User manual
Table Of Contents
- Using VMware Horizon Client for Android
- Contents
- Using VMware Horizon Client for Android
- Setup and Installation
- System Requirements
- Preparing View Connection Server for Horizon Client
- Smart Card Authentication Requirements
- Configure Smart Card Authentication for Mobile Clients
- Using Embedded RSA SecurID Software Tokens
- Configure Advanced SSL Options
- Supported Desktop Operating Systems
- Configure the Client Download Links Displayed in View Portal 5.2 and Earlier Releases
- Install or Upgrade Horizon Client for Android
- Horizon Client Data Collected by VMware
- Using URIs to Configure Horizon Client
- Managing Remote Desktop and Application Connections
- Connect to a Remote Desktop or Application for the First Time
- Certificate Checking Modes for Horizon Client
- Create a Desktop or Application Shortcut for the Android Home Screen
- Manage Server Shortcuts
- Select a Favorite Remote Desktop or Application
- Disconnecting from a Remote Desktop or Application
- Log Off from a Remote Desktop
- Manage Desktop and Application Shortcuts
- Using a Microsoft Windows Desktop or Application on a Mobile Device
- Feature Support Matrix
- Input Devices, Keyboards, and Keyboard Settings
- Enable the Japanese 106/109 Keyboard Layout
- Using the Unity Touch Sidebar with a Remote Desktop
- Using the Unity Touch Sidebar with a Remote Application
- Horizon Client Tools
- Gestures
- Multitasking
- Saving Documents in a Remote Application
- Screen Resolutions and Using External Displays
- PCoIP Client-Side Image Cache
- Internationalization and International Keyboards
- Troubleshooting Horizon Client
- Index
3 Configure the smart card removal policy.
Option Description
Set the policy on the server
If you use View Administrator to set a policy, the choices are to disconnect
users from View Connection Server when they remove their smart cards or
to keep users connected to the desktop while locking the desktop screen.
In View Administrator, go to View Configuration > Servers > View
Connection Server (Edit) > Authentication > Smart card authentication >
Smart card removal policy.
If you select the Disconnect user sessions on smart card removal option in
View Administrator, what happens when a user unplugs a smart card
reader after logging in to a desktop depends on the View version running
on the server. For Horizon 6.0 with View, Horizon Client returns to the
remote desktop and application selection screen and the user can log into
the desktop again without reauthenticating. For View 5.3 and earlier, the
user must reauthenticate to log into the desktop again.
Set the policy on the desktop
If you use the Group Policy Editor (gpedit.msc) you have four possible
settings: no action, lock workstation, force log off, or Disconnect if a
Remote Desktop Services session.
After you open gpedit.msc in the desktop operating system, go to
Windows settings > Security settings > Local policies > Security options >
Interactive logon: smart card removal behavior.
Using Embedded RSA SecurID Software Tokens
If you create and distribute RSA SecurID software tokens to end users, they need enter only their PIN, rather
than PIN and token code, to authenticate.
Setup Requirements
You can use Compressed Token Format (CTF) or dynamic seed provisioning, which is also called CT-KIP
(Cryptographic Token Key Initialization Protocol), to set up an easy-to-use RSA authentication system. With
this system, you generate a URL to send to end users. To install the token, end users paste this URL directly
into Horizon Client on their client devices. The dialog box for pasting this URL appears when end users
connect to View Connection Server with Horizon Client.
Horizon Client for Android also supports file-based provisioning. When a file-based software token is
issued to a user, the authentication server generates an XML-format token file, which is called an SDTID file
for its .sdtid extension. Horizon Client can import the SDTID file directly. Users can also launch
Horizon Client by tapping the SDTID file in a file browser.
After the software token is installed, end users enter a PIN to authenticate. With external RSA tokens, end
users must enter a PIN and the token code generated by a hardware or software authentication token.
The following URL prefixes are supported if end users will be copying and pasting the URL into
Horizon Client when Horizon Client is connected to an RSA-enabled View Connection Server:
n
viewclient-securid://
n
http://127.0.0.1/securid/
End users can install the token by tapping the URL. Both prefixes viewclient-securid:// and
http://127.0.0.1/securid/ are supported. Note that not all browsers support hyperlinks that begin with
http://127.0.0.1. Also some file browsers, such as the File Manager app on the ASUS Transformer Pad,
cannot link the SDTID file with Horizon Client.
For information about using dynamic seed provisioning or file-based (CTF) provisioning, see the Web page
RSA SecurID Software Token for iPhone Devices at http://www.rsa.com/node.aspx?id=3652 or RSA SecurID
Software Token for Android at http://www.rsa.com/node.aspx?id=3832.
Chapter 1 Setup and Installation
VMware, Inc. 11