6.0
Table Of Contents
- View Administration
- Contents
- View Administration
- Using View Administrator
- Configuring View Connection Server
- Configuring vCenter Server and View Composer
- Create a User Account for View Composer
- Add vCenter Server Instances to View
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support Remote Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Remove a vCenter Server Instance from View
- Remove View Composer from View
- Conflicting vCenter Server Unique IDs
- Backing Up View Connection Server
- Configuring Settings for Client Sessions
- Set Options for Client Sessions and Connections
- Change the Data Recovery Password
- Global Settings for Client Sessions
- Global Security Settings for Client Sessions and Connections
- Message Security Mode for View Components
- Configure the Secure Tunnel and PCoIP Secure Gateway
- Configure Secure HTML Access
- Off-load SSL Connections to Intermediate Servers
- Disable or Enable View Connection Server
- Edit the External URLs
- Join or Withdraw from the Customer Experience Program
- View LDAP Directory
- Configuring vCenter Server and View Composer
- Setting Up Authentication
- Using Two-Factor Authentication
- Using Smart Card Authentication
- Using SAML Authentication for Workspace Integration
- Using Smart Card Certificate Revocation Checking
- Using the Log In as Current User Feature Available with Windows-Based Horizon Client
- Allow Users to Save Credentials
- Configuring Role-Based Delegated Administration
- Understanding Roles and Privileges
- Using Access Groups to Delegate Administration of Pools and Farms
- Understanding Permissions
- Manage Administrators
- Manage and Review Permissions
- Manage and Review Access Groups
- Manage Custom Roles
- Predefined Roles and Privileges
- Required Privileges for Common Tasks
- Best Practices for Administrator Users and Groups
- Configuring Policies in View Administrator and Active Directory
- Maintaining View Components
- Backing Up and Restoring View Configuration Data
- Monitor View Components
- Monitor Machine Status
- Understanding View Services
- Change the Product License Key
- Monitor Concurrent Connections to View and Reset Historical Usage Data
- Update General User Information from Active Directory
- Migrate View Composer to Another Machine
- Update the Certificates on a View Connection Server Instance, Security Server, or View Composer
- Information Collected by the Customer Experience Improvement Program
- How VMware Ensures Your Privacy
- Preview Data Collected by the Customer Experience Improvement Program
- Additional Information About the Customer Experience Improvement Program
- Global View Data Collected by VMware
- View Connection Server Data Collected by VMware
- Security Server Data Collected by VMware
- Desktop Pool Data Collected by VMware
- Machine Data Collected by VMware
- vCenter Server Data Collected by VMware
- ThinApp Data Collected by VMware
- Cloud Pod Architecture Information Collected by VMware
- Horizon Client Data Collected by VMware
- HTML Access Data Collected by VMware
- Managing Linked-Clone Virtual Machines
- Reduce Linked-Clone Size with Machine Refresh
- Update Linked-Clone Desktops
- Rebalance Linked-Clone Virtual Machines
- Manage View Composer Persistent Disks
- View Composer Persistent Disks
- Detach a View Composer Persistent Disk
- Attach a View Composer Persistent Disk to Another Linked Clone
- Edit a View Composer Persistent Disk's Pool or User
- Recreate a Linked Clone With a Detached Persistent Disk
- Restore a Linked Clone by Importing a Persistent Disk from vSphere
- Delete a Detached View Composer Persistent Disk
- Managing Desktop Pools, Machines, and Sessions
- Managing Desktop Pools
- Edit a Desktop Pool
- Modifying Settings in an Existing Desktop Pool
- Fixed Settings in an Existing Desktop Pool
- Change the Size of an Automated Pool Provisioned by a Naming Pattern
- Add Machines to an Automated Pool Provisioned by a List of Names
- Disable or Enable a Desktop Pool
- Disable or Enable Provisioning in an Automated Desktop Pool
- Configure Adobe Flash Quality and Throttling
- Adobe Flash Quality and Throttling
- Delete a Desktop Pool
- Managing Virtual Machine-Based Desktops
- Managing Unmanaged Machines
- Manage Remote Desktop and Application Sessions
- Export View Information to External Files
- Managing Desktop Pools
- Managing Application Pools, Farms, and RDS Hosts
- Managing ThinApp Applications in View Administrator
- View Requirements for ThinApp Applications
- Capturing and Storing Application Packages
- Assigning ThinApp Applications to Machines and Desktop Pools
- Best Practices for Assigning ThinApp Applications
- Assign a ThinApp Application to Multiple Machines
- Assign Multiple ThinApp Applications to a Machine
- Assign a ThinApp Application to Multiple Desktop Pools
- Assign Multiple ThinApp Applications to a Desktop Pool
- Assign a ThinApp Template to a Machine or Desktop Pool
- Review ThinApp Application Assignments
- Display MSI Package Information
- Maintaining ThinApp Applications in View Administrator
- Remove a ThinApp Application Assignment from Multiple Machines
- Remove Multiple ThinApp Application Assignments from a Machine
- Remove a ThinApp Application Assignment from Multiple Desktop Pools
- Remove Multiple ThinApp Application Assignments from a Desktop Pool
- Remove a ThinApp Application from View Administrator
- Modify or Delete a ThinApp Template
- Remove an Application Repository
- Monitoring and Troubleshooting ThinApp Applications in View Administrator
- ThinApp Configuration Example
- Setting Up Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Prepare Active Directory and View for Clients in Kiosk Mode
- Set Default Values for Clients in Kiosk Mode
- Display the MAC Addresses of Client Devices
- Add Accounts for Clients in Kiosk Mode
- Enable Authentication of Clients in Kiosk Mode
- Verify the Configuration of Clients in Kiosk Mode
- Connect to Remote Desktops from Clients in Kiosk Mode
- Configure Clients in Kiosk Mode
- Troubleshooting View
- Monitoring System Health
- Monitor Events in View
- Collecting Diagnostic Information for View
- Create a Data Collection Tool Bundle for View Agent
- Save Diagnostic Information for Horizon Client
- Collect Diagnostic Information for View Composer Using the Support Script
- Collect Diagnostic Information for View Connection Server Using the Support Tool
- Collect Diagnostic Information for View Agent, Horizon Client, or View Connection Server from the Console
- Update Support Requests
- Troubleshooting an Unsuccessful Security Server Pairing with View Connection Server
- Troubleshooting View Server Certificate Revocation Checking
- Troubleshooting Smart Card Certificate Revocation Checking
- Further Troubleshooting Information
- Using the vdmadmin Command
- vdmadmin Command Usage
- Configuring Logging in View Agent Using the ‑A Option
- Overriding IP Addresses Using the ‑A Option
- Setting the Name of a View Connection Server Group Using the ‑C Option
- Updating Foreign Security Principals Using the ‑F Option
- Listing and Displaying Health Monitors Using the ‑H Option
- Listing and Displaying Reports of View Operation Using the ‑I Option
- Generating View Event Log Messages in Syslog Format Using the ‑I Option
- Assigning Dedicated Machines Using the ‑L Option
- Displaying Information About Machines Using the ‑M Option
- Reclaiming Disk Space on Virtual Machines Using the ‑M Option
- Configuring Domain Filters Using the ‑N Option
- Configuring Domain Filters
- Displaying the Machines and Policies of Unentitled Users Using the ‑O and ‑P Options
- Configuring Clients in Kiosk Mode Using the ‑Q Option
- Displaying the First User of a Machine Using the ‑R Option
- Removing the Entry for a View Connection Server Instance or Security Server Using the ‑S Option
- Displaying Information About Users Using the ‑U Option
- Unlocking or Locking Virtual Machines Using the ‑V Option
- Detecting and Resolving LDAP Entry Collisions Using the -X Option
- Index
Table 2‑3. Global Security Settings for Client Sessions and Connections
Setting Description
Reauthenticate secure tunnel connections after
network interruption
Determines if user credentials must be reauthenticated after a network
interruption when Horizon clients use secure tunnel connections to
remote desktops.
When you select this setting, if a secure tunnel connection is
interrupted, Horizon Client requires the user to reauthenticate before
reconnecting.
This setting offers increased security. For example, if a laptop is stolen
and moved to a different network, the user cannot automatically gain
access to the remote desktop without entering credentials.
When this setting is not selected, the client reconnects to the remote
desktop without requiring the user to reauthenticate.
This setting has no effect when the secure tunnel is not used.
Message security mode Determines if signing and verification of the JMS messages passed
between View components takes place. For details, see “Message
Security Mode for View Components,” on page 33.
By default, message security mode is enabled.
Use IPSec for Security Server connections Determines whether to use Internet Protocol Security (IPSec) for
connections between security servers and View Connection Server
instances.
By default, secure connections (using IPSec) for security server
connections is enabled.
NOTE If you upgrade to View 5.1 or later from an earlier View release, the global setting Require SSL for
client connections is displayed in View Administrator, but only if the setting was disabled in your View
configuration before you upgraded. Because SSL is required for all Horizon Client connections and View
Administrator connections to View, this setting is not displayed in fresh installations of View 5.1 or later
versions and is not displayed after an upgrade if the setting was already enabled in the previous View
configuration.
After an upgrade, if you do not enable the Require SSL for client connections setting, HTTPS connections
from Horizon clients will fail, unless they connect to an intermediate device that is configured to make
onward connections using HTTP. See “Off-load SSL Connections to Intermediate Servers,” on page 36.
Message Security Mode for View Components
You can set message security mode for View components. This setting determines how sender signatures in
JMS messages are treated. By default, JMS messages are rejected if the signature is missing or invalid, or if a
message was modified after it was signed.
If any component in your View environment predates View 3.0, when message security was introduced,
you can change the mode to log a warning if any of these conditions are found, or to not verify signatures at
all. These options are not recommended and it is preferable to upgrade older components.
Some JMS messages are encrypted because they carry sensitive information such as user credentials.
Consider using IPSec to encrypt all JMS messages between View Connection Server instances, and between
View Connection Server instances and security servers.
Table 2-4 shows the options you can select to configure the message security mode. To set an option, select it
from the Message security mode list in the Global Settings dialog window.
Chapter 2 Configuring View Connection Server
VMware, Inc. 33