5.2
Table Of Contents
- VMware Horizon View Installation
- Contents
- VMware Horizon View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for View Connection Server
- Reinstall View Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Understanding SSL Certificates for View Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure View Clients to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configuring Certificate Checking in View Client for Windows
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- View Transfer Server and SSL Certificates
- Setting View Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Configuring View for the First Time
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- View Administrator and View Connection Server
- Log In to View Administrator
- Install the View Connection Server License Key
- Add vCenter Server Instances to View Manager
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support View Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring View Client Connections
- Replacing Default Ports for View Services
- Replace the Default HTTP Ports or NICs for View Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on View Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Replace the Default Ports for View Transfer Server
- Sizing Windows Server Settings to Support Your Deployment
- Configuring User Accounts for vCenter Server and View Composer
- Adding the View Desktops Plug-in to the vSphere Web Client
- Configuring Event Reporting
- Index
7 If your CA is not well known, configure View Clients to trust the root and intermediate certificates.
Also ensure that the computers on which you launch View Administrator trust the root and
intermediate certificates.
8 Determine whether to reconfigure certificate revocation checking.
View Connection Server performs certificate revocation checking on View servers, View Composer, and
vCenter Server. Most certificates signed by a CA include certificate revocation information. If your CA
does not include this information, you can configure the server not to check certificates for revocation.
If a SAML 2.0 authenticator is configured for use with a View Connection Server instance, View
Connection Server also performs certificate revocation checking on the SAML 2.0 server certificate.
Obtaining a Signed SSL Certificate from a CA
If your organization does not provide you with an SSL server certificate, you must request a new certificate
that is signed by a CA.
You can use several methods to obtain a new signed certificate. For example, you can use the Microsoft
certreq utility to generate a Certificate Signing Request (CSR) and submit a certificate request to a CA.
See the Obtaining SSL Certificates for VMware Horizon View Servers document for an example that shows you
how to use certreq to accomplish this task.
For testing purposes, you can obtain a free temporary certificate based on an untrusted root from many
CAs.
When you generate a certificate request on a computer, make sure that a private key is generated also. When
you obtain the SSL server certificate and import it into the Windows local computer certificate store, there
must be an accompanying private key that corresponds to the certificate.
IMPORTANT Do not create certificates for View servers using a certificate template that is compatible only
with a Windows Server 2008 enterprise CA or later.
IMPORTANT Do not generate certificates for View servers using a KeyLength value under 1024. View Client
for Windows and View Client for Windows with Local Mode will not validate a certificate on a View server
that was generated with a KeyLength under 1024, and the View Clients will fail to connect to View.
Certificate validations that are performed by View Connection Server will also fail, resulting in the affected
View servers showing as red in the View Administrator dashboard.
For general information about obtaining certificates, consult the Microsoft online help available with the
Certificate Snap-in to MMC. If the Certificate Snap-in is not yet installed on your computer, see “Add the
Certificate Snap-In to MMC,” on page 76.
Obtain a Signed Certificate from a Windows Domain or Enterprise CA
To obtain a signed certificate from a Windows Domain or Enterprise CA, you can use the Windows
Certificate Enrollment wizard in the Windows Certificate Store.
This method of requesting a certificate is appropriate if communications between computers remain within
your internal domain. For example, obtaining a signed certificate from a Windows Domain CA might be
appropriate for server-to-server communications.
If your View Clients connect to View servers from an external network, request SSL server certificates that
are signed by a trusted, third-party CA.
Prerequisites
n
Determine the fully qualified domain name (FQDN) that client computers use to connect to the host.
VMware Horizon View Installation
74 VMware, Inc.