Using HTML Access March 2016 VMware Horizon This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
Using HTML Access You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2013–2016 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents Using HTML Access 5 1 Setup and Installation 7 System Requirements for HTML Access 7 Preparing View Connection Server and Security Servers for HTML Access 10 Firewall Rules for HTML Access 12 Prepare Desktops, Pools, and Farms for HTML Access 12 Configure HTML Access Agents to Use New SSL Certificates 14 Add the Certificate Snap-In to MMC on a View Desktop 15 Import a Certificate for the HTML Access Agent into the Windows Certificate Store Import Root and Intermediate Certificates for the HTML A
Using HTML Access 4 VMware, Inc.
Using HTML Access This guide, Using HTML Access, provides information about installing and using the HTML Access feature of VMware Horizon™ 7 to connect to virtual desktops without having to install any software on a client system. The information in this document includes system requirements and instructions for installing HTML Access software on a View server and in a remote desktop virtual machine so that end users can use a Web browser to access remote desktops.
Using HTML Access 6 VMware, Inc.
1 Setup and Installation Setting up a View deployment for HTML Access involves installing HTML Access on View Connection Server, opening the required ports, and installing the HTML Access component in the remote desktop virtual machine. End users can then access their remote desktops by opening a supported browser and entering the URL for View Connection Server.
Using HTML Access n n Client operating systems n n 8 Browser Version Firefox 43, 44 Microsoft Edge 20, 25 HTML Access 3.5 supports the following browsers. Browser Version Chrome 43, 44 Internet Explorer 10, 11 Safari 7, 8 (Mobile Safari is not supported.) Firefox 38, 39 Microsoft Edge 20 HTML Access 3.4 supports the following browsers. Browser Version Chrome 41, 42, 43 Internet Explorer 10, 11 Safari 7, 8 (Mobile Safari is not supported.) Firefox 36, 37, 38 HTML Access 4.
Chapter 1 Setup and Installation n HTML Access 3.4 supports the following operating systems. Operating System Version Windows 7 SP1 (32- and 64-bit) Windows 8 (32- and 64-bit) Mac OS X 10.9.x (Mavericks) Max OS X 10.10.x (Yosemite) Chrome OS 28.x and later NOTE For HTML Access 3.5 and earlier, iOS devices such as phones and tablets are not supported. VMware recommends that you instead use Horizon Client for iOS. If you must support HTML Access on these devices, do not install HTML Access 3.x.
Using HTML Access When you install the HTML Access component, the VMware Horizon View Connection Server (Blast-In) rule is enabled in the Windows Firewall, so that the firewall is automatically configured to allow inbound traffic to TCP port 8443. View Security Server: The same version as View Connection Server must be installed on the security server. Security Server If client systems connect from outside the corporate firewall, VMware recommends that you use a security server.
Chapter 1 Setup and Installation Following is a check list of the tasks you must perform in order to use HTML Access: 1 Install View Connection Server with the HTML Access option on the server or servers that will compose a View Connection Server replicated group. By default, the HTML Access component is already selected in the installer. For installation instructions, see the View Installation documentation.
Using HTML Access Firewall Rules for HTML Access To allow client Web browsers to use HTML Access to make connections to security servers, View Connection Server instances, and remote desktops, your firewalls must allow inbound traffic on certain TCP ports. HTML Access connections must use HTTPS. HTTP connections are not allowed.
Chapter 1 Setup and Installation n Verify that the HTML Access component is installed with View Connection Server on the host or hosts and that the Windows firewalls on View Connection Server instances and any security servers allow inbound traffic on TCP port 8443. See “Preparing View Connection Server and Security Servers for HTML Access,” on page 10. n If you use third-party firewalls, configure a rule to allow inbound traffic from View servers to TCP port 22443 on View desktops in the data center.
Using HTML Access You can now access a remote desktop or application from a Web browser when you are using a client device that does not or cannot have Horizon Client software installed in its operating system. What to do next For added security, if your security policies require that the Blast agent on the remote desktop uses an SSL certificate from a certificate authority, see “Configure HTML Access Agents to Use New SSL Certificates,” on page 14.
Chapter 1 Setup and Installation Add the Certificate Snap-In to MMC on a View Desktop Before you can add certificates to the Windows local computer certificate store, you must add the Certificate snap-in to the Microsoft Management Console (MMC) on the View desktops where the HTML Access Agent is installed. Prerequisites Verify that the MMC and Certificate snap-in are available on the Windows guest operating system where the HTML Access Agent is installed.
Using HTML Access 8 Click Next and click Finish. The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder. 9 Verify that the new certificate contains a private key. a In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate. b In the General tab of the Certificate Information dialog box, verify that the following statement appears: You have a private key that corresponds to this certificate.
Chapter 1 Setup and Installation Set the Certificate Thumbprint in the Windows Registry To allow the HTML Access Agent to use a CA-signed certificate that was imported into the Windows certificate store, you must configure the certificate thumbprint in a Windows registry key. You must take this step on each desktop on which you replace the default certificate with a CA-signed certificate. Prerequisites Verify that the CA-signed certificate is imported into the Windows certificate store.
Using HTML Access 4 Restart the VMware Blast service to make your changes take effect. In the Windows guest operating system, the service for the HTML Access Agent is called VMware Blast. To revert to using the default cipher list, delete the SslCiphers value and restart the VMware Blast service. Do not simply delete the data part of the value because the HTML Access Agent will then treat all ciphers as unacceptable, in accordance with the OpenSSL cipher list format definition.
Chapter 1 Setup and Installation When you install View Connection Server 6.1.1 interactively, the version of HTML Access that is installed is HTML Access 2.6. At this stage, you cannot use remote (hosted) applications with HTML Access. Users can continue to use HTML Access 2.6 to connect to desktops running View Agent 6.1. 2 If you use security servers, upgrade to View Security Server 6.1.1. The version of View Security Server must match the version of View Connection Server. 3 Upgrade to View Agent 6.
Using HTML Access What to do next Disallow inbound traffic to TCP port 8443 on the Windows Firewall of any paired security servers. If applicable, on third-party firewalls, change the rules to disallow inbound traffic to TCP port 8443 for all paired security servers and this View Connection Server host. Data Collected by VMware If your company participates in the customer experience improvement program, VMware collects data from certain client fields.
Chapter 1 Setup and Installation Table 1‑4. Client Data Collected for the Customer Experience Improvement Program (Continued) Description Field name Is This Field Made Anonymous ? Browser's core implementation No Example Value Examples include the following values: n Chrome n Safari n Firefox n n Whether the browser is running on a handheld device VMware, Inc.
Using HTML Access 22 VMware, Inc.
Configuring HTML Access for End Users 2 You can change the appearance of the Web page that end users see when they enter the URL for HTML Access. You can also set group policies that control the image quality, the ports used, and other settings.
Using HTML Access Procedure 1 On the View Connection Server host, open the portal-links-html-access.properties file with a text editor. The location of this file is CommonAppDataFolder\VMware\VDM\portal\portal-links-htmlaccess.properties. For Windows Server 2008 operating systems, the CommonAppDataFolder directory is C:\ProgramData. To display the C:\ProgramData folder in Windows Explorer, you must use the Folder Options dialog box to show hidden folders. NOTE Customizations for View 5.
Chapter 2 Configuring HTML Access for End Users Option Property Setting Create links for specific installers The following examples show full URLs, but you can use relative URLs if you place the installer files in the downloads directory, which is under the C:\Program Files\VMware\VMware View\Server\broker\webapps\ directory on View Connection Server, as described in the next step. n 32-bit Windows installer: n link.win32=https://server/downloads/VMware-HorizonClient.
Using HTML Access n Active Directory user name n RADIUS or RSA SecurID user name, if different from Active Directory user name n Domain name n Desktop display name n Actions including browse, reset, log off, and start session Syntax for Creating URIs for HTML Access Syntax includes a path part to specify the server, and, optionally, a query to specify the user, desktop, and desktop actions or configuration options.
Chapter 2 Configuring HTML Access for End Users Supported Queries This topic lists the queries that are supported for the HTML Access Web client. If you are creating URIs for multiple types of clients, such as desktop clients and mobile clients, see the Using VMware Horizon Client guide for each type of client system. domainName The NETBIOS domain name associated with the user who is connecting to the remote desktop. For example, you would use mycompany rather than mycompany.com.
Using HTML Access 3 https://view.mycompany.com:7555/?desktopId=Primary%20Desktop This URI has the same effect as the previous example, except that it uses the nondefault port of 7555 for View Connection Server. (The default port is 443.) Because a desktop identifier is provided, the desktop is launched even though the start-session action is not included in the URI. 4 https://view.mycompany.com/?desktopId=Primary%20Desktop&action=reset The HTML Access Web client is launched and connects to the view.
Chapter 2 Configuring HTML Access for End Users Procedure 1 Download the View GPO Bundle .zip file from the VMware download site at https://my.vmware.com/web/vmware/downloads. Under Desktop & End-User Computing, select the VMware Horizon 7 download, which includes the GPO Bundle. The file is named VMware-Horizon-Extras-Bundle-x.x.x-yyyyyyy.zip, where x.x.x is the version and yyyyyyy is the build number. All ADM and ADMX files that provide group policy settings for View are available in this file.
Using HTML Access Table 2‑2. Group Policy Settings for HTML Access 3.5 and Earlier 30 Setting Description Screen Blanking Controls whether the remote virtual machine can be seen from outside of View during an HTML Access session. For example, an administrator might use vSphere Web Client to open a console on the virtual machine while a user is connected to the desktop through HTML Access.
3 Using a Remote Desktop or Application The client provides a navigation sidebar with toolbar buttons so that you can easily disconnect from a remote desktop or application or use a button click to send the equivalent of the Ctrl+Alt+Delete key combination.
Using HTML Access Table 3‑1. Features Supported Through HTML Access (Continued) Feature Windows 7 Desktop Windows 8.x Desktop Windows 10 Desktop Windows Server 2008 R2 Desktop Windows Server 2012 R2 Desktop X X X X X USB redirection Real-time audio-video (RTAV) Wyse MMR Windows Media MMR Virtual printing Location-based printing Smart cards Multiple monitors For descriptions of these features and their limitations, see the View Architecture Planning document.
Chapter 3 Using a Remote Desktop or Application Internationalization The user interface and documentation are available in English, Japanese, French, German, Simplified Chinese, Traditional Chinese, and Korean. For information about which language packs you must use in the client system, browser, and remote desktop, see “International Keyboards,” on page 38.
Using HTML Access 7 Click the icon for the remote desktop or application that you want to access. The remote desktop or application is displayed in your browser. A navigation sidebar is also available. You can click the tab at the left side of the browser window to display the sidebar. You can use the sidebar to access other remote desktops or applications, display the Settings window, copy and paste text, and more.
Chapter 3 Using a Remote Desktop or Application Shortcut Key Combinations Regardless of the language used, some key combinations cannot be sent to the to a remote desktop or application. Web browsers allow some key presses and key combinations to be sent to both the client and the destination system. For other keys and key combinations, the input is processed only locally and is not sent to the destination system.
Using HTML Access Table 3‑3. Windows Key Shortcuts for Windows 10 Remote Desktops (Continued) Keys Action Limitations Win+G Open game bar when a game is open. Win+H Open the Share charm. Win+I Open the Settings charm. Win+K Open the Connection quick action. Win+M Minimize all windows. Win+R Open the Run dialog box. Win+S Open Search. Win+X Open the Quick Link menu. Win+, (comma) Temporarily peek at the desktop. Win+Pause Display the System Properties dialog box.
Chapter 3 Using a Remote Desktop or Application Table 3‑4. Windows Key Shortcuts for Windows 8.x and Windows Server 2012 R2 Remote Desktops (Continued) Keys Action Limitations Win+Shift+M Restore minimized windows on the desktop. Does not work in Safari browsers. Workaround: Press Command-D on Macs. Win+Alt+Num Open the desktop and open the jump list for the app pinned to the taskbar in the position indicated by the number. Does not work on a Chromebook. Win+Up Arrow Maximize the window.
Using HTML Access International Keyboards When using non-English keyboards and locales, you must use certain settings in your client system, browser, and remote desktop. Some languages require you to use an IME (input method editor) on the remote desktop. With the correct local settings and input methods installed, you can input characters for the following languages: English, Japanese, French, German, simplified Chinese, traditional Chinese, and Korean. Table 3‑6.
Chapter 3 Using a Remote Desktop or Application Similarly, if you use a browser on a device that has a high pixel density resolution, such as a Macbook with Retina Display or a Google Chromebook Pixel, you must allocate sufficient VRAM for each remote desktop. IMPORTANT Estimating the amount of VRAM you need for the VMware Blast display protocol is similar to estimating how much VRAM is required for the PCoIP display protocol.
Using HTML Access Figure 3‑1. Sidebar That Appears When You Launch a Remote Desktop or Application Click the expander arrow next to a running application to see the list of documents opened from that application. Note, however, that if you have, for example, two Excel documents open from separate Excel programs hosted on two different servers, the Excel application will be listed twice in Running list in the sidebar. 40 VMware, Inc.
Chapter 3 Using a Remote Desktop or Application From the sidebar, you can perform several actions. Table 3‑7. Sidebar Actions Action Procedure Show the sidebar When you have a remote application or desktop open, click the sidebar tab. When the sidebar is open, you can still perform actions in the application or desktop window. Hide the sidebar Click the sidebar tab. Launch a remote application or desktop Click the name of an application or desktop under Available in the sidebar.
Using HTML Access Table 3‑7. Sidebar Actions (Continued) Action Procedure Use high-resolution mode on machines with a high-resolution display (such as Retina Macbook Pro) Click the Open Menu toolbar button at the top of the sidebar, click Settings, and turn on High Resolution Mode. (This option appears in the Settings window only if you are using a high-resolution display.) Call out or dismiss the soft keyboard (iOS Safari only) Click the keyboard icon at the top of the sidebar.
Chapter 3 Using a Remote Desktop or Application The Copy & Paste window, which you can open from the button at the top of the HTML Access sidebar, is required only for synchronizing the Clipboard on your local system with the Clipboard in the remote machine. Prerequisites If you are using a Mac, verify that you have enabled the setting for mapping the Command key to the Windows Ctrl key when using the key combinations to select, copy, and paste text.
Using HTML Access Log Off or Disconnect With some configurations, if you disconnect from a remote desktop without logging off, applications in the desktop can remain open. You can also disconnect from a server and leave remote applications running. Procedure n n n Log out of the View server and disconnect from (but do not log out from) the desktop or quit the hosted application.
Chapter 3 Using a Remote Desktop or Application Procedure u Use the Reset command. Option Action Reset applications from the application selector screen From the desktop and application selector screen, before connecting to a remote desktop or application, to reset all running applications, click the Settings toolbar button in the upper-right corner of the screen, anc click Reset.
Using HTML Access 46 VMware, Inc.
Index A Blast Agent 12 installation 7 intermediate certificates, importing into the Windows store 16 iOS, configuring to use CA-signed certificates 18 C K ADM template files, HTML Access 29 B certificates, setting the thumbprint in the Windows registry 17 cipher suites, configuring for HTML Access Agents 17 configuration settings 23 copy text 42 copying text 42 Ctrl+Alt+Delete 35 customer experience program, desktop pool data 20 D desktop log off from 44 reset 44 disconnecting from a remote desktop
Using HTML Access URI examples 27 URI syntax for HTML Access web clients 26 URIs (uniform resource identifiers) 25 V video RAM 38 View Connection Server 10 W Web client, system requirements for HTML Access 7 Web Portal 23 Windows Certificate Store, importing a certificate for the HTML Access Agent 15 48 VMware, Inc.
