Installation
Table Of Contents
- View Installation
- Contents
- View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Installing Horizon 7 in an IPv6 Environment
- Setting Up Horizon 7 in an IPv6 Environment
- Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment
- Supported Operating Systems for Horizon 7 Servers in an IPv6 Environment
- Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment
- Supported Clients in an IPv6 Environment
- Supported Remoting Protocols in an IPv6 Environment
- Supported Authentication Types in an IPv6 Environment
- Other Supported Features in an IPv6 Environment
- Installing Horizon 7 in FIPS Mode
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for Remote Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for Users
- Creating a User Account for vCenter Server
- Creating a User Account for a Standalone View Composer Server
- Create a User Account for View Composer AD Operations
- Create a User Account for Instant-Clone Operations
- Configure the Restricted Groups Policy
- Using Horizon 7 Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Disable Weak Ciphers in SSL/TLS
- Installing View Composer
- Prepare a View Composer Database
- Configuring an SSL Certificate for View Composer
- Install the View Composer Service
- Enable TLSv1.0 on vCenter and ESXi Connections from View Composer
- Configuring Your Infrastructure for View Composer
- Installing Horizon Connection Server
- Installing the Horizon Connection Server Software
- Installation Prerequisites for Horizon Connection Server
- Install Horizon Connection Server with a New Configuration
- Install a Replicated Instance of Horizon Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for Horizon Connection Server
- Reinstall Horizon Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling Horizon 7 Components Silently by Using MSI Command-Line Options
- Configuring SSL Certificates for Horizon 7 Servers
- Understanding SSL Certificates for Horizon 7 Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure Horizon Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure Client Endpoints to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- Setting Horizon Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Troubleshooting Certificate Issues on Horizon Connection Server and Security Server
- Configuring Horizon 7 for the First Time
- Configuring User Accounts for vCenter Server, View Composer, and Instant Clones
- Configuring Horizon Connection Server for the First Time
- Horizon Administrator and Horizon Connection Server
- Log In to Horizon Administrator
- Install the Product License Key
- Add vCenter Server Instances to Horizon 7
- Configure View Composer Settings
- Configure View Composer Domains
- Add an Instant-Clone Domain Administrator
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support Remote Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring Horizon Client Connections
- Configure the PCoIP Secure Gateway and Secure Tunnel Connections
- Configure the Blast Secure Gateway
- Configuring External URLs for Secure Gateway and Tunnel Connections
- Set the External URLs for an Horizon Connection Server Instance
- Modify the External URLs for a Security Server
- Give Preference to DNS Names When Horizon Connection Server Returns Address Information
- Allow HTML Access Through a Load Balancer
- Allow HTML Access Through a Gateway
- Replacing Default Ports for Horizon 7 Services
- Replace the Default HTTP Ports or NICs for Horizon Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on Horizon Connection Server Instances and on Security Servers
- Replace the Default Control Port for PCoIP Secure Gateway on Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Change the Port Number for HTTP Redirection to Connection Server
- Prevent HTTP Redirection for Client Connections to Connection Server
- Enable Remote Access to Horizon 7 Performance Counters on Connection Servers
- Sizing Windows Server Settings to Support Your Deployment
- Configuring Event Reporting
By default, when you install Connection Server or security server, the installation generates a self-signed
certificate for the server. However, the installation uses an existing certificate in the following cases:
n
If a valid certificate with a Friendly name of vdm already exists in the Windows Certificate Store
n
If you upgrade to View 5.1 or later from an earlier release, and a valid keystore file is configured on
the Windows Server computer. The installation extracts the keys and certificates and imports them
into the Windows Certificate Store.
vCenter Server and View Composer
Before you add vCenter Server and View Composer to Horizon 7 in a production environment, make sure
that vCenter Server and View Composer use certificates that are signed by a CA.
For information about replacing the default certificate for vCenter Server, see "Replacing vCenter Server
Certificates" on the VMware Technical Papers site at http://www.vmware.com/resources/techresources/.
If you install vCenter Server and View Composer on the same Windows Server host, they can use the
same SSL certificate, but you must configure the certificate separately for each component.
PCoIP Secure Gateway
To comply with industry or jurisdiction security regulations, you can replace the default SSL certificate that
is generated by the PCoIP Secure Gateway (PSG) service with a certificate that is signed by a CA.
Configuring the PSG service to use a CA-signed certificate is highly recommended, particularly for
deployments that require you to use security scanners to pass compliance testing. See Configure the
PCoIP Secure Gateway to Use a New SSL Certificate.
Blast Secure Gateway
By default, the Blast Secure Gateway (BSG) uses the SSL certificate that is configured for the Connection
Server instance or security server on which the BSG is running. If you replace the default, self-signed
certificate for a server with a CA-signed certificate, the BSG also uses the CA-signed certificate.
SAML 2.0 Authenticator
VMware Identity Manager uses SAML 2.0 authenticators to provide Web-based authentication and
authorization across security domains. If you want Horizon 7 to delegate authentication to
VMware Identity Manager, you can configure Horizon 7 to accept SAML 2.0 authenticated sessions from
VMware Identity Manager. When VMware Identity Manager is configured to support Horizon 7,
VMware Identity Manager users can connect to remote desktops by selecting desktop icons on the
Horizon User Portal.
In Horizon Administrator, you can configure SAML 2.0 authenticators for use with Connection Server
instances.
Before you add a SAML 2.0 authenticator in Horizon Administrator, make sure that the SAML 2.0
authenticator uses a certificate that is signed by a CA.
View Installation
VMware, Inc. 90