnectionBroker -broker_id ‰slsecsvr‰ -externalPCoIPURL $CheckedIP

$NewSettings = Get-ConnectionBroker

$row = $TimeStamp + ‰,‰ + $CheckedIP + ‰,‰ + $CurrentIP + ‰,‰

+ $NewSettings.externalPCoIPURL

$row | Out-File -FilePath ‰c:scriptscheck-ip.log‰ ‰Append

The Big Question: How well does it work?

The View system was very easy to setup and works very well. On the internal LAN, it‰’s almost a PC-like experience. While you cannot play 3D games, you are able to watch video, use Microsoft Office applications, browse the web, and also use bi-directional audio tools such as Skype. The iPad experience has been excellent from both inside home and Starbucks while watching Adobe Flash videos. I say it‰’s definitely well spent $500. My wife agrees‰ most of the time!

Tweet about this on Twitter0Share on Facebook0Share on Google+0Share on LinkedIn0
WordPress Image Lightbox Plugin