When you need to install View agent on a physical box or an unmanged desktop source. When you don’t control the VM infrastructure or maybe the VDI is in the cloud. When you don’t have vCenter or license for vCenter managing the ESXi, one would argue that if you have license for VDI you have license for all the component to run VDI. For my special use case, my View Connection Server is not going to be able to talk to the backend vSphere management Infrastructure for it is in a complete separate network. In other words the virtual machine network and the vSphere network is physically separated and they don’t talk to each other. There is one nic from each ESXi to the virtual machine network to expose the Win7 VMware View vm’s. There would be zero attack footprint from the virtual machine network to the vSphere network infrastructure. The only way to attack the vSphere infrastructure is through some kind of VMware tools to hypervisor vulnerability exposed on the VM itself that can attack the underlying hypervisor. I don’t know of such vulnerability but it doesn’t mean there’s none and does not guarantee the future. The possibility of such attack exist. I don’t know what kind of sandboxing techinique VMware has for their vmtools for protection. The other attack is, pretty obvious, if you are in the vSphere network itself, duh!! Enough blablabla, this will take you to the GUI install and prompt you to supply the View Connection Server IP or FQDN.