View Agent Direct-Connection Plug-In Administration VMware Horizon 6 Version 6.2 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
View Agent Direct-Connection Plug-In Administration You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents View Agent Direct-Connection Plug-In Administration 1 Installing View Agent Direct-Connection Plug-In 7 View Agent Direct-Connection Plug-In System Requirements Install View Agent Direct-Connection Plug-In 7 Install View Agent Direct-Connection Plug-In Silently 8 5 7 2 View Agent Direct-Connection Plug-In Advanced Configuration 11 View Agent Direct-Connection Plug-In Configuration Settings 11 Disabling Weak Ciphers in SSL/TLS 14 Replacing the Default Self-Signed SSL Server Certificate 15 Auth
View Agent Direct-Connection Plug-In Administration 4 VMware, Inc.
View Agent Direct-Connection Plug-In Administration View Agent Direct-Connection Plug-In Administration provides information about installing and configuring View Agent Direct-Connection Plugin. This plug-in is an installable extension to View Agent that allows Horizon Client to directly connect to a virtual machine-based desktop, a Remote Desktop Services (RDS) desktop, or an application without using View Connection Server.
View Agent Direct-Connection Plug-In Administration 6 VMware, Inc.
Installing View Agent DirectConnection Plug-In 1 View Agent Direct-Connection (VADC) Plug-In enables Horizon Clients to directly connect to virtual machine-based desktops, RDS desktops, or applications. VADC Plug-In is an extension to View Agent and is installed on virtual machine-based desktops or RDS hosts.
View Agent Direct-Connection Plug-In Administration Procedure 1 Download the VADC Plug-In installer file from the VMware download page at http://www.vmware.com/go/downloadview. The installer filename is VMware-viewagent-direct-connection-x86_64-y.y.y-xxxxxx.exe for 64-bit Windows or VMware-viewagent-direct-connection--y.y.y-xxxxxx.exe for 32-bit Windows, where y.y.y is the version number and xxxxxx is the build number. 2 Double-click the installer file. 3 (Optional) Change the TCP port number.
Chapter 1 Installing View Agent Direct-Connection Plug-In 2 Run the VADC Plug-In installer file with command-line options to specify a silent installation. You can optionally specify additional MSI properties. The following example installs VADC Plug-In with default options. VMware-viewagent-direct-connection--y.y.y-xxxxxx.exe /s The following example installs VADC Plug-In and specifies a TCP port that vadc will listen to for remote connections. VMware-viewagent-direct-connection--y.y.y-xxxxxx.
View Agent Direct-Connection Plug-In Administration 10 VMware, Inc.
View Agent Direct-Connection PlugIn Advanced Configuration 2 You can use the default View Direct-Connection Plug-In configuration settings or customize them through Windows Active Directory group policy objects (GPOs) or by modifying specific Windows registry settings.
View Agent Direct-Connection Plug-In Administration Table 2‑1. View Agent Direct-Connection Plug-In Configuration Settings (Continued) 12 Setting Registry Value Type Description Disclaimer Text disclaimerText REG_SZ The disclaimer text shown to Horizon Client users at login. The Disclaimer Enabled policy must be set to TRUE. If the text is not specified, the default is to use the value from Windows policy Configuration\Windows Settings\Security Settings\Local Policies\Security Options.
Chapter 2 View Agent Direct-Connection Plug-In Advanced Configuration Table 2‑1. View Agent Direct-Connection Plug-In Configuration Settings (Continued) Setting Registry Value Type Description USB Enabled usbEnabled REG_SZ The value can be set to TRUE or FALSE. Determines whether desktops can use USB devices connected to the client system. The default value is enabled. To prevent the use of external devices for security reasons, change the setting to disabled (FALSE).
View Agent Direct-Connection Plug-In Administration You can import this template file into Active Directory or the Local Group Policy Editor to simplify the management of these configuration settings. See the Microsoft Policy Editor and GPO handling documentation for details of managing policy settings in this way. Policy settings for the plug-in are stored in the registry key: HKEY_LOCAL_MACHINE Software\Policies\VMware, Inc.\VMware VDM\Agent\Configuration\XMLAPI For smart card authentication, the certif
Chapter 2 View Agent Direct-Connection Plug-In Advanced Configuration NOTE If Horizon Client is not configured to support any cipher that is supported by the virtual desktop operating system, the TLS/SSL negotiation will fail and the client will be unable to connect. For information on configuring supported cipher suites in Horizon Clients, refer to Horizon Client documentation at https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
View Agent Direct-Connection Plug-In Administration An example deployment of a desktop whose IP address is 192.168.1.1 illustrates the configuration of NAT and port mapping. A Horizon Client system with an IP address of 192.168.1.9 on the same network establishes a PCoIP connection by using TCP and UDP. This connection is direct without any NAT or port mapping configuration. Figure 2‑1. Direct PCoIP from a Client on the Same Network IP address 192.168.1.9 PCoIP Client IP address 192.168.1.1 TCP DST 192.
Chapter 2 View Agent Direct-Connection Plug-In Advanced Configuration Figure 2‑3. PCoIP From a Client via a NAT Device and Port Mapping IP address 192.168.1.1 NAT PNAT IP address 10.1.1.9 PCoIP Client View Desktop TCP DST 10.1.1.1:14172 SRC 10.1.1.9:? TCP DST 192.168.1.1:4172 SRC 192.168.1.9:? UDP DST 10.1.1.1:14172 SRC 10.1.1.9:55000 UDP DST 192.168.1.1:4172 SRC 192.168.1.9:? UDP DST 10.1.1.9:55000 SRC 10.1.1.1:14172 PCoIP server UDP DST 192.168.1.9:? SRC 192.168.1.
View Agent Direct-Connection Plug-In Administration Table 2‑2. NAT and Port Mapping Values VM# Desktop IP Address HTTPS RDP PCOIP (TCP and UDP) Framework Channel 0 192.168.0.0 10.20.30.40:1000 -> 192.168.0.0:443 10.20.30.40:1001 -> 192.168.0.0:3389 10.20.30.40:1002 -> 192.168.0.0:4172 10.20.30.40:1003 -> 192.168.0.0:32111 1 192.168.0.1 10.20.30.40:1005 -> 192.168.0.1:443 10.20.30.40:1006 -> 192.168.0.1:3389 10.20.30.40:1007 -> 192.168.0.1:4172 10.20.30.40:1008 -> 192.168.0.1:32111 2 192.
Setting Up HTML Access 3 View Agent Direct-Connection (VADC) Plug-In supports HTML Access to virtual machine-based desktops. HTML Access to RDS desktops or applications is not supported.
View Agent Direct-Connection Plug-In Administration Set Up Static Content Delivery If the HTML Access client needs to be served by the desktop, you must perform some setup tasks on the desktop. This enables a user to point a browser directly at a desktop. Prerequisites n Download the View HTML Access portal.war zip file from the VMware download page at http://www.vmware.com/go/downloadview. The filename is VMware-Horizon-View-HTML-Access-y.y.y-xxxxxx.zip, where y.y.
Chapter 3 Setting Up HTML Access 21 Create the file C:\inetpub\wwwroot\Default.htm with the following content (replace with the actual IP address or DNS name of the desktop):
