User manual
Table Of Contents
- Using HTML Access
- Contents
- Using HTML Access
- Setup and Installation
- System Requirements for HTML Access
- Preparing Connection Server and Security Servers for HTML Access
- Configure View to Remove Credentials From Cache
- Prepare Desktops, Pools, and Farms for HTML Access
- Configure HTML Access Agents to Use New SSL Certificates
- Configure HTML Access Agents to Use Specific Cipher Suites
- Configuring iOS to Use CA-Signed Certificates
- Upgrading the HTML Access Software
- Uninstall HTML Access from View Connection Server
- Data Collected by VMware
- Configuring HTML Access for End Users
- Using a Remote Desktop or Application
- Feature Support Matrix
- Internationalization
- Connect to a Remote Desktop or Application
- Connect to a Server in Workspace ONE Mode
- Use Unauthenticated Access to Connect to Remote Applications
- Shortcut Key Combinations
- International Keyboards
- Screen Resolution
- H.264 Decoding
- Setting the Time Zone
- Using the Sidebar
- Use Multiple Monitors
- Using DPI Synchronization
- Sound
- Copying and Pasting Text
- Transferring Files Between the Client and a Remote Desktop
- Using the Real-Time Audio-Video Feature for Webcams and Microphones
- Log Off or Disconnect
- Reset a Remote Desktop or Remote Applications
- Restart a Remote Desktop
- Index
6 To provide users unauthenticated access to published applications in Horizon Client, you must enable
this feature in Connection Server. For more information, see the topics about unauthenticated access in
the View Administration document.
After the servers are installed, if you look in Horizon Administrator, you will see that the Blast Secure
Gateway seing is enabled on the applicable Connection Server instances and security servers. Also, the
Blast External URL seing is automatically congured to use for the Blast Secure Gateway on the applicable
Connection Server instances and security servers. By default, the URL includes the FQDN of the secure
tunnel external URL and the default port number, 8443. The URL must contain the FQDN and port number
that a client system can use to reach this Connection Server host or security server host. For more
information, see "Set the External URLs for a Connection Server Instance," in the View Installation
documentation.
N You can use HTML Access with VMware Workspace ONE to allow users to connect to their desktops
from an HTML5 browser. For information about installing Workspace ONE and conguring it for use with
Connection Server, see the Workspace ONE documentation. For information about pairing Connection
Server with a SAML Authentication server, see the View Administration document.
Firewall Rules for HTML Access
To allow client Web browsers to use HTML Access to make connections to security servers, View
Connection Server instances, and remote desktops, your rewalls must allow inbound trac on certain TCP
ports.
HTML Access connections must use HTTPS. HTTP connections are not allowed.
By default, when you install a View Connection Server instance or security server, the VMware Horizon
View Connection Server (Blast-In) rule is enabled in the Windows Firewall, so that the rewall is
automatically congured to allow inbound trac to TCP port 8443.
Table 1‑1. Firewall Rules for HTML Access
Source
Default
Source
Port Protocol Target
Default
Target
Port Notes
Client Web
browser
TCP
Any
HTTPS Security
server or
View
Connection
Server
instance
TCP 443 To make the initial connection to Horizon, the Web browser
on a client device connects to a security server or Horizon
Connection Server instance on TCP port 443.
Client Web
browser
TCP
Any
HTTPS Blast Secure
Gateway
TCP 8443 After the initial connection to Horizon is made, the Web
browser on a client device connects to the Blast Secure
Gateway on TCP port 8443. The Blast Secure Gateway must
be enabled on a security server or Horizon Connection Server
instance to allow this second connection to take place.
Blast Secure
Gateway
TCP
Any
HTTPS HTML
Access agent
TCP
22443
If the Blast Secure Gateway is enabled, after the user selects a
remote desktop, the Blast Secure Gateway connects to the
HTML Access agent on TCP port 22443 on the desktop. This
agent component is included when you install Horizon
Agent.
Client Web
browser
TCP
Any
HTTPS HTML
Access agent
TCP
22443
If the Blast Secure Gateway is not enabled, after the user
selects a View desktop, the Web browser on a client device
makes a direct connection to the HTML Access agent on TCP
port 22443 on the desktop. This agent component is included
when you install Horizon Agent.
Using HTML Access
10 VMware, Inc.