User manual
Table Of Contents
- Using VMware Horizon Client for Windows
- Contents
- Using VMware Horizon Client for Windows
- System Requirements and Setup for Windows-Based Clients
- System Requirements for Windows Clients
- System Requirements for Real-Time Audio-Video
- Requirements for Scanner Redirection
- Requirements for Using Multimedia Redirection (MMR)
- Requirements for Using Flash URL Redirection
- Requirements for Using Microsoft Lync with Horizon Client
- Smart Card Authentication Requirements
- Client Browser Requirements for Using the Horizon Client Portal
- Supported Desktop Operating Systems
- Preparing View Connection Server for Horizon Client
- Horizon Client Data Collected by VMware
- Installing Horizon Client for Windows
- Configuring Horizon Client for End Users
- Managing Remote Desktop and Application Connections
- Working in a Remote Desktop or Application
- Feature Support Matrix for Windows Clients
- Internationalization
- Enabling Support for Onscreen Keyboards
- Using Multiple Monitors
- Connect USB Devices
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Using Scanners
- Copying and Pasting Text and Images
- Using Remote Applications
- Printing from a Remote Desktop or Application
- Control Adobe Flash Display
- Using the Relative Mouse Feature for CAD and 3D Applications
- Keyboard Shortcuts
- Troubleshooting Horizon Client
- Index
n
Is the certificate intended for a purpose other than verifying the identity of the sender and encrypting
server communications? That is, is it the correct type of certificate?
n
Has the certificate expired, or is it valid only in the future? That is, is the certificate valid according to
the computer clock?
n
Does the common name on the certificate match the host name of the server that sends it? A mismatch
can occur if a load balancer redirects Horizon Client to a server that has a certificate that does not match
the host name entered in Horizon Client. Another reason a mismatch can occur is if you enter an IP
address rather than a host name in the client.
n
Is the certificate signed by an unknown or untrusted certificate authority (CA)? Self-signed certificates
are one type of untrusted CA.
To pass this check, the certificate's chain of trust must be rooted in the device's local certificate store.
NOTE For instructions about distributing a self-signed root certificate to all Windows client systems in a
domain, see the topic called "Add the Root Certificate to Trusted Root Certification Authorities" in the View
Installation document.
When you use Horizon Client to log in to a desktop, if your administrator has allowed it, you can click
Configure SSL to set the certificate checking mode. You have three choices:
n
Never connect to untrusted servers. If any of the certificate checks fails, the client cannot connect to the
server. An error message lists the checks that failed.
n
Warn before connecting to untrusted servers. If a certificate check fails because the server uses a self-
signed certificate, you can click Continue to ignore the warning. For self-signed certificates, the
certificate name is not required to match the View Connection Server name you entered in
Horizon Client.
You can also receive a warning if the certificate has expired.
n
Do not verify server identity certificates. This setting means that View does not perform any certificate
checking.
If the certificate checking mode is set to Warn, you can still connect to a View Connection Server instance
that uses a self-signed certificate.
If an administrator later installs a security certificate from a trusted certificate authority, so that all certificate
checks pass when you connect, this trusted connection is remembered for that specific server. In the future,
if that server ever presents a self-signed certificate again, the connection fails. After a particular server
presents a fully verifiable certificate, it must always do so.
IMPORTANT If you previously configured your company's client systems to use a specific cipher via GPO,
such as by configuring SSL Cipher Suite Order group policy settings, you must now use a Horizon Client
group policy security setting included in the View ADM template file. See “Security Settings for Client
GPOs,” on page 36. You can alternatively use the SSLCipherList registry setting on the client. See “Using
the Windows Registry to Configure Horizon Client,” on page 51.
Configuring Advanced SSL Options
You can select the security protocols and cryptographic algorithms that are used to encrypt communications
between Horizon Client and View Connection Server and View Agent in the remote desktop.
In Horizon Client 3.1 and later, these options are also used to encrypt the USB channel (communication
between the USB service daemon and View Agent).
Chapter 3 Configuring Horizon Client for End Users
VMware, Inc. 33