User manual

Table Of Contents
Configuring Advanced TLS/SSL Options
You can select the security protocols and cryptographic algorithms that are used to encrypt communications
between Horizon Client and Horizon servers or between Horizon Client and the agent in the remote
desktop.
These security options are also used to encrypt the USB channel (communication between the USB service
daemon and the agent).
With the default seing, cipher suites use 128- or 256-bit AES, remove anonymous DH algorithms, and then
sort the current cipher list in order of encryption algorithm key length.
By default, TLS v1.0, TLS v1.1, and TLS v1.2 are enabled. SSL v2.0 and v3.0 are not supported.
N If TLS v1.0 and RC4 are disabled, USB redirection does not work when users are connected to
Windows XP desktops. Be aware of the security risk if you choose to make this feature work by enabling
TLS v1.0 and RC4.
If you congure a security protocol for Horizon Client that is not enabled on the View server to which the
client connects, a TLS/SSL error occurs and the connection fails.
I At least one of the protocols that you enable in Horizon Client must also be enabled on the
remote desktop. Otherwise, USB devices cannot be redirected to the remote desktop.
On the client system, you can use either a group policy seing or a Windows Registry seing to change the
default ciphers and protocols. For information about using a GPO, see the seing called "Congures SSL
protocols and cryptographic algorithms," in “Security Seings for Client GPOs,” on page 43. For
information about using the SSLCipherList seing in the Windows Registry, see “Using the Windows
Registry to Congure Horizon Client,” on page 58.
Using the Group Policy Template to Configure VMware Horizon Client
for Windows
VMware Horizon Client includes a Group Policy Administrative (ADM) template le for conguring
VMware Horizon Client. You can optimize and secure remote desktop connections by adding the policy
seings in this ADM template le to a new or existing GPO in Active Directory.
The View ADM template le contains both Computer Conguration and User Conguration group policies.
n
The Computer Conguration policies set policies that apply to Horizon Client, regardless of who is
running the client on the host.
n
The User Conguration policies set Horizon Client policies that apply to all users who are running
Horizon Client, as well as RDP connection seings. User Conguration policies override equivalent
Computer Conguration policies.
View applies policies at desktop startup and when users log in.
The Horizon Client Conguration ADM template le (vdm_client.adm) and all ADM and ADMX les that
provide group policy seings are available in a .zip le named VMware-Horizon-Extras-Bundle-x.x.x-
yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. You can download the le from the
VMware Horizon download site at hp://www.vmware.com/go/downloadview. You must copy this le to
your Active Directory server and use the Group Policy Management Editor to add this administrative
template. For instructions, see the topic "Add View ADM Templates to a GPO" in the Seing Up Desktop and
Application Pools in View document.
Chapter 3 Configuring Horizon Client for End Users
VMware, Inc. 41