User manual
Table Of Contents
- Using VMware Horizon Client for Linux
- Contents
- Using VMware Horizon Client for Linux
- System Requirements and Installation
- System Requirements for Linux Client Systems
- System Requirements for Real-Time Audio-Video
- Supported Desktop Operating Systems
- Requirements for Using Flash URL Redirection
- Preparing View Connection Server for Horizon Client
- Install or Upgrade Horizon Client for Linux from VMware Product Downloads
- Install Horizon Client for Linux from the Ubuntu Software Center
- Horizon Client Data Collected by VMware
- Configuring Horizon Client for End Users
- Using URIs to Configure Horizon Client
- Using the Horizon Client Command-Line Interface and Configuration Files
- Configuring Certificate Checking for End Users
- Configuring Advanced SSL Options
- Configuring Specific Keys and Key Combinations to Send to the Local System
- Using FreeRDP for RDP Connections
- Enabling FIPS Mode on the Client
- Configuring the PCoIP Client-Side Image Cache
- Managing Remote Desktop and Application Connections
- Using a Microsoft Windows Desktop or Application on a Linux System
- Troubleshooting Horizon Client
- Configuring USB Redirection on the Client
- Index
Configuring Certificate Checking for End Users
Administrators can configure the certificate verification mode so that, for example, full verification is always
performed.
Certificate checking occurs for SSL connections between View Connection Server and Horizon Client.
Administrators can configure the verification mode to use one of the following strategies:
n
End users are allowed to choose the verification mode. The rest of this list describes the three
verification modes.
n
(No verification) No certificate checks are performed.
n
(Warn) End users are warned if a self-signed certificate is being presented by the server. Users can
choose whether or not to allow this type of connection.
n
(Full security) Full verification is performed and connections that do not pass full verification are
rejected.
For details about the types of verification checks performed, see “Certificate Checking Modes for Horizon
Client,” on page 43.
Use the view.sslVerificationMode property to set the default verification mode:
n
1 implements Full Verification.
n
2 implements Warn If the Connection May Be Insecure.
n
3 implements No Verification Performed.
To configure the mode so that end users cannot change the mode, set the view.allowSslVerificationMode
property to "False" in the /etc/vmware/view-mandatory-config file on the client system. See “Horizon
Client Configuration Settings and Command-Line Options,” on page 26.
Configuring Advanced SSL Options
You can select the security protocols and cryptographic algorithms that are used to encrypt communications
between Horizon Client and View Connection Server and View Agent in the remote desktop.
These options are also used to encrypt the USB channel (communication between the USB service daemon
and View Agent).
The default setting includes cipher suites that use either 128-bit or 256-bit AES encryption, except for
anonymous DH algorithms, and sorts them by strength. By default, TLS v1.0 and TLS v1.1 are enabled. (SSL
v3.0, SSL v2.0, and TLS v1.2 are disabled.)
NOTE In Horizon Client 3.1 and later, the USB service daemon adds RC4 (:RC4-SHA: +RC4) to the end of
the cipher control string when it connects to a remote desktop.
You should change the security protocols in Horizon Client only if your View server does not support the
current settings. If you configure a security protocol for Horizon Client that is not enabled on the View
server to which the client connects, an SSL error occurs and the connection fails.
IMPORTANT If the only protocol you enable on the client is TLS v1.1, you must verify that TLS v1.1 is also
enabled on the remote desktop. Otherwise, USB devices cannot be redirected to the remote desktop.
On the client system, you can use either configuration file properties or command-line options for these
settings:
n
To use configuration file properties, use the view.sslProtocolString and view.sslCipherString
properties.
Using VMware Horizon Client for Linux
34 VMware, Inc.