5.3
Table Of Contents
- VMware Horizon View Feature Pack Installation and Administration
- Contents
- VMware Horizon View Feature Pack Installation and Administration
- VMware Horizon View Feature Pack Components
- Setup and Installation
- System Requirements for the Horizon View Feature Pack
- Installing and Deploying the Remote Experience Agent on Horizon View Desktops
- Upgrading the Remote Experience Agent
- Install the Remote Experience Agent Interactively
- Remote Experience Agent Installation Options
- Install the Remote Experience Agent Silently
- Silent Installation Properties for the Remote Experience Agent
- MSI Command-Line Options for the Remote Experience Agent Installer
- Uninstall the Remote Experience Agent
- Installing HTML Access Software on View Connection Server
- Firewall Rules for HTML Access
- Configure HTML Access Agents to Use New SSL Certificates
- Configure Unity Touch
- Configure Flash URL Redirection for Multicast or Unicast Streaming
- Configure Real-Time Audio-Video
- Manage Access to Windows 7 Multimedia Redirection
- Index
Firewall Rules for HTML Access
To allow client Web browsers to use HTML Access to make connections to security servers, View
Connection Server instances, and Horizon View desktops, your firewalls must allow inbound traffic on
certain TCP ports.
HTML Access connections must use HTTPS. HTTP connections are not allowed.
To ensure that the Windows firewall on security servers is configured to allow traffic to the TCP port used
by HTML Access, see “Open the Port Used by HTML Access on Security Servers,” on page 21.
Table 6. Firewall Rules for HTML Access
Source
Default
Source
Port Protocol Target
Default
Target
Port Notes
Client Web
browser
TCP
Any
HTTPS Security
server or
View
Connection
Server
instance
TCP 443 To make the initial connection to Horizon View, the Web
browser on a client device connects to a security server or
View Connection Server instance on TCP port 443.
Client Web
browser
TCP
Any
HTTPS Blast Secure
Gateway
TCP 8443 After the initial connection to Horizon View is made, the Web
browser on a client device connects to the Blast Secure
Gateway on TCP port 8443. The Blast Secure Gateway must
be enabled on a security server or View Connection Server
instance to allow this second connection to take place.
NOTE The Blast Secure Gateway is installed with View
Connection Server in Horizon View 5.2 and later releases.
Blast Secure
Gateway
TCP
Any
HTTPS HTML
Access
Agent
TCP
22443
If the Blast Secure Gateway is enabled, after the user selects a
Horizon View desktop, the Blast Secure Gateway connects to
the HTML Access Agent on TCP port 22443 on the desktop.
Client Web
browser
TCP
Any
HTTPS HTML
Access
Agent
TCP
22443
If the Blast Secure Gateway is not enabled, after the user
selects a Horizon View desktop, the Web browser on a client
device makes a direct connection to the HTML Access Agent
on TCP port 22443 on the desktop.
Configure HTML Access Agents to Use New SSL Certificates
To comply with industry or security regulations, you can replace the default SSL certificates that are
generated by the HTML Access Agent with certificates that are signed by a Certificate Authority (CA).
When you install the HTML Access Agent on Horizon View desktops, the HTML Access Agent service
creates default, self-signed certificates. The service presents the default certificates to browsers that use
HTML Access to connect to Horizon View.
NOTE In the guest operating system on the desktop virtual machine, this service is called the VMware Blast
service.
To replace the default certificates with signed certificates that you obtain from a CA, you must import a
certificate into the Windows local computer certificate store on each Horizon View desktop. You must also
set a registry value on each desktop that allows the HTML Access Agent to use the new certificate.
If you replace the default HTML Access Agent certificates with CA-signed certificates, VMware
recommends that you configure a unique certificate on each desktop. Do not configure a CA-signed
certificate on a parent virtual machine or template that you use to create a desktop pool. That approach
would result in hundreds or thousands of desktops with identical certificates.
VMware Horizon View Feature Pack Installation and Administration
22 VMware, Inc.