4.6
Table Of Contents
- VMware View Installation
- Contents
- VMware View Installation
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring Certificate Authentication
- Replacing the Default Certificate
- Add keytool and openssl to the System Path
- Use an Existing PKCS#12 Certificate and Private Key
- Convert a PKCS#12 Keystore to JKS Format
- Creating a New SSL Certificate
- Configure a View Connection Server Instance or Security Server to Use a New Certificate
- Configure a View Transfer Server Instance to Use a New Certificate
- Configure SSL for Client Connections
- Configure SSL for View Transfer Server Communications
- Using Group Policy to Configure Certificate Checking in View Client
- Creating an Event Database
- Installing and Starting View Client
- Install the Windows-Based View Client or View Client with Local Mode
- Start the Windows-Based View Client or View Client with Local Mode
- Install View Client by Using View Portal
- Install View Client on Mac OS X
- Start View Client on Mac OS X
- Set Printing Preferences for the Virtual Printer Feature on Windows Clients
- Using USB Printers
- Installing View Client Silently
- Index
Configuring View Client Connections
View clients communicate with a View Connection Server or security server host over secure connections.
The initial View Client connection, which is used for user authentication and View desktop selection, is created
over HTTPS when a user provides a domain name or IP address to View Client. If firewall and load balancing
software are configured correctly in your network environment, this request reaches the View Connection
Server or security server host. With this connection, users are authenticated and a desktop is selected, but users
have not yet connected to View desktops.
When users connect to View desktops, by default View Client makes a second connection to the View
Connection Server or security server host. This connection is called the tunnel connection because it provides
a secure tunnel for carrying RDP and other data over HTTPS.
When users connect to View desktops with the PCoIP display protocol, View Client can make a further
connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP
Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.
When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly
between the client system and the View desktop virtual machine, bypassing the View Connection Server or
security server host. This type of connection is called a direct connection.
Typically, to provide secure connections for external clients that connect to a security server or View
Connection Server host over a WAN, you enable both the secure tunnel and the PCoIP Secure Gateway. You
can disable the secure tunnel and the PCoIP Secure Gateway to allow internal, LAN-connected clients to
establish direct connections to View desktops.
Certain View Client endpoints, such as thin clients, do not support the tunnel connection and use direct
connections for RDP data, but do support the PCoIP Secure Gateway for PCoIP data.
Clients that use the HP RGS display protocol do not use the tunnel connection or PCoIP Secure Gateway.
SSL for client connections is enabled by default. You can disable SSL so that initial and tunnel connections take
place over HTTP, not HTTPS. Disabling SSL might be acceptable for internal, LAN-connected clients where
communications are protected by a firewall. See “Configure SSL for Client Connections,” on page 87.
Configure the PCoIP Secure Gateway and Secure Tunnel Connections
You use View Administrator to configure the use of the secure tunnel and PCoIP Secure Gateway. These
components ensure that only authenticated users can communicate with View desktops.
Clients that use the PCoIP display protocol can use the PCoIP Secure Gateway. Clients that use the RDP display
protocol can use the secure tunnel.
Clients that use the HP RGS display protocol cannot use either secure connection. These clients must use direct
connections.
IMPORTANT A typical network configuration that provides secure connections for external clients includes a
security server. To use View Administrator to enable or disable the secure tunnel and PCoIP Secure Gateway
on a security server, you must edit the View Connection Server instance that is paired with the security server.
In a network configuration in which external clients connect directly to a View Connection Server host, you
enable or disable the secure tunnel and PCoIP Secure Gateway by editing that View Connection Server instance
in View Administrator.
Procedure
1 In View Administrator, select View Configuration > Servers.
2 In the View Connection Servers panel, select a View Connection Server instance and click Edit.
VMware View Installation
60 VMware, Inc.