VMware View Installation Guide View 4.5 View Manager 4.5 View Composer 2.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware View Installation Guide You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents About This Book 5 1 System Requirements for Server Components 7 View Connection Server Requirements 7 View Administrator Requirements 9 View Composer Requirements 9 View Transfer Server Requirements 11 2 System Requirements for Client Components 15 Supported Operating Systems for View Agent 15 Supported Operating Systems for View Client and View Client with Local Mode Hardware Requirements for Local Mode Desktops 16 Client Browser Requirements for View Portal 18 Remote Display Protocol and Soft
VMware View Installation Guide 6 Installing View Transfer Server 67 Install View Transfer Server 67 Add View Transfer Server to View Manager 69 Configure the Transfer Server Repository 70 Firewall Rules for View Transfer Server 71 Installing View Transfer Server Silently 71 7 Configuring Certificate Authentication 75 Replacing the Default Certificate 75 Add keytool and openssl to the System Path 76 Export an Existing Microsoft IIS SSL Server Certificate 76 Creating a New SSL Certificate 77 Configure a V
About This Book ® The VMWare View Installation Guide explains how to install the VMware View server and client components. Intended Audience ® This book is intended for anyone who wants to install VMware View. The information in this book is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations.
VMware View Installation Guide Services provides offerings to help you assess, plan, build, and manage your virtual environment. To access information about education classes, certification programs, and consulting services, go to http://www.vmware.com/services. 6 VMware, Inc.
System Requirements for Server Components 1 Hosts that run VMware View server components must meet specific hardware and software requirements.
VMware View Installation Guide Table 1-1. View Connection Server Hardware Requirements (Continued) Hardware Component Required Recommended Memory 4GB RAM or higher At least 10GB RAM for deployments of 50 or more View desktops 2GB RAM or higher 6GB RAM for deployments of 50 or more View desktops, and enable Physical Address Extension (PAE) See the Microsoft KB article at http://support.microsoft.com/kb/283037.
Chapter 1 System Requirements for Server Components Even a high-performance WAN with low average latency and high throughput might have periods when the network cannot deliver the performance characteristics that are needed for View Connection Server instances to maintain consistency. If the View LDAP configurations on View Connection Server instances become inconsistent, users might not be able to access their desktops.
VMware View Installation Guide Supported Operating Systems for View Composer View Composer supports 64-bit and 32-bit operating systems with specific requirements and limitations. You must install View Composer on the same physical computer or virtual machine as vCenter Server. 64-Bit Operating Systems Table 1-3 lists the 64-bit operating systems supported for View Composer. Standard and Enterprise editions are supported. Table 1-3.
Chapter 1 System Requirements for Server Components Table 1-5. Supported Database Servers for View Composer Database vCenter Server 4.1 vCenter Server 4.0 U2 VC Server 2.
VMware View Installation Guide n Supported Operating Systems for View Transfer Server on page 12 You must install View Transfer Server on a supported operating system with the required amount of RAM. n Storage Requirements for View Transfer Server on page 13 View Transfer Server transfers static content to and from the Transfer Server repository and dynamic content between local desktops and remote desktops in the datacenter. View Transfer Server has specific storage requirements.
Chapter 1 System Requirements for Server Components Storage Requirements for View Transfer Server View Transfer Server transfers static content to and from the Transfer Server repository and dynamic content between local desktops and remote desktops in the datacenter. View Transfer Server has specific storage requirements. n The disk drive on which you configure the Transfer Server repository must have enough space to store your static image files. Image files are View Composer base images.
VMware View Installation Guide 14 VMware, Inc.
2 System Requirements for Client Components Systems running View client components must meet certain hardware and software requirements. View Client uses Microsoft Internet Explorer Internet settings, including proxy settings, when connecting to View Connection Server. Ensure that your Internet Explorer settings are accurate and that you can access the View Connection Server URL through Internet Explorer.
VMware View Installation Guide Table 2-1. View Agent Operating System Support (Continued) Guest Operating System Version Edition Service Pack Windows 2003 R2 Terminal Server 32-bit Standard SP2 Windows 2003 Terminal Server 32-bit Standard SP2 IMPORTANT If you use Windows 7 in a virtual machine, the virtual machine must be hosted on an ESX 4.0 or ESX 4.1 server. For ESX 4.0, the version must be ESX 4.0 Update 2 or higher. For ESX 4.1, the version must be ESX 4.1 or higher.
Chapter 2 System Requirements for Client Components Table 2-3. Processor Requirements Client Computer Requirement Description PC Standard x86 or x86 64-compatible Number of CPUs Multiprocessor systems are supported CPU speed For a Windows XP local desktop, 1.3GHz or faster; 1.6 GHz recommended For a Windows 7 desktop, 1.6GHz or faster; for Aero effects, 2.
VMware View Installation Guide Display A 32-bit display adapter is recommended. 3D benchmarks, such as 3DMark '06, might not render correctly or at all when running Windows Vista or Windows 7 virtual machines on some graphics hardware. To play video at 720p or higher requires a multiprocessor system. For CPU and GPU requirements to support Windows 7 Aero, see the table in “PC Hardware,” on page 16.
Chapter 2 System Requirements for Client Components VMware View with PCoIP PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment, including applications, images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
VMware View Installation Guide Recommended Guest Operating System Settings Recommended guest operating system settings include the following settings: n For Windows XP desktops: 768MB RAM or more and a single CPU n For Windows 7 desktops: 1GB of RAM and a dual CPU Client Hardware Requirements Client hardware requirements include the following: n 800MHz or higher processor speed. n x86-based processor with SSE2 extensions.
Chapter 2 System Requirements for Client Components HP RGS has the following limitations: n Connections to virtual machines are not supported. n Vista desktops are not supported. n Tunnel connections are not supported. Only direct connections are supported. n Smart cards are not supported. n Multiple monitors are not supported. n View Portal does not support RGS connections. n Linux thin clients do not support RGS connections.
VMware View Installation Guide View supports smart cards and smart card readers that use a PKCS#11 or Microsoft CryptoAPI provider. You can optionally install the ActivIdentity ActivClient software suite, which provides tools for interacting with smart cards. Users that authenticate with smart cards must have a smart card or USB smart card token, and each smart card must contain a user certificate. To install certificates on a smart card, you must set up a computer to act as an enrollment station.
Preparing Active Directory 3 View uses your existing Microsoft Active Directory infrastructure for user authentication and management. You must perform certain tasks to prepare Active Directory for use with View.
VMware View Installation Guide Trust Relationships and Domain Filtering To determine which domains it can access, a View Connection Server instance traverses trust relationships beginning with its own domain. For a small, well-connected set of domains, View Connection Server can quickly determine the full list of domains, but the time that it takes increases as the number of domains increases or as the connectivity between the domains decreases.
Chapter 3 Preparing Active Directory You must give the user account privileges to perform certain operations in vCenter Server. If you use View Composer, you must give the user account additional privileges. See “Configuring User Accounts for vCenter Server and View Composer,” on page 51 for information on configuring these privileges. Create a User Account for View Composer If you use View Composer, you must create a user account in Active Directory to use with View Composer.
VMware View Installation Guide Procedure 1 On your Active Directory server, select Start > Administrative Tools > Active Directory Users and Computers. 2 Right-click your domain and select Properties. 3 On the Group Policy tab, click Open to open the Group Policy Management plug-in. 4 Right-click Default Domain Policy and click Edit. 5 Expand the Computer Configuration section and open Windows Settings\Security Settings.
Chapter 3 Preparing Active Directory Add UPNs for Smart Card Users Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN. If the domain a smart card user resides in is different from the domain that your root certificate was issued from, you must set the user’s UPN to the SAN contained in the root certificate of the trusted CA.
VMware View Installation Guide Add the Root Certificate to the Enterprise NTAuth Store If you use a CA to issue smart card login or domain controller certificates, you must add the root certificate to the Enterprise NTAuth store in Active Directory. You do not need to perform this procedure if the Windows domain controller acts as the root CA. Procedure u On your Active Directory server, use the certutil command to publish the certificate to the Enterprise NTAuth store.
Installing View Composer 4 To use View Composer, you create a View Composer database, install the View Composer service on the vCenter Server computer, and optimize your View infrastructure to support View Composer. View Composer is an optional feature. Install View Composer if you intend to deploy linked-clone desktop pools. You must have a license to install and use the View Composer feature.
VMware View Installation Guide n Create an Oracle 11g or 10g Database for View Composer on page 32 View Composer can store linked-clone desktop information in an Oracle 11g or 10g database. You create a View Composer database by adding it to an existing Oracle 11g or 10g instance and configuring an ODBC data source for it. n Create an Oracle 9i Database for View Composer on page 33 View Composer can store linked-clone desktop information in an Oracle 9i database.
Chapter 4 Installing View Composer Add an ODBC Data Source to SQL Server After you add a View Composer database to SQL Server, you must configure an ODBC connection to the new database to make this data source visible to the View Composer service. These instructions assume that you are configuring the ODBC data source on Windows Server 2003 SP1. Some steps are different if you configure the ODBC data source on Windows XP Professional SP2.
VMware View Installation Guide Create an Oracle 11g or 10g Database for View Composer View Composer can store linked-clone desktop information in an Oracle 11g or 10g database. You create a View Composer database by adding it to an existing Oracle 11g or 10g instance and configuring an ODBC data source for it. Add a View Composer Database to Oracle 11g or 10g You can add a new View Composer database to an existing Oracle 11g or 10g instance to store linked-clone data for View Composer.
Chapter 4 Installing View Composer Prerequisites Complete the steps described in “Add a View Composer Database to Oracle 11g or 10g,” on page 32. Procedure 1 On the vCenter Server computer, select Start > Administrative Tools > Data Source (ODBC). 2 From the Microsoft ODBC Data Source Administrator wizard, select the System DSN tab. 3 Click Add and select the appropriate Oracle driver from the list. For example: OraDb11g_home 4 Click Finish.
VMware View Installation Guide 8 On the Summary page, review the options and click OK. The configuration tool creates the database. 9 Set passwords for the SYS and SYSTEM administrator accounts. You use the SYSTEM account to set up the data-source connection. What to do next Follow the instructions in “Add an ODBC Data Source to Oracle 9i,” on page 34.
Chapter 4 Installing View Composer n In vCenter Server, create a resource pool on the ESX host or cluster on which you want to store linkedclone desktops. n If Windows firewall is running on the vCenter Server computer, make sure that the port the View Composer service uses to communicate with View Connection Server is accessible. You can add this port to the exception list or deactivate the local firewall service. You specify this port when you install the View Composer service.
VMware View Installation Guide Configuring Your Infrastructure for View Composer You can take advantage of features in vSphere, vCenter Server, Active Directory, and other components of your infrastructure to optimize the performance, availability, and reliability of View Composer. Configuring the vSphere Environment for View Composer To support View Composer, you should follow certain best practices when you install and configure vCenter Server, ESX, and other vSphere components.
Installing View Connection Server 5 To use View Connection Server, you install the software on supported computers, configure the required components, and, optionally, optimize the components.
VMware View Installation Guide You must join the View Connection Server host to an Active Directory domain. View Connection Server supports the following versions of Active Directory: n Windows 2000 Active Directory n Windows 2003 Active Directory n Windows 2008 Active Directory The View Connection Server host must not be a domain controller. NOTE View Connection Server does not make, nor does it require, any schema or configuration updates to Active Directory.
Chapter 5 Installing View Connection Server 5 Select the View Standard Server installation option. 6 Accept the Microsoft Software Supplemental License Agreement for Microsoft Active Directory Application Mode (ADAM). 7 If you install View Connection Server on Windows Server 2008, choose how to configure the Windows Firewall service. Option Action Configure Windows Firewall automatically Let the installer configure Windows Firewall to allow the required incoming TCP protocol connections.
VMware View Installation Guide n Verify that the Windows computer on which you install View Connection Server has version 2.0 or later of the MSI runtime engine. For details, see the Microsoft Web site. n Familiarize yourself with the MSI installer command-line options. See “Microsoft Windows Installer Command-Line Options,” on page 48. n Familiarize yourself with the silent installation properties available with a standard installation of View Connection Server.
Chapter 5 Installing View Connection Server Firewall Rules for View Connection Server Certain incoming TCP ports must be opened on the firewall for View Connection Server instances and security servers. When you install View Connection Server on Windows Server 2008, the installation program can optionally configure the required Windows firewall rules for you. When you install View Connection Server on Windows Server 2003, you must configure the required Windows firewall rules manually. Table 5-2.
VMware View Installation Guide n Prepare your environment for the installation. See “Installation Prerequisites for View Connection Server,” on page 37. n Familiarize yourself with the incoming TCP ports that must be opened on the Windows Firewall for View Connection Server instances. See “Firewall Rules for View Connection Server,” on page 41. Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer.
Chapter 5 Installing View Connection Server Install a Replicated Instance of View Connection Server Silently You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install a replicated instance of View Connection Server on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. With silent installation, you can efficiently deploy View components in a large enterprise.
VMware View Installation Guide Silent Installation Properties for a Replicated Instance of View Connection Server You can include specific properties when you silently install a replicated View Connection Server instance from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 5-3.
Chapter 5 Installing View Connection Server 4 Type the password in the Pairing password and Confirm password text boxes and specify a password timeout value. You must use the password within the specified timeout period. 5 Click OK to configure the password. What to do next Install a security server. See “Install a Security Server,” on page 45.
VMware View Installation Guide 5 Select the View Security Server installation option. 6 Type the fully qualified domain name or IP address of the View Connection Server instance to pair with the security server in the Server text box. The security server forwards network traffic to this View Connection Server instance. 7 Type the security server pairing password in the Password text box.
Chapter 5 Installing View Connection Server n Prepare your environment for the installation. See “Installation Prerequisites for View Connection Server,” on page 37. n Verify that the View Connection Server instance to be paired with the security server is installed and configured and is running View Connection Server 4.5. You cannot pair a security server with an older version of View Connection Server. n Configure a security server pairing password.
VMware View Installation Guide Silent Installation Properties for a Security Server You can include specific properties when you silently install a security server from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 5-4. MSI Properties for Silently Installing a Security Server MSI Property Description Default Value INSTALLDIR The path and folder in which the View Connection Server software is installed.
Chapter 5 Installing View Connection Server Table 5-5. Command-Line Options for a View Component's Bootstrap Program Option Description /s Disables the bootstrap splash screen and extraction dialog, which prevents the display of interactive dialogs. For example: VMware-viewconnectionserver-4.5.x-xxxxxx.exe /s The /s option is required to run a silent installation.
VMware View Installation Guide Table 5-6. MSI Command-Line Options and MSI Properties (Continued) MSI Option or Property Description ADDLOCAL Determines the component-specific features to install. In an interactive installation, the View installer displays custom setup options to select. The MSI property, ADDLOCAL, lets you specify these setup options on the command line. To install all available custom setup options, enter ADDLOCAL=ALL. For example: VMware-viewagent-4.5.x-xxxxxx.
Chapter 5 Installing View Connection Server Configuring User Accounts for vCenter Server and View Composer To use vCenter Server with View Manager, you must configure a user account with permission to perform operations in vCenter Server. To use View Composer, you must give this vCenter Server user additional privileges. To manage desktops that are used in local mode, you must give this user privileges in addition to those that are required for View Manager and View Composer.
VMware View Installation Guide Procedure 1 In vCenter Server, prepare a role with the required privileges for the user. n You can use the predefined Administrator role in vCenter Server. This role can perform all operations in vCenter Server. n If you use View Composer, you can create a limited role with the minimum privileges needed by View Manager and View Composer to perform vCenter Server operations.
Chapter 5 Installing View Connection Server View Manager Privileges Required for the vCenter Server User The vCenter Server user must have sufficient privileges to enable View Manager to operate in vCenter Server. Create a View Manager role for the vCenter Server user with the required privileges. Table 5-7.
VMware View Installation Guide Local Mode Privileges Required for the vCenter Server User To manage desktops that are used in local mode, the vCenter Server user must have privileges in addition to those required to support View Manager and View Composer. Create a Local Mode Administrator role for the vCenter Server user that combines the View Manager privileges, View Composer privileges, and local mode privileges. Table 5-9.
Chapter 5 Installing View Connection Server Procedure 1 Open your Web browser and enter the following URL, where server is the host name or IP address of the View Connection Server instance. https://server/admin You access View Administrator by using a secure (SSL) connection. When you first connect, your Web browser might display a page warning that the security certificate associated with the address is not issued by a trusted certificate authority.
VMware View Installation Guide Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the vCenter Servers panel, click Add. 3 In the server address text box, type the fully qualified domain name (FQDN) or IP address of the vCenter Server instance. The FQDN includes the host name and domain name. For example, in the FQDN myserverhost.companydomain.com, myserverhost is the host name and companydomain.com is the domain.
Chapter 5 Installing View Connection Server Prerequisites n Your Active Directory administrator must create a domain user with permission to add and remove virtual machines from the Active Directory domain that contains your linked clones. To manage the linked-clone machine accounts in Active Directory, the domain user must have Create Computer Objects, Delete Computer Objects, and Write All Properties permissions. See “Create a User Account for View Composer,” on page 25.
VMware View Installation Guide When the tunnel connection is disabled, View desktop sessions are established directly between the client system and the View desktop virtual machine, bypassing the View Connection Server or security server host. This type of connection is called a direct connection. Clients that use the PCoIP and HP RGS display protocols do not use the tunnel connection. Configure the Tunnel Connection You use View Administrator to configure the tunnel connection.
Chapter 5 Installing View Connection Server Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the View Connection Servers panel, select a View Connection Server instance and click Edit. 3 Type the external URL in the External URL text box. The URL must contain the protocol, externally resolvable host name, and port number. For example: https://view.example.com:443 4 Click OK.
VMware View Installation Guide Ephemeral Ports View Manager uses ephemeral ports to establish TCP connections between View Connection Server and the View desktops that it administers. To support a large View desktop deployment, you can increase the number of available ephemeral ports. An ephemeral port is a short-lived endpoint that is created by the operating system when a program requests any available user port.
Chapter 5 Installing View Connection Server Prerequisites Calculate the number of ephemeral ports to configure on the Windows Server computer. See “Calculate the Number of Ephemeral Ports,” on page 60. Modify the Windows registry value only if the resulting number of ports is greater than 4,000 on Windows Server 2003 or greater than 16,000 on Windows Server 2008. Procedure 1 2 On the Windows Server computer, start the Windows Registry Editor. a Select Start > Command Prompt.
VMware View Installation Guide Where clients Projected number of concurrent client connections servers Number of View Connection Server instances in the replicated group desktops Number of View desktop sources in your deployment Example: Calculating the Size of the TCB Hash Table on Each View Connection Server For example, you might have 3,000 concurrent client connections, three View Connection Server instances, and 6,000 View desktop sources in your deployment.
Chapter 5 Installing View Connection Server What to do next Use the “Worksheets for Calculating Ephemeral Ports and TCB Hash Table Size,” on page 63 to fill in values for your deployment. Increase the Size of the TCB Hash Table on a Windows Server Computer Edit the Windows registry to increase the size of the TCB hash table on a Windows Server computer on which View Connection Server runs. Active Directory group policies can override registry entries.
VMware View Installation Guide Table 5-16. TCB Hash Table Size for Security Servers Hash Table Size for Security Servers Fill in Your Site's Value ( (5 x clients) / security servers ) + 10 = Number of hash table rows on each security server Sizing the Java Virtual Machine The View Connection Server installer sizes the Java Virtual Machine (JVM) heap memory on View Connection Server computers to support a large number of concurrent View desktop sessions.
Chapter 5 Installing View Connection Server Procedure 1 2 On the Windows Server computer, start the Windows Registry Editor. a Select Start > Command Prompt. b At the command prompt, type regedit. In the registry, locate the subkey and click JvmOptions. HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Plugins\wsnm\tunnelService\Params 3 Click Edit > Modify. A Windows dialog box displays an entry like the following one. -Xms128m -Xmx512m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.
VMware View Installation Guide 66 VMware, Inc.
Installing View Transfer Server 6 View Transfer Server transfers data between local desktops and the datacenter during check in, check out, and replication. To install View Transfer Server, you install the software on a Windows Server virtual machine, add View Transfer Server to your View Manager deployment, and configure the Transfer Server repository. You must install and configure View Transfer Server if you deploy View Client with Local Mode on client computers.
VMware View Installation Guide Prerequisites n Verify that you have local administrator privileges on the Windows Server on which you will install View Transfer Server. n Verify that your installation satisfies the View Transfer Server requirements described in “View Transfer Server Requirements,” on page 11. n Verify that you have a license to install View Transfer Server and use local desktops.
Chapter 6 Installing View Transfer Server Add View Transfer Server to View Manager View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. You can add multiple View Transfer Server instances to View Manager. The View Transfer Server instances access one common Transfer Server repository.
VMware View Installation Guide Configure the Transfer Server Repository The Transfer Server repository stores View Composer base images for linked-clone desktops that run in local mode. To give View Transfer Server access to the Transfer Server repository, you must configure it in View Manager. If you do not use View Composer linked clones in local mode, you do not have to configure a Transfer Server repository.
Chapter 6 Installing View Transfer Server 5 In the General panel on the Transfer Server repository page, click Edit. 6 Type the Transfer Server repository location and other information. Option Description Network Share n n n n Type the path that you configured on the local View Transfer Server virtual machine. Local File System 7 Path. Type the UNC path that you configured. Username. Type the user ID of an administrator with credentials to access the network share. Password.
VMware View Installation Guide Procedure 1 Log in to the Windows Server computer and click Start > Run. 2 Type gpedit.msc and click OK. 3 In the Group Policy Object Editor, click Local Computer Policy > Computer Configuration. 4 Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. 5 In the Always Install with Elevated Privileges Properties window, click Enabled and click OK. 6 In the left pane, click User Configuration.
Chapter 6 Installing View Transfer Server Procedure 1 Download the VMware View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-4.5.x-xxxxxx.exe or VMwareviewconnectionserver-x86_64-4.5.x-xxxxxx.exe, where xxxxxx is the build number. 2 Open a command prompt on the Windows Server computer. 3 Type the installation command on one line.
VMware View Installation Guide Table 6-2. MSI Properties for Silently Installing View Transfer Server (Continued) MSI Property Description Default Value SERVERNAME The host name of the virtual machine on which you install View Transfer Server. This value corresponds to the Apache Web Server host name that is configured during an interactive installation. For example: SERVERNAME=ts1.companydomain.
Configuring Certificate Authentication 7 You can configure certificate authentication for View Connection Server instances, security servers, and View Transfer Server instances.
VMware View Installation Guide When you replace the default certificate with your own certificate, clients use the public key contained in your certificate to encrypt the data that they send to the server. If your certificate is signed by a CA, the certificate for the CA itself is typically embedded in the browser or is located in a trusted database that the client can access. After a client accepts the certificate, it responds by sending a secret key, which is encrypted with the server's public key.
Chapter 7 Configuring Certificate Authentication 6 Select Export the current certificate to a .pfx file and click Next. 7 Specify a filename for the certificate file and click Next. 8 Type and confirm a password to be used to encrypt the information you want to export and click Next. The system displays summary information about the certificate you are about export. 9 Verify the summary information and click Next > Finish.
VMware View Installation Guide Procedure 1 Open a command prompt and use keytool to generate a keystore file. For example: keytool -genkey -keyalg "RSA" -keystore keys.p12 -storetype pkcs12 -validity 360 2 When keytool prompts you for your first and last name, type the fully qualified domain name (FQDN) that client computers use to connect to the host. Option Action View Connection Server instance Type the FQDN of the View Connection Server host if you have one View Connection Server instance.
Chapter 7 Configuring Certificate Authentication After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. What to do next If you downloaded a certificate in PKCS#7 format, import it into your keystore file. See “Import a Signed Certificate into a Keystore File,” on page 79. If you downloaded a certificate in PKCS#12 format, convert it to PKCS#7 format.
VMware View Installation Guide Procedure 1 Copy the text file that contains your certificate to the directory that contains your keystore file and save it as certificate.p7. For example: -----BEGIN PKCS7----MIIF+AYJKoZIhvcNAQcCoIIF6TCCBeUCAQExADALBgk LDCCApWgAwIBAgIQTpY7DsV1n1HeMGgMjMR2PzANBgk i7coVx71/lCBOlFmx66NyKlZK5mObgvd2dlnsAP+nnS EhCsdpikSpbtdo18jUubV6z1kQ71CrRQtbi/WtdqxQE -----END PKCS7----- 2 Open a command prompt and use keytool to import the certificate into your keystore file.
Chapter 7 Configuring Certificate Authentication Procedure 1 Copy the keystore file that contains your certificate to the SSL gateway configuration directory on the View Connection Server or security server host. For example: install_directory\VMware\VMware View\Server\sslgateway\conf\keys.p12 2 Add the keyfile and keypass properties to the locked.properties file in the SSL gateway configuration directory on the View Connection Server or security server host. If the locked.
VMware View Installation Guide 8 Restart the View Transfer Server service to make your changes take effect. 9 Verify that the certificate is configured correctly by using your Web browser to navigate to https://transfer_server_host_address. Configure SSL for Client Connections To configure whether client connections use SSL when communicating with View Connection Server, you configure a global setting in View Administrator.
Chapter 7 Configuring Certificate Authentication 4 To configure SSL for transfers of View Composer base-image files from the Transfer Server repository to client computers that host local desktops, select or deselect Use SSL when provisioning desktops in Local Mode. 5 Click OK to save your changes. Your changes take effect immediately. You do not need to restart the View Transfer Server service.
VMware View Installation Guide 84 VMware, Inc.
Creating an Event Database 8 You create an event database to record information about View Manager events. If you do not configure an event database, you must look in the log file to get information about events, and the log file contains very limited information.
VMware View Installation Guide Procedure 1 Add a new database to the server and give it a descriptive name such as ViewEvents. 2 Add a user for this database that has permission to create tables, views, and, in the case of Oracle, triggers and sequences, as well as permission to read from and write to these objects. For a Microsoft SQL Server database, do not use the Integrated Windows Authentication security model method of authentication.
Chapter 8 Creating an Event Database Prerequisites You need the following information to configure an event database: n The DNS name or IP address of the database server. n The type of database server: Microsoft SQL Server or Oracle. n The port number that is used to access the database server. The default is 1521 for Oracle and 1433 for SQL Server. For SQL Server, if the database server is a named instance or if you use SQL Server Express, you might need to determine the port number.
VMware View Installation Guide 88 VMware, Inc.
Installing and Starting View Client 9 You can obtain the View Client installer either from the VMware Web site or from View Portal, a Web access page provided by View Connection Server. You can set various startup options for end users after View Client is installed.
VMware View Installation Guide n If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. n Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents.
Chapter 9 Installing and Starting View Client Prerequisites n Verify that View Client or View Client with Local Mode is installed on the client device. n If you plan to use View Client with Local Mode, verify that your license includes View Client with Local Mode and verify that the View desktop meets the requirements for local mode. See the overview topic for setting up a local desktop deployment in the VMware View Administrator's Guide.
VMware View Installation Guide If authentication to View Connection Server fails or if View Client cannot connect to a desktop, perform the following tasks: n Verify that the View Client setting for using secure (SSL) connections matches the global setting in View Administrator. For example, if the check box for secure connections is deselected on the client, the check box must also be deselected in View Administrator.
Chapter 9 Installing and Starting View Client n If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. n Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents.
VMware View Installation Guide 3 Double-click the .dmg file to open it and click Agree. The contents of the disk image appear in a VMware View Client Finder window. 4 Open a new Finder window and navigate to the Applications folder. 5 Drag the VMware View Client icon to the Applications folder. If you are not logged in as an administrator user, you are prompted for an administrator user name and password. You can now unmount the disk image.
Chapter 9 Installing and Starting View Client 3 (Optional) Choose options for how you connect to the selected server. Option Description Port Specify the port number, or leave blank to use the default port for View Connection Server. Use Secure Connection (SSL) Select to use a secure (SSL) connection to protect sensitive corporate information and ensure that all connections are completely encrypted.
VMware View Installation Guide n Verify that the user is entitled to access this desktop. See the VMware View Administrator's Guide. n Verify that the client computer allows remote desktop connections. What to do next For instructions on using View Client, see the VMware View Client Help.
Chapter 9 Installing and Starting View Client Using USB Printers In a View environment, virtual printers and redirected USB printers can work together without conflict. A USB printer is a printer that is attached to a USB port on the local client system. To send print jobs to a USB printer, you can either use the USB redirection feature or use the virtual printing feature.
VMware View Installation Guide Install View Client Silently You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install View Client or View Client with Local Mode on several Windows computers. In a silent installation, you use the command line and do not have to respond to wizard prompts. Prerequisites 98 n Verify that you can log in as an administrator on the client system. n Verify that the client system uses a supported operating system.
Chapter 9 Installing and Starting View Client Procedure 1 On the client system, download the View Client installer file from the VMware product page at http://www.vmware.com/products/. Select the appropriate installer file, where xxxxxx is the build number. Option Action View Client on 64-bit operating systems Select VMware-viewclient-x86_64-4.5.x-xxxxxx.exe for View Client. View Client on 32-bit operating systems Select VMware-viewclient-4.5.x-xxxxxx.exe for View Client.
VMware View Installation Guide Table 9-1. MSI Properties for Silently Installing View Client (Continued) MSI Property Description Default Value DESKTOP_SHORTCUT Configures a desktop shortcut icon for View Client. 1 A value of 1 installs the shortcut. A value of 0 does not install the shortcut. This MSI property is optional. QUICKLAUNCH_SHORTCUT Configures a shortcut icon on the quick-launch tray for View Client. A value of 1 installs the shortcut. A value of 0 does not install the shortcut.
Index A E Active Directory configuring domains and trust relationships 23 preparing for smart card authentication 26 preparing for use with View 23 Active Directory groups creating for kiosk mode client accounts 24 creating for View users and administrators 24 ADM template files 26 Adobe Flash requirements 21 antivirus software, View Composer 36 Enterprise NTAuth store, adding root certificates 28 ephemeral ports calculating 60 how View Manager uses 60 increasing on a Windows Server computer 60 ESX host
VMware View Installation Guide keyfile property 80 keypass property 80 keytool utility adding to the system path 76 creating a CSR 78 generating a keystore file 77 kiosk mode, Active Directory preparation 24 L license key, View Connection Server 55 local desktop configuration adding a View Transfer Server instance 67, 69 creating a vCenter Server user 51 hardware requirements 16 privileges for vCenter Server user 54 locked.
Index increasing ephemeral ports 60 increasing the JVM heap size 64 increasing the TCB hash table size 63 smart card authentication Active Directory preparation 26 requirements 21 UPNs for smart card users 27 software requirements, server components 7 SQL Server database adding an ODBC data source 31 adding for View Composer 30 preparing for event database 86 SQL Server Management Studio Express, installing 30 SSL configuring for client connections 82 configuring for View Transfer Server communications 82
VMware View Installation Guide installer file 34 operating system requirements 10 overview 29 requirements overview 9 virtualization software requirements 11 View Connection Server configuration client connections 57 event database 85, 86 external URL 58 first time 54 overview 37 replacing the default certificate 75 server certificate 80 sizing Windows Server settings 59 system page file size 65 trust relationships 23 View Connection Server installation hardware requirements 7 installation types 37 network
