User manual
Table Of Contents
- Using VMware Horizon Client for Windows
- Contents
- Using VMware Horizon Client for Windows
- System Requirements and Setup for Windows-Based Clients
- System Requirements for Windows Clients
- System Requirements for Real-Time Audio-Video
- Requirements for Scanner Redirection
- Requirements for Serial Port Redirection
- Requirements for Multimedia Redirection (MMR)
- Requirements for Flash Redirection
- Requirements for Using Flash URL Redirection
- Requirements for URL Content Redirection
- Requirements for Using Microsoft Lync with Horizon Client
- Smart Card Authentication Requirements
- Device Authentication Requirements
- Supported Desktop Operating Systems
- Preparing Connection Server for Horizon Client
- Configure VMware Blast Options
- Horizon Client Data Collected by VMware
- Installing Horizon Client for Windows
- Configuring Horizon Client for End Users
- Managing Remote Desktop and Application Connections
- Connect to a Remote Desktop or Application
- Tips for Using the Desktop and Application Selector
- Share Access to Local Folders and Drives
- Hide the VMware Horizon Client Window
- Reconnecting to a Desktop or Application
- Create a Desktop or Application Shortcut on Your Client Desktop or Start Menu
- Switch Desktops or Applications
- Log Off or Disconnect
- Working in a Remote Desktop or Application
- Feature Support Matrix for Windows Clients
- Internationalization
- Enabling Support for Onscreen Keyboards
- Monitors and Screen Resolution
- Connect USB Devices
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Copying and Pasting Text and Images
- Using Remote Applications
- Printing from a Remote Desktop or Application
- Control Adobe Flash Display
- Clicking URL Links That Open Outside of Horizon Client
- Using the Relative Mouse Feature for CAD and 3D Applications
- Using Scanners
- Using Serial Port Redirection
- Keyboard Shortcuts
- Troubleshooting Horizon Client
- Index
When you use Horizon Client to log in to a desktop, if your administrator has allowed it, you can click
Configure SSL to set the certificate checking mode. You have three choices:
n
Never connect to untrusted servers. If any of the certificate checks fails, the client cannot connect to the
server. An error message lists the checks that failed.
n
Warn before connecting to untrusted servers. If a certificate check fails because the server uses a self-
signed certificate, you can click Continue to ignore the warning. For self-signed certificates, the
certificate name is not required to match the server name you entered in Horizon Client.
You can also receive a warning if the certificate has expired.
n
Do not verify server identity certificates. This setting means that no certificate checking occurs.
If the certificate checking mode is set to Warn, you can still connect to a Connection Server instance that uses
a self-signed certificate.
If an administrator later installs a security certificate from a trusted certificate authority, so that all certificate
checks pass when you connect, this trusted connection is remembered for that specific server. In the future,
if that server ever presents a self-signed certificate again, the connection fails. After a particular server
presents a fully verifiable certificate, it must always do so.
IMPORTANT If you previously configured your company's client systems to use a specific cipher via GPO,
such as by configuring SSL Cipher Suite Order group policy settings, you must now use a Horizon Client
group policy security setting included in the View ADM template file. See “Security Settings for Client
GPOs,” on page 42. You can alternatively use the SSLCipherList registry setting on the client. See “Using
the Windows Registry to Configure Horizon Client,” on page 57.
Configuring Advanced TLS/SSL Options
You can select the security protocols and cryptographic algorithms that are used to encrypt communications
between Horizon Client and Horizon servers or between Horizon Client and the agent in the remote
desktop.
These security options are also used to encrypt the USB channel (communication between the USB service
daemon and the agent).
With the default setting, cipher suites use 128- or 256-bit AES, remove anonymous DH algorithms, and then
sort the current cipher list in order of encryption algorithm key length.
By default, TLS v1.0, TLS v1.1, and TLS v1.2 are enabled. SSL v2.0 and v3.0 are not supported.
NOTE If TLS v1.0 and RC4 are disabled, USB redirection does not work when users are connected to
Windows XP desktops. Be aware of the security risk if you choose to make this feature work by enabling
TLS v1.0 and RC4.
If you configure a security protocol for Horizon Client that is not enabled on the View server to which the
client connects, a TLS/SSL error occurs and the connection fails.
IMPORTANT At least one of the protocols that you enable in Horizon Client must also be enabled on the
remote desktop. Otherwise, USB devices cannot be redirected to the remote desktop.
On the client system, you can use either a group policy setting or a Windows Registry setting to change the
default ciphers and protocols. For information about using a GPO, see the setting called "Configures SSL
protocols and cryptographic algorithms," in “Security Settings for Client GPOs,” on page 42. For
information about using the SSLCipherList setting in the Windows Registry, see “Using the Windows
Registry to Configure Horizon Client,” on page 57.
Using VMware Horizon Client for Windows
40 VMware, Inc.