5.2
Table Of Contents
- VMware Horizon View Installation
- Contents
- VMware Horizon View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for View Connection Server
- Reinstall View Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Understanding SSL Certificates for View Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure View Clients to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configuring Certificate Checking in View Client for Windows
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- View Transfer Server and SSL Certificates
- Setting View Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Configuring View for the First Time
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- View Administrator and View Connection Server
- Log In to View Administrator
- Install the View Connection Server License Key
- Add vCenter Server Instances to View Manager
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support View Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring View Client Connections
- Replacing Default Ports for View Services
- Replace the Default HTTP Ports or NICs for View Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on View Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Replace the Default Ports for View Transfer Server
- Sizing Windows Server Settings to Support Your Deployment
- Configuring User Accounts for vCenter Server and View Composer
- Adding the View Desktops Plug-in to the vSphere Web Client
- Configuring Event Reporting
- Index
By default, when you install View Connection Server or security server, the installation generates a self-
signed certificate for the View server. However, the installation uses an existing certificate in the following
cases:
n
If a valid certificate with a Friendly name of vdm already exists in the Windows Certificate Store
n
If you upgrade to View 5.1 or later from an earlier release, and a valid keystore file is configured on the
Windows Server computer. The installation extracts the keys and certificates and imports them into the
Windows Certificate Store.
vCenter Server and View Composer
Before you add vCenter Server and View Composer to View Manager in a production environment, make
sure that vCenter Server and View Composer use certificates that are signed by a CA.
For information about replacing the default certificate for vCenter Server, see "Replacing vCenter Server
Certificates" on the VMware Technicap Papers site at http://www.vmware.com/resources/techresources/.
If you install vCenter Server and View Composer on the same Windows Server host, they can use the same
SSL certificate, but you must configure the certificate separately for each component.
PCoIP Secure Gateway
To comply with industry or jurisdiction security regulations, you can replace the default SSL certificate that
is generated by the PCoIP Secure Gateway (PSG) service with a certificate that is signed by a CA.
Configuring the PSG service to use a CA-signed certificate is highly recommended, particularly for
deployments that require you to use security scanners to pass compliance testing. See “Configure the PCoIP
Secure Gateway to Use a New SSL Certificate,” on page 83.
Blast Secure Gateway
By default, the Blast Secure Gateway (BSG) uses the SSL certificate that is configured for the View
Connection Server instance or security server on which the BSG is running. If you replace the default, self-
signed certificate for a View server with a CA-signed certificate, the BSG also uses the CA-signed certificate.
View Transfer Server
You do not have to configure SSL certificates for View Transfer Server if you are installing View 5.1 or later.
A default, self-signed certificate is installed with View Transfer Server that View Connection Server uses to
handle secondary connections to View Clients. See “View Transfer Server and SSL Certificates,” on
page 87.
SAML 2.0 Authenticator
VMware Horizon Suite uses SAML 2.0 authenticators to provide Web-based authentication and
authorization across security domains. If you want View to delegate authentication to the Horizon Suite,
you can configure View to accept SAML 2.0 authenticated sessions from Horizon Suite. When Horizon
Application Manager is configured to support View, Horizon users can connect to View desktops by
selecting desktop icons on the Horizon User Portal.
In View Administrator, you can configure SAML 2.0 authenticators for use with View Connection Server
instances.
Before you add a SAML 2.0 authenticator in View Administrator, make sure that the SAML 2.0
authenticator uses a certificate that is signed by a CA.
VMware Horizon View Installation
72 VMware, Inc.