5.2
Table Of Contents
- VMware Horizon View Installation
- Contents
- VMware Horizon View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for View Connection Server
- Reinstall View Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Understanding SSL Certificates for View Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure View Clients to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configuring Certificate Checking in View Client for Windows
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- View Transfer Server and SSL Certificates
- Setting View Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Configuring View for the First Time
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- View Administrator and View Connection Server
- Log In to View Administrator
- Install the View Connection Server License Key
- Add vCenter Server Instances to View Manager
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support View Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring View Client Connections
- Replacing Default Ports for View Services
- Replace the Default HTTP Ports or NICs for View Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on View Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Replace the Default Ports for View Transfer Server
- Sizing Windows Server Settings to Support Your Deployment
- Configuring User Accounts for vCenter Server and View Composer
- Adding the View Desktops Plug-in to the vSphere Web Client
- Configuring Event Reporting
- Index
3 Examine the certificate thumbprint that was configured for the vCenter Server or View Composer
instance.
a On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows
Certificate Store.
b Navigate to the vCenter Server or View Composer certificate.
c Click the Certificate Details tab to display the certificate thumbprint.
Similarly, examine the certificate thumbprint for a SAML 2.0 authenticator. If appropriate, take the
preceding steps on the SAML 2.0 authenticator host.
4 Verify that the thumbprint in the Certificate Information window matches the thumbprint for the
vCenter Server or View Composer instance.
Similarly, verify that the thumbprints match for a SAML 2.0 authenticator.
5 Determine whether to accept the certificate thumbprint.
Option Description
The thumbprints match.
Click Accept to use the default certificate.
The thumbprints do not match.
Click Reject.
Troubleshoot the mismatched certificates. For example, you might have
provided an incorrect IP address for vCenter Server or View Composer.
Configuring View Client Connections
View clients communicate with a View Connection Server or security server host over secure connections.
The initial View Client connection, which is used for user authentication and View desktop selection, is
created over HTTPS when a user provides a domain name to View Client. If firewall and load balancing
software are configured correctly in your network environment, this request reaches the View Connection
Server or security server host. With this connection, users are authenticated and a desktop is selected, but
users have not yet connected to View desktops.
When users connect to View desktops, by default View Client makes a second connection to the View
Connection Server or security server host. This connection is called the tunnel connection because it
provides a secure tunnel for carrying RDP and other data over HTTPS.
When users connect to View desktops with the PCoIP display protocol, View Client can make a further
connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP
Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.
When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established
directly between the client system and the View desktop virtual machine, bypassing the View Connection
Server or security server host. This type of connection is called a direct connection.
Desktop sessions that use direct connections remain connected even if View Connection Server is no longer
running.
Typically, to provide secure connections for external clients that connect to a security server or View
Connection Server host over a WAN, you enable both the secure tunnel and the PCoIP Secure Gateway. You
can disable the secure tunnel and the PCoIP Secure Gateway to allow internal, LAN-connected clients to
establish direct connections to View desktops.
Certain View Client endpoints, such as thin clients, do not support the tunnel connection and use direct
connections for RDP data, but do support the PCoIP Secure Gateway for PCoIP data.
Chapter 8 Configuring View for the First Time
VMware, Inc. 103