7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
2 Use a REST client, such as curl or postman, to use the JSON request to invoke the Access Point REST
API and configure the protocols and cipher suites.
The following example uses a curl command. In the example, access-point-appliance.example.com is the
fully qualified domain name of the Access Point appliance, and ciphers.json is the JSON request you
created in the previous step.
curl -k -d @- -u 'admin' -H "Content-Type: application/json" -X PUT https://access-point-
appliance.example.com:9443/rest/v1/config/system < ~/ciphers.json
The cipher suites and protocols that you specified are used.
Configuring the Secure Gateways Used with the View Edge Service
For a View deployment, by default the secure tunnel, PCoIP Secure Gateway, and Blast Secure Gateway are
all enabled on the Access Point appliance. The external URLs need to be set to values that can be used by
remote Horizon clients to connect to the Access Point appliance for the tunnel connection, the PCoIP
connection, and the Blast connection, respectively.
Table 3‑6. Examples of the Secure Gateway Settings
Type of Secure Gateway Property Name Example Setting
Secure tunnel
tunnelExternalUrl https://ap1.example.com:443
PCoIP Secure Gateway
pcoipExternalUrl 10.20.30.40:4172
Blast Secure Gateway
blastExternalUrl https://ap1.example.com:443
These properties are described in more detail in “Configuration Settings for Edge Services,” on page 34, in
the section called "Edge Service Settings for View."
The PCoIP external URL must use an IPv4 address. The other URLs can use an IP address or a host name
that can be resolved by the client on the external network, which is usually the Internet. These external
addresses are used only by the clients. The connection from the client for all three URLs must route to the
specific Access Point appliance and must not be load-balanced. In a NAT environment, the addresses must
be the external addresses and not the internal NAT'd addresses.
The following example shows a configuration JSON that includes these properties.:
{
"identifier": "VIEW",
"enabled": true,
"proxyDestinationUrl": "https://192.0.2.1",
"proxyDestinationUrlThumbprints": "sha1=b6 77 dc 9c 19 94 2e f1 78 f0 ad 4b ec 85 d1 7a f8 8b
dc 34",
"healthCheckUrl": "/favicon.ico",
"pcoipEnabled": true,
"pcoipExternalUrl": "10.20.30.40:4172",
"blastEnabled": true,
"blastExternalUrl": "https://ap1.example.com:443",
"tunnelEnabled": true,
"tunnelExternalUrl": "https://ap1.example.com:443",
"proxyPattern": "/",
"matchWindowsUserName": false,
"gatewayLocation": "External",
"windowsSSOEnabled": false
}
Deploying and Configuring Access Point
44 VMware, Inc.