3.1
Table Of Contents
- View Manager Administration Guide
- Contents
- About This Book
- Introduction
- Installation
- View Administrator
- Virtual Desktop Deployment
- Client Management
- View Client and View Portal
- Client Connections from the Internet
- Creating SSL Server Certificates
- Using Existing SSL Certificates
- Smart Card Authentication
- RSA SecurID Authentication
- View Client Command Line Options
- Virtual Printing
- Adobe Flash Bandwidth Reduction
- Client Device Information
- Enabling HP RGS Display Protocol
- View Composer
- Overview of View Composer
- Preparing VirtualCenter for View Composer
- Preparing a Parent VM
- Deploying Linked Clone Desktops from View Manager
- Refreshing, Recomposing, and Rebalancing Linked Clone Desktops
- Using an Existing View Composer Database
- Using the SviConfig Tool for View Composer
- Offline Desktop
- Component Policies
- Unified Access
- Troubleshooting
- locked.properties
- Glossary
- Index
View Manager Administration Guide
102 VMware, Inc.
Configuring a Standard or Replica Server
Asecurityserverthathasbeenconfiguredtousesmartcardauthenticationwill
automaticallyrequiretheusertoauthenticateusingtheircardandPINduringlogin.
Standardandreplicaserverscanbeconfiguredtoaccommodateseveraldifferentsmart
cardauthenticationscenarios.
To set the smart card authentication setting on a standard or replica server
1FromwithintheViewAdministrator,clicktheConfigurationbutton.
2Under
ViewServersselectaViewConnectionServerentryandclickEdit.
3FromtheSmartcardauthenticationdrop‐downmenu,selectoneofthefollowing:
Notallowed—Smartcardauthenticationisdisabled.
Optional—Usersmayusesmartcardsauthenticationtoconnect,butpassword
authenticationisalsoper mitte d.Failuretoauthenticateusingasmart card
authenticationwillrequirethatpasswordauthenticationisusedinstead.
Required—Usersmayonlyconnectusingsmartcardauthentication.
4ClickOK.
Configuring User Profiles
Auserprincipalname(UPN)isanaccountnameandadomainnameidentifyingthe
domaininwhichtheuseraccountislocated.Forausertoconnectusingsmartcard
authentication,theiruseraccountintheActiveDirectorymusthaveavalidUPN
associatedwiththeiruserPrincipalNameproperty.
TheUPN
foreachuserwhorequiressmartcardauthenticationmustbesettothe
subjectalternativename(SAN)containedwithintherootcertificateofthetrustedCA.
Youcanlocatethisinformationbyviewingthecertificateproperties,asdescribedin
“ExportingaRootCertificatefromaUserCertificate”onpage 98.
N
OTESmartcardauthenticationonlyreplacesWindowspasswordauthentication.
If SecurIDisenabled,userswillstillberequiredtoauthenticateusingthismechanism
aswell.
NOTEYouonlyneedtoprovidethisinformationifthecertificatewasissuedfroma
domainotherthantheonewhichtheuserpresentlyresides.Acharacteristicof
exportingacertificatefromaserverintheuser’scurrentdomainisthattheuser’sUPN
androotcertificateSANwillcorrelate.