VMware Workstation

 View Only

  • 1.  How to setup VMware as primary desktop

    Posted Feb 09, 2024 01:40 PM

    Hi,

    I have WIN2022 based server and I want to configure VMWare WS17 as my primary desktop. This is required to isolate remote users connected to server/VMs via RD from host OS desktop. Thanks

    Regards,
    RH



  • 2.  RE: How to setup VMware as primary desktop

    Posted Feb 11, 2024 05:07 PM

    Why bother?  Your VMs are already isolated. Why not just properly control RDP access to your server. And control who has access to services on the server. 

    If the services are in VMs, those services are isolated from the host - your users will connect into the services on the VM, not your host.

    If you want the remote users to RDP into the VMs, then that's also isolated from the host. Bridged network does that for you automatically because you're connecting to the IP of the VM, not the host. For NAT networking, you're using the host IP address, but a unique port for every VM you want to be able to accessed remotely. (NAT port forwarding is configured to map the unique port for each VM to the VM's "standard" RDP port/IP address).



  • 3.  RE: How to setup VMware as primary desktop

    Posted Feb 15, 2024 07:15 AM

    Thanks  for the clarification on isolation. My primary target is to restrict RDP users to access host OS desktop, I have multiple VM which will be shutdown most of the time, only hypervisor should be running so that user can RD and run a VM from a list of available VM as per his need. I have seen such setup using hyper-V. I have read that VMware ACE could do that but it is discontinued. I am not sure how to do that using VMware workstation.

    Kind Regards,

    RH



  • 4.  RE: How to setup VMware as primary desktop

    Posted Feb 15, 2024 09:40 AM

    Hi  ,

    On x86_64, configuring 'Allow Remote Assistance connections to this computer' on the Microsoft guest (see e.g. How to restrict RDP connection to specific source machines and specific users (both restrictions acting simultaneously)? - Microsoft Q&A) with denying access to the users' host os, and configured bridged network on Workstation might be a solution path you are looking for.

    The ACE feature from Workstation 6 became a component of the VMware View product at that time. In View 5 you could do sort of checkout/checkin of your desktop vm, stamped with an expiration date, encrypted hard disk, control attached usb devices, etc. The solution was limited most to windows clients and at that time the value circle for this alternative desktop provisioning & management method was too small. In addition, today it isn't a question of protocol capabilities anymore.

    In banking environments, VMware by Broadcom View/Horizon/WorkspaceOne, is the only solution which provides secure desktops for Linux and Windows, C# Apps, SaaS, Streamed Apps, and any data in users' virtual volume is delivered and controlled. Btw. the Wanova/ThinApp methodology for streaming apps isn't used anymore. Banking apps evolved and the ThinApp technology has been retired.
    Horizon as alternative might be overkill for your 'restrict RDP users to access host OS desktop' scenario for a couple of VMs.

    Beside the built-in workstation UI, there is no webportal for multiple Workstation nodes to list available VMs in comparison to VMware Horizon. The management of workstation VMs at level node administrator typically makes use of the vmrun.exe command. This is for administrators, and users would say this is rather complicated. For an alternative UI, have a look e.g. to the blog entry Elgato Stream Desk and VMware Workstation - vGemba.net.

    Hope this helps.
    -Daniel