7.0
Table Of Contents
- Using HTML Access
- Contents
- Using HTML Access
- Setup and Installation
- System Requirements for HTML Access
- Preparing View Connection Server and Security Servers for HTML Access
- Prepare Desktops, Pools, and Farms for HTML Access
- Configure HTML Access Agents to Use New SSL Certificates
- Configure HTML Access Agents to Use Specific Cipher Suites
- Configuring iOS to Use CA-Signed Certificates
- Upgrading the HTML Access Software
- Uninstall HTML Access from View Connection Server
- Data Collected by VMware
- Configuring HTML Access for End Users
- Using a Remote Desktop or Application
- Index
Firewall Rules for HTML Access
To allow client Web browsers to use HTML Access to make connections to security servers, View
Connection Server instances, and remote desktops, your firewalls must allow inbound traffic on certain TCP
ports.
HTML Access connections must use HTTPS. HTTP connections are not allowed.
By default, when you install a View Connection Server instance or security server, the VMware Horizon
View Connection Server (Blast-In) rule is enabled in the Windows Firewall, so that the firewall is
automatically configured to allow inbound traffic to TCP port 8443.
Table 1‑2. Firewall Rules for HTML Access
Source
Default
Source
Port Protocol Target
Default
Target
Port Notes
Client Web
browser
TCP
Any
HTTPS Security
server or
View
Connection
Server
instance
TCP 443 To make the initial connection to View, the Web browser on a
client device connects to a security server or View Connection
Server instance on TCP port 443.
Client Web
browser
TCP
Any
HTTPS Blast Secure
Gateway
TCP 8443 After the initial connection to View is made, the Web browser
on a client device connects to the Blast Secure Gateway on
TCP port 8443. The Blast Secure Gateway must be enabled on
a security server or View Connection Server instance to allow
this second connection to take place.
Blast Secure
Gateway
TCP
Any
HTTPS HTML
Access agent
TCP
22443
If the Blast Secure Gateway is enabled, after the user selects a
remote desktop, the Blast Secure Gateway connects to the
HTML Access agent on TCP port 22443 on the desktop. This
agent component is included when you install View Agent.
Client Web
browser
TCP
Any
HTTPS HTML
Access agent
TCP
22443
If the Blast Secure Gateway is not enabled, after the user
selects a View desktop, the Web browser on a client device
makes a direct connection to the HTML Access agent on TCP
port 22443 on the desktop. This agent component is included
when you install View Agent.
Prepare Desktops, Pools, and Farms for HTML Access
Before end users can access a remote desktop or application, administrators must configure certain pool and
farm settings and install View Agent on remote desktop virtual machines and RDS hosts in the data center.
The HTML Access client is a good alternative when Horizon Client software is not installed on the client
system.
NOTE The Horizon Client software offers more features and better performance than the HTML Access
client. For example, with the HTML Access client, some key combinations do not work in the remote
desktop, but these key combinations do work with Horizon Client.
Prerequisites
n
Verify that your vSphere infrastructure and View components meet the system requirements for
HTML Access.
See “System Requirements for HTML Access,” on page 7.
Using HTML Access
12 VMware, Inc.