5.2
Table Of Contents
- VMware Horizon View Installation
- Contents
- VMware Horizon View Installation
- System Requirements for Server Components
- System Requirements for Guest Operating Systems
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Firewall Rules for View Connection Server
- Reinstall View Connection Server with a Backup Configuration
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Understanding SSL Certificates for View Servers
- Overview of Tasks for Setting Up SSL Certificates
- Obtaining a Signed SSL Certificate from a CA
- Configure View Connection Server, Security Server, or View Composer to Use a New SSL Certificate
- Configure View Clients to Trust Root and Intermediate Certificates
- Configuring Certificate Revocation Checking on Server Certificates
- Configuring Certificate Checking in View Client for Windows
- Configure the PCoIP Secure Gateway to Use a New SSL Certificate
- View Transfer Server and SSL Certificates
- Setting View Administrator to Trust a vCenter Server or View Composer Certificate
- Benefits of Using SSL Certificates Signed by a CA
- Configuring View for the First Time
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- View Administrator and View Connection Server
- Log In to View Administrator
- Install the View Connection Server License Key
- Add vCenter Server Instances to View Manager
- Configure View Composer Settings
- Configure View Composer Domains
- Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines
- Configure View Storage Accelerator for vCenter Server
- Concurrent Operations Limits for vCenter Server and View Composer
- Setting a Concurrent Power Operations Rate to Support View Desktop Logon Storms
- Accept the Thumbprint of a Default SSL Certificate
- Configuring View Client Connections
- Replacing Default Ports for View Services
- Replace the Default HTTP Ports or NICs for View Connection Server Instances and Security Servers
- Replace the Default Ports or NICs for the PCoIP Secure Gateway on View Connection Server Instances and on Security Servers
- Replace the Default Port for View Composer
- Replace the Default Ports for View Transfer Server
- Sizing Windows Server Settings to Support Your Deployment
- Configuring User Accounts for vCenter Server and View Composer
- Adding the View Desktops Plug-in to the vSphere Web Client
- Configuring Event Reporting
- Index
Replacing the default certificate for View Transfer Server with a certificate that is signed by a CA would not
significantly affect the secure communications between View Transfer Server, View Connection Server, and
View clients.
In View 5.0.x and earlier versions, you did have to configure an SSL certificate for View Transfer Server.
If you are upgrading from View 5.0.x or earlier to View 5.1 or later, and you want to continue to use a
certificate that is signed by a CA on the upgraded version of View Transfer Server, you must back up the
certificate, upgrade View Transfer Server, and configure the signed certificate for the new View Transfer
Server version.
If you configured a self-signed certificate for the old View Transfer Server, or you do not intend to use an
existing CA-signed certificate on the upgraded server, you do not have to configure a certificate again.
During the upgrade, a valid, self-signed certificate is installed with View Transfer Server.
For more information, see the VMware Horizon View Upgrades document.
Setting View Administrator to Trust a vCenter Server or View
Composer Certificate
In the View Administrator dashboard, you can configure View to trust a vCenter Server or View Composer
certificate that is untrusted.
VMware strongly recommends that you configure vCenter Server and View Composer to use SSL
certificates that are signed by a CA. Alternatively, you can accept the thumbprint of the default certificate
for vCenter Server or View Composer.
Similarly, VMware recommends that you configure SAML 2.0 authenticators to use SSL certificates that are
signed by a CA. Alternatively, in the View Administrator dashboard you can configure View to trust an
untrusted SAML 2.0 server certificate by accepting the thumbprint of the default certificate.
Benefits of Using SSL Certificates Signed by a CA
A CA is a trusted entity that guarantees the identity of the certificate and its creator. When a certificate is
signed by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin
client devices can connect without requiring additional configuration.
You can request an SSL server certificate that is specific to a Web domain such as www.mycorp.com, or you
can request a wildcard SSL server certificate that can be used throughout a domain such as *.mycorp.com. To
simplify administration, you might choose to request a wildcard certificate if you need to install the
certificate on multiple servers or in different subdomains. Typically, domain-specific certificates are used in
secure installations, and CAs usually guarantee more protection against losses for domain-specific
certificates than for wildcard certificates. If you use a wildcard certificate, you must ensure that the private
key is transferrable between servers.
When you replace the default certificate with your own certificate, clients use your certificate to authenticate
the server. If your certificate is signed by a CA, the certificate for the CA itself is typically embedded in the
browser or is located in a trusted database that the client can access. After a client accepts the certificate, it
responds by sending a secret key, which is encrypted with the public key contained in the certificate. The
secret key is used to encrypt traffic between the client and the server.
VMware Horizon View Installation
88 VMware, Inc.