Alim11,
1. Usually, when you are not tunneling, which means a Horizon virtual desktop connects to a Horizon client directly, you will need to specify the firewall rules based on the IP subnet or IP range of your virtual desktops that is used for DHCP, for example:
Allow all virtual desktops in range 192.168.1.20 to 192.168.1.251 to send/receive traffic to/from all the Horizon clients in range 10.10.10.20 to 10.10.10.251 on X ports.
Like BenFB said, when you are tunneling, which means a Horizon virtual desktop connects to a Horizon Connection Server or Unified Access Gateway, you will need to specify the firewall rules based on the IP subnet or IP range of your virtual desktops that is used for DHCP, and the tunneling server, for example:
Allow all virtual desktops in range 192.168.1.20 to 192.168.1.251 to send/receive traffic to/from Horizon Connection server 10.2.2.5 on X ports.
2. Installing PGP in a golden image -- have not used PGP, but I can imagine possible problems with it and non-persistent (linked or instant clone) virtual desktops.
However, you can use other full disk encryption systems with persistent (full clone) Horizon virtual desktops:
VMware's own vSphere Virtual Machine Encryption:
Configure Full Clones with vSphere Virtual Machine Encryption
HyTrust
Encrypting VMware vSphere VDI VMs
3. SIEM systems -- for persistent virtual desktops, there will be a persistent user name assigned to the desktop, and a DHCP IP address, that rarely, but may change. Therefore, best is to get a SIEM system that understands Active Directory user logons and can correlate events based on them. Otherwise, you will need to rely on the fact that the user will usually (but not always) get the same IP address from DHCP.
For non-persistent virtual desktops, the DHCP address may change much more often, and the user gets a fresh virtual desktop every time. Therefore, your SIEM system MUST understand Active Directory user logons and correlate events based on them.
4. Overall, VDI has some issues with various Security tools, but at the same time improves Security in other areas. For example, all data stays in the datacenter. In addition, in a non-persistent virtual desktop environment, viruses can be killed by logging off, destroying the virtual desktop and the virus in it.
Sincerely,
Yury Magalif