5.2
Table Of Contents
- VMware Horizon View Installation
- Contents
- VMware Horizon View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for View Connection Server
- Reinstall View Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Understanding SSL Certificates for View Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure View Clients to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configuring Certificate Checking in View Client for Windows
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- View Transfer Server and SSL Certificates
- Setting View Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Configuring View for the First Time
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- View Administrator and View Connection Server
- Log In to View Administrator
- Install the View Connection Server License Key
- Add vCenter Server Instances to View Manager
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support View Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring View Client Connections
- Replacing Default Ports for View Services
- Replace the Default HTTP Ports or NICs for View Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on View Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Replace the Default Ports for View Transfer Server
- Sizing Windows Server Settings to Support Your Deployment
- Configuring User Accounts for vCenter Server and View Composer
- Adding the View Desktops Plug-in to the vSphere Web Client
- Configuring Event Reporting
- Index
Configure Secure HTML Access
In View Administrator, you can configure the use of the Blast Secure Gateway to provide secure HTML
access to View desktops.
The Blast Secure Gateway ensures that only authenticated users can communicate with View desktops by
using HTML Access. View Client does not have to be installed on users' endpoint devices.
When the Blast Secure Gateway is not enabled, client Web browsers use HTML Access to establish direct
connections to View desktop virtual machines, bypassing the Blast Secure Gateway.
IMPORTANT A typical network configuration that provides secure connections for external users includes a
security server. To enable or disable the Blast Secure Gateway on a security server, you must edit the View
Connection Server instance that is paired with the security server. If external users connect directly to a
View Connection Server host, you enable or disable the Blast Secure Gateway by editing that View
Connection Server instance.
Prerequisites
n
If users select View desktops by using the Horizon User Portal, verify that Horizon Workspace is
installed and configured for use with View Connection Server and that View Connection Server is
paired with a SAML 2.0 Authentication server.
n
Verify that the secure tunnel is enabled. If the secure tunnel is disabled, the Blast Secure Gateway
cannot be enabled.
Procedure
1 In View Administrator, select View Configuration > Servers.
2 In the View Connection Servers panel, select a View Connection Server instance and click Edit.
3 Configure use of the Blast Secure Gateway.
Option Description
Enable the Blast Secure Gateway
Select Use Blast Secure Gateway for HTML access to desktop
Disable the Blast secure Gateway
Deselect Use Blast Secure Gateway for HTML access to desktop
The Blast Secure Gateway is enabled by default.
4 Click OK to save your changes.
Open the Port Used by HTML Access on Security Servers
When you install View Connection Server or security server, the View server installer creates the Windows
Firewall rule for the port that is used by HTML Access for client connections, but the installer leaves the rule
disabled until it is actually needed. When you later install HTML Access on a View Connection Server
instance, the HTML Access installer automatically enables the rule to allow communication to that port.
However, on security servers, you must manually enable the rule in the Windows Firewall to allow
communication to the port.
By default, HTML Access uses TCP port 8443 for client connections to the Blast Secure Gateway.
Procedure
n
To open the port used by HTML Access on a View Connection Server computer, install HTML Access
on that computer.
The HTML Access installer enables the VMware View Connection Server (Blast-In) rule in the
Windows Firewall.
Chapter 8 Configuring View for the First Time
VMware, Inc. 105