Specifications
Administrators can enable individual View Connection Server instances for smart card authentication.
Enabling a View Connection Server instance to use smart card authentication typically involves adding your
root certificate to a truststore file and then modifying View Connection Server settings.
Client connections that use smart card authentication must be SSL enabled. Administrators can enable SSL for
client connections by setting a global parameter in View Administrator.
To use smart cards, client machines must have smart card middleware and a smart card reader. To install
certificates on smart cards, you must set up a computer to act as an enrollment station.
To use smart cards with local desktops, you must select a 1024-bit or 2048-bit key size during smart card
enrollment. Certificates with 512-bit keys are not supported for local desktops. By default, View Connection
Server uses AES-128 to encrypt the virtual disk file when users check in and check out a local desktop. You
can change the encryption key cipher to AES-192 or AES-256.
Log In as Current User Feature
When View Client users select the Log in as current user check box, the credentials that they provided when
logging in to the client system are used to authenticate to the View Connection Server instance and to the View
desktop. No further user authentication is required.
To support this feature, user credentials are stored on both the View Connection Server instance and on the
client system.
n
On the View Connection Server instance, user credentials are encrypted and stored in the user session
along with the username, domain, and optional UPN. The credentials are added when authentication
occurs and are purged when the session object is destroyed. The session object is destroyed when the user
logs out, the session times out, or authentication fails. The session object resides in volatile memory and
is not stored in View LDAP or in a disk file.
n
On the client system, user credentials are encrypted and stored in a table in the Authentication Package,
which is a component of View Client. The credentials are added to the table when the user logs in and are
removed from the table when the user logs out. The table resides in volatile memory.
Administrators can use View Client group policy settings to control the availability of the Log in as current
user check box and to specify its default value. Administrators can also use group policy to specify which View
Connection Server instances accept the user identity and credential information that is passed when users
select the Log in as current user check box in View Client.
The Log in as current user feature has the following limitations and requirements:
n
If smart card authentication is set to Required on a View Connection Server instance, smart card users
who select the Log in as current user check box must still reauthenticate with their smart card and PIN
when logging in to the View desktop.
n
Users cannot check out a desktop for use in local mode if they selected the Log in as current user check
box when they logged in.
n
The time on the system where the client logs in and the time on the View Connection Server host must be
synchronized.
n
If the default Access this computer from the network user-right assignments are modified on the client
system, they must be modified as described in VMware Knowledge Base (KB) article 1025691.
VMware View Architecture Planning
54 VMware, Inc.