VMware View Installation View 5.0 View Manager 5.0 View Composer 2.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware View Installation You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2010–2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.
Contents VMware View Installation 5 1 System Requirements for Server Components 7 View Connection Server Requirements 7 View Administrator Requirements 9 View Composer Requirements 9 View Transfer Server Requirements 11 2 System Requirements for Client Components 13 Supported Operating Systems for View Agent 13 Supported Operating Systems for Windows-Based View Client and View Client with Local Mode 14 Hardware Requirements for Local Mode Desktops 14 Client Browser Requirements for View Portal 16 Remot
VMware View Installation 6 Installing View Transfer Server 67 Install View Transfer Server 67 Add View Transfer Server to View Manager 69 Configure the Transfer Server Repository 70 Firewall Rules for View Transfer Server 71 Installing View Transfer Server Silently 71 7 Configuring SSL Certificates for View Servers 75 Configuring SSL Certificates for View Connection Server and Security Server 76 Configuring SSL Certificates for View Transfer Server 83 Configuring Certificate Checking in View Client for
VMware View Installation VMware View Installation explains how to install the VMware View™ server and client components. Intended Audience This information is intended for anyone who wants to install VMware View. The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations. VMware, Inc.
VMware View Installation 6 VMware, Inc.
System Requirements for Server Components 1 Hosts that run VMware View server components must meet specific hardware and software requirements.
VMware View Installation Table 1-1. View Connection Server Hardware Requirements (Continued) Hardware Component Required Recommended Memory 4GB RAM or higher At least 10GB RAM for deployments of 50 or more View desktops 2GB RAM or higher 6GB RAM for deployments of 50 or more View desktops, and enable Physical Address Extension (PAE) See the Microsoft KB article at http://support.microsoft.com/kb/283037.
Chapter 1 System Requirements for Server Components n Both ESX and ESXi hosts are supported. Network Requirements for Replicated View Connection Server Instances If you install replicated View Connection Server instances, configure the instances in the same location and connect them over a high-performance LAN. Do not use a WAN to connect replicated View Connection Server instances.
VMware View Installation Supported Operating Systems for View Composer View Composer supports 64-bit operating systems with specific requirements and limitations. You must install View Composer on the same physical computer or virtual machine as vCenter Server. Table 1-3 lists the operating systems supported for View Composer. Table 1-3. 64-Bit Operating System Support for View Composer vCenter Server Version Operating System Edition Service Pack 4.
Chapter 1 System Requirements for Server Components Table 1-4. Supported Database Servers for View Composer (Continued) Database vCenter Server 5.0 and later vCenter Server 4.1 U1 and later vCenter Server 4.0 U3 and later Microsoft SQL Server 2008 SP1 and later, Standard and Enterprise (32- and 64-bit) Yes Yes Yes Oracle 10g Release 2 Yes Yes Yes Oracle 11g Release 2, with Oracle 11.2.0.1 Patch 5 Yes Yes Yes NOTE If you use an Oracle 11g R2 database, you must install Oracle 11.2.0.
VMware View Installation The View Transfer Server software cannot coexist on the same virtual machine with any other View Manager software component, including View Connection Server. You can install multiple View Transfer Server instances for high availability and scalability. Supported Operating Systems for View Transfer Server You must install View Transfer Server on a supported operating system with at least the minimum required amount of RAM. Table 1-5.
2 System Requirements for Client Components Systems running View client components must meet certain hardware and software requirements. View Client on Windows systems uses Microsoft Internet Explorer Internet settings, including proxy settings, when connecting to View Connection Server. Ensure that your Internet Explorer settings are accurate and that you can access the View Connection Server URL through Internet Explorer. You can use Internet Explorer 7, 8, or 9.
VMware View Installation To use the View Persona Management feature, you must install View Agent on Windows 7, Windows Vista, or Windows XP virtual machines. View Persona Management does not operate on physical computers or Microsoft Terminal Servers. IMPORTANT If you use Windows 7 in a virtual machine, the host must be ESX/ESXi 4.0 Update 3 or later, ESX/ESXi 4.1 Update 1 or later, or ESXi 5.0 or later.
Chapter 2 System Requirements for Client Components Table 2-3. Processor Requirements Client Computer Requirement Description PC Standard x86 or x86 64-compatible Number of CPUs Multiprocessor systems are supported CPU speed For a Windows XP local desktop, 1.3GHz or faster; 1.6 1GHz recommended For a Windows 7 desktop, 1.3GHz or faster; for Aero effects, 2.
VMware View Installation Display A 32-bit display adapter is recommended. 3D benchmarks, such as 3DMark '06, might not render correctly or at all when running Windows Vista or Windows 7 virtual machines on some graphics hardware. To play video at 720p or higher requires a multiprocessor system. For CPU and GPU requirements to support Windows 7 Aero, see Table 2-3.
Chapter 2 System Requirements for Client Components VMware View with PCoIP PCoIP provides an optimized desktop experience for the delivery of the entire desktop environment, including applications, images, audio, and video content for a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
VMware View Installation 1080p-formatted video If the View desktop has a dual virtual CPU, you can play 1080p formatted video, although the media player might need to be adjusted to a smaller window size. 3D If you plan to use 3D applications such as Windows Aero themes or Google Earth, the Windows 7 View desktop must have virtual hardware version 8, available with vSphere 5 and later. You must also turn on the pool setting called Windows 7 3D Rendering.
Chapter 2 System Requirements for Client Components n The View Agent installer configures the local firewall rule for inbound RDP connections to match the current RDP port of the host operating system, which is typically 3389. If you change the RDP port number, you must change the associated firewall rules. You can download RDC versions from the Microsoft Web site.
VMware View Installation Smart Card Authentication Requirements Client systems that use a smart card for user authentication must meet certain requirements. Each client system that uses a smart card for user authentication must have the following software and hardware: n View Client n A Windows-compatible smart card reader n Smart card middleware n Product-specific application drivers You must also install product-specific application drivers on the View desktops.
Preparing Active Directory 3 View uses your existing Microsoft Active Directory infrastructure for user authentication and management. You must perform certain tasks to prepare Active Directory for use with View.
VMware View Installation Trust Relationships and Domain Filtering To determine which domains it can access, a View Connection Server instance traverses trust relationships beginning with its own domain. For a small, well-connected set of domains, View Connection Server can quickly determine the full list of domains, but the time that it takes increases as the number of domains increases or as the connectivity between the domains decreases.
Chapter 3 Preparing Active Directory You must give the user account privileges to perform certain operations in vCenter Server. If you use View Composer, you must give the user account additional privileges. See “Configuring User Accounts for vCenter Server and View Composer,” on page 49 for information on configuring these privileges. Create a User Account for View Composer If you use View Composer, you must create a user account in Active Directory to use with View Composer.
VMware View Installation Procedure 1 On your Active Directory server, select Start > Administrative Tools > Active Directory Users and Computers. 2 Right-click your domain and select Properties. 3 On the Group Policy tab, click Open to open the Group Policy Management plug-in. 4 Right-click Default Domain Policy and click Edit. 5 Expand the Computer Configuration section and open Windows Settings\Security Settings.
Chapter 3 Preparing Active Directory Add UPNs for Smart Card Users Because smart card logins rely on user principal names (UPNs), the Active Directory accounts of users that use smart cards to authenticate in View must have a valid UPN. If the domain a smart card user resides in is different from the domain that your root certificate was issued from, you must set the user’s UPN to the Subject Alternative Name (SAN) contained in the root certificate of the trusted CA.
VMware View Installation What to do next If an intermediate certification authority (CA) issues your smart card login or domain controller certificates, add the intermediate certificate to the Intermediate Certification Authorities group policy in Active Directory. See “Add an Intermediate Certificate to Intermediate Certification Authorities,” on page 26.
Installing View Composer 4 To use View Composer, you create a View Composer database, install the View Composer service on the vCenter Server computer, and optimize your View infrastructure to support View Composer. View Composer is an optional feature. Install View Composer if you intend to deploy linked-clone desktop pools. You must have a license to install and use the View Composer feature.
VMware View Installation n Create an Oracle Database for View Composer on page 29 View Composer can store linked-clone desktop information in an Oracle 11g or 10g database. You create a View Composer database by adding it to an existing Oracle instance and configuring an ODBC data source for it. You can add a new View Composer database by using the Oracle Database Configuration Assistant or by running a SQL statement.
Chapter 4 Installing View Composer Prerequisites Complete the steps described in “Add a View Composer Database to SQL Server,” on page 28. Procedure 1 On the vCenter Server computer, select Start > Administrative Tools > Data Source (ODBC). 2 Select the System DSN tab. 3 Click Add and select SQL Native Client from the list. 4 Click Finish. 5 In the Create a New Data Source to SQL Server setup wizard, type a name and description of the View Composer database.
VMware View Installation n Use a SQL Statement to Add a View Composer Database to an Oracle Instance on page 31 The View Composer database must have certain table spaces and privileges. You can use a SQL statement to create the View Composer database in an Oracle 11g or 10g database instance. n Configure an Oracle Database User for View Composer on page 31 By default, the database user that runs the View Composer database has Oracle system administrator permissions.
Chapter 4 Installing View Composer Use a SQL Statement to Add a View Composer Database to an Oracle Instance The View Composer database must have certain table spaces and privileges. You can use a SQL statement to create the View Composer database in an Oracle 11g or 10g database instance. When you create the database, you can customize the location of the data and log files. Prerequisites Verify that a supported version of Oracle 11g or 10g is installed on the vCenter Server computer.
VMware View Installation grant grant grant grant create materialized view to VCMPADMIN; execute on dbms_lock to VCMPADMIN; execute on dbms_job to VCMPADMIN; unlimited tablespace to VCMPADMIN; In this example, the user name is VCMPADMIN and the View Composer database name is VCMP. By default the resource role has the create procedure, create table, and create sequence privileges assigned. If the resource role does not have these privileges, explicitly grant them to the View Composer database user.
Chapter 4 Installing View Composer n Verify that you have a license to install and use View Composer. n In vCenter Server, create a resource pool on the ESX host or cluster on which you want to store linkedclone desktops. n If Windows firewall is running on the computer on which View Composer is installed, make sure that the port the View Composer service uses to communicate with View Connection Server is accessible. You can add this port to the exception list or deactivate the local firewall service.
VMware View Installation Configuring Your Infrastructure for View Composer You can take advantage of features in vSphere, vCenter Server, Active Directory, and other components of your infrastructure to optimize the performance, availability, and reliability of View Composer. Configuring the vSphere Environment for View Composer To support View Composer, you should follow certain best practices when you install and configure vCenter Server, ESX, and other vSphere components.
Installing View Connection Server 5 To use View Connection Server, you install the software on supported computers, configure the required components, and, optionally, optimize the components.
VMware View Installation n Windows 2003 Active Directory n Windows 2008 Active Directory The View Connection Server host must not be a domain controller. NOTE View Connection Server does not make, nor does it require, any schema or configuration updates to Active Directory. Do not install View Connection Server on systems that have the Windows Terminal Server role installed. You must remove the Windows Terminal Server role from any system on which you install View Connection Server.
Chapter 5 Installing View Connection Server 7 If you install View Connection Server on Windows Server 2008, choose how to configure the Windows Firewall service. Option Action Configure Windows Firewall automatically Let the installer configure Windows Firewall to allow the required network connections. Do not configure Windows Firewall Configure the Windows firewall rules manually.
VMware View Installation n Verify that the Windows computer on which you install View Connection Server has version 2.0 or later of the MSI runtime engine. For details, see the Microsoft Web site. n Familiarize yourself with the MSI installer command-line options. See “Microsoft Windows Installer Command-Line Options,” on page 47. n Familiarize yourself with the silent installation properties available with a standard installation of View Connection Server.
Chapter 5 Installing View Connection Server Firewall Rules for View Connection Server Certain ports must be opened on the firewall for View Connection Server instances and security servers. When you install View Connection Server on Windows Server 2008, the installation program can optionally configure the required Windows firewall rules for you. When you install View Connection Server on Windows Server 2003 R2, you must configure the required Windows firewall rules manually. Table 5-2.
VMware View Installation n Prepare your environment for the installation. See “Installation Prerequisites for View Connection Server,” on page 35. n Familiarize yourself with the network ports that must be opened on the Windows Firewall for View Connection Server instances. See “Firewall Rules for View Connection Server,” on page 39. Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer.
Chapter 5 Installing View Connection Server Configure SSL server certificates for View Connection Server. See “Configuring SSL Certificates for View Connection Server and Security Server,” on page 76. If you are reinstalling View Connection Server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again.
VMware View Installation The VMware View services are installed on the Windows Server computer. For details, see “Install a Replicated Instance of View Connection Server,” on page 39. Silent Installation Properties for a Replicated Instance of View Connection Server You can include specific properties when you silently install a replicated View Connection Server instance from the command line.
Chapter 5 Installing View Connection Server 4 Type the password in the Pairing password and Confirm password text boxes and specify a password timeout value. You must use the password within the specified timeout period. 5 Click OK to configure the password. What to do next Install a security server. See “Install a Security Server,” on page 43.
VMware View Installation 3 Accept the VMware license terms. 4 Accept or change the destination folder. 5 Select the View Security Server installation option. 6 Type the fully qualified domain name or IP address of the View Connection Server instance to pair with the security server in the Server text box. The security server forwards network traffic to this View Connection Server instance. 7 Type the security server pairing password in the Password text box.
Chapter 5 Installing View Connection Server If you are reinstalling the security server on a Windows Server 2008 operating system and you have a data collector set configured to monitor performance data, stop the data collector set and start it again. Install a Security Server Silently You can use the silent installation feature of the Microsoft Windows Installer (MSI) to install a security server on several Windows computers.
VMware View Installation 3 Type the installation command on one line. For example: VMware-viewconnectionserver-y.y.y-xxxxxx.exe /s /v"/qn VDM_SERVER_INSTANCE_TYPE=3 VDM_SERVER_NAME=cs1.internaldomain.com VDM_SERVER_SS_EXTURL=https://view.companydomain.com: 443 VDM_SERVER_SS_PCOIP_IPADDR=10.20.30.40 VDM_SERVER_SS_PCOIP_TCPPORT=4172 VDM_SERVER_SS_PCOIP_UDPPORT=4172 VDM_SERVER_SS_PWD=secret" The VMware View services are installed on the Windows Server computer.
Chapter 5 Installing View Connection Server Table 5-4. MSI Properties for Silently Installing a Security Server (Continued) MSI Property Description Default Value VDM_SERVER_SS_PCOIP_T CPPORT The PCoIP Secure Gateway external TCP port number. This property is supported only when the security server is installed on Windows Server 2008 R2 or later. For example: VDM_SERVER_SS_PCOIP_TCPPORT=4172 None This property is required if you plan to use the PCoIP Secure Gateway component.
VMware View Installation Table 5-6. MSI Command-Line Options and MSI Properties MSI Option or Property Description /qn Instructs the MSI installer not to display the installer wizard pages. For example, you might want to install View Agent silently and use only default setup options and features: VMware-viewagent-y.y.y-xxxxxx.exe /s /v"/qn" In the examples, xxxxxx is the build number and y.y.y is the version number.
Chapter 5 Installing View Connection Server Options The /qb option displays the uninstall progress bar. To suppress displaying the uninstall progress bar, replace the /qb option with the /qn option. The /x option uninstalls the View component. The product_code string identifies the View component product files to the MSI uninstaller. You can find the product_code string by searching for ProductCode in the %TEMP%\vmmsi.log file that is created during the installation.
VMware View Installation n If you manage local desktops, familiarize yourself with the additional required privileges. See “Local Mode Privileges Required for the vCenter Server User,” on page 52. Procedure 1 In vCenter Server, prepare a role with the required privileges for the user. n You can use the predefined Administrator role in vCenter Server. This role can perform all operations in vCenter Server.
Chapter 5 Installing View Connection Server View Manager Privileges Required for the vCenter Server User The vCenter Server user must have sufficient privileges to enable View Manager to operate in vCenter Server. Create a View Manager role for the vCenter Server user with the required privileges. Table 5-7.
VMware View Installation Local Mode Privileges Required for the vCenter Server User To manage desktops that are used in local mode, the vCenter Server user must have privileges in addition to those required to support View Manager and View Composer. Create a Local Mode Administrator role for the vCenter Server user that combines the View Manager privileges, View Composer privileges, and local mode privileges. Table 5-9.
Chapter 5 Installing View Connection Server Procedure 1 Open your Web browser and enter the following URL, where server is the host name or IP address of the View Connection Server instance. https://server/admin You access View Administrator by using a secure (SSL) connection. When you first connect, your Web browser might display a page warning that the security certificate associated with the address is not issued by a trusted certificate authority.
VMware View Installation See “Configure a vCenter Server User for View Manager, View Composer, and Local Mode,” on page 49. n If you plan to have View Connection Server connect to the vCenter Server instance using a secure channel (SSL), install a server SSL certificate on the vCenter Server host. Procedure 1 In View Administrator, click View Configuration > Servers. 2 In the vCenter Servers panel, click Add.
Chapter 5 Installing View Connection Server Configure View Composer Settings for vCenter Server To use View Composer, you must configure View Manager with initial settings that match the settings for the View Composer service that is installed in vCenter Server. View Composer is a feature of View Manager, but its service operates directly on virtual machines in vCenter Server. NOTE If you are not using View Composer, you can skip this task.
VMware View Installation Configuring View Client Connections View clients communicate with a View Connection Server or security server host over secure connections. The initial View Client connection, which is used for user authentication and View desktop selection, is created over HTTPS when a user provides a domain name or IP address to View Client.
Chapter 5 Installing View Connection Server 2 In the View Connection Servers panel, select a View Connection Server instance and click Edit. 3 Configure use of the secure tunnel. Option Description Disable the secure tunnel Deselect Use secure tunnel connection to desktop. Enable the secure tunnel Select Use secure tunnel connection to desktop. The secure tunnel is enabled by default. 4 Configure use of the PCoIP Secure Gateway.
VMware View Installation The process of configuring the external URLs is different for View Connection Server instances and security servers. n For a View Connection Server instance, you set the external URLs by editing View Connection Server settings in View Administrator. n For a security server, you set the external URLs when you run the View Connection Server installation program. You can use View Administrator to modify an external URL for a security server.
Chapter 5 Installing View Connection Server 3 Type the Secure Tunnel external URL in the External URL text box. The URL must contain the protocol, client-resolvable security server host name or IP address, and port number. For example: https://view.example.com:443 4 Type the PCoIP Secure Gateway external URL in the PCoIP External URL text box. Specify the PCoIP external URL as an IP address with the port number 4172. Do not include a protocol name. For example: 100.200.300.
VMware View Installation Where clients Projected number of concurrent client connections servers Number of View Connection Server instances in the replicated group Example: Calculating the Number of Ephemeral Ports For example, you might plan a deployment managed by three View Connection Server instances. If you anticipate having 3,000 concurrent client connections, you would need 5,010 ephemeral ports, as shown in Table 5-10. Table 5-10.
Chapter 5 Installing View Connection Server 5 Restart the Windows Server computer. Increasing the Size of the TCB Hash Table The transmission control block (TCB) holds information about TCP connections that are made between View Connection Server clients and their desktop sources. To support a large View desktop deployment on Windows Server 2003 computers, you can increase the size of the TCB hash table. On Windows Server 2008 computers, you do not need to increase the maximum size of the TCB hash table.
VMware View Installation Table 5-12.
Chapter 5 Installing View Connection Server Procedure 1 2 On the Windows Server computer, start the Windows Registry Editor a Select Start > Command Prompt. b At the command prompt, type regedit. In the registry, locate the subkey and click Parameters. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters 3 Click Edit > New and add the following registry entry.
VMware View Installation Sizing the Java Virtual Machine The View Connection Server installer sizes the Java Virtual Machine (JVM) heap memory on View Connection Server computers to support a large number of concurrent View desktop sessions. However, when View Connection Server runs on a 32-bit Windows Server computer, the View Secure Gateway Server component is configured with a limited JVM heap size. To size your deployment adequately, you can increase the JVM heap size on 32-bit computers.
Chapter 5 Installing View Connection Server 3 Click Edit > Modify. A Windows dialog box displays an entry like the following one. -Xms128m -Xmx512m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.poller=simple.http.GranularPoller -Dsimple.http.connect.configurator=com.vmware.vdi.front.SimpleConfigurator 4 Edit the -Xmx parameter to have the value -Xmx1024m. The dialog box displays the following entry. -Xms128m -Xmx1024m -Xss96k -Xrs -XX:+UseConcMarkSweepGC -Dsimple.http.poller=simple.http.
VMware View Installation 66 VMware, Inc.
Installing View Transfer Server 6 View Transfer Server transfers data between local desktops and the datacenter during check in, check out, and replication. To install View Transfer Server, you install the software on a Windows Server virtual machine, add View Transfer Server to your View Manager deployment, and configure the Transfer Server repository. You must install and configure View Transfer Server if you deploy View Client with Local Mode on client computers.
VMware View Installation Prerequisites n Verify that you have local administrator privileges on the Windows Server on which you will install View Transfer Server. n Verify that your installation satisfies the View Transfer Server requirements described in “View Transfer Server Requirements,” on page 11. n Verify that you have a license to install View Transfer Server and use local desktops.
Chapter 6 Installing View Transfer Server Add View Transfer Server to View Manager View Transfer Server works with View Connection Server to transfer files and data between local desktops and the datacenter. Before View Transfer Server can perform these tasks, you must add it to your View Manager deployment. You can add multiple View Transfer Server instances to View Manager. The View Transfer Server instances access one common Transfer Server repository.
VMware View Installation Configure the Transfer Server Repository The Transfer Server repository stores View Composer base images for linked-clone desktops that run in local mode. To give View Transfer Server access to the Transfer Server repository, you must configure it in View Manager. If you do not use View Composer linked clones in local mode, you do not have to configure a Transfer Server repository.
Chapter 6 Installing View Transfer Server 5 In the General panel on the Transfer Server repository page, click Edit. 6 Type the Transfer Server repository location and other information. Option Description Network Share n n n n Type the path that you configured on the local View Transfer Server virtual machine. Local File System 7 Path. Type the UNC path that you configured. Username. Type the user ID of an administrator with credentials to access the network share. Password.
VMware View Installation Procedure 1 Log in to the Windows Server computer and click Start > Run. 2 Type gpedit.msc and click OK. 3 In the Group Policy Object Editor, click Local Computer Policy > Computer Configuration. 4 Expand Administrative Templates, open the Windows Installer folder, and double-click Always install with elevated privileges. 5 In the Always Install with Elevated Privileges Properties window, click Enabled and click OK. 6 In the left pane, click User Configuration.
Chapter 6 Installing View Transfer Server Procedure 1 Download the View Connection Server installer file from the VMware product page at http://www.vmware.com/products/ to the Windows Server computer. The installer filename is VMware-viewconnectionserver-y.y.y-xxxxxx.exe or VMwareviewconnectionserver-x86_64-y.y.y-xxxxxx.exe, where xxxxxx is the build number and y.y.y is the version number. 2 Open a command prompt on the Windows Server computer. 3 Type the installation command on one line.
VMware View Installation Table 6-2. MSI Properties for Silently Installing View Transfer Server (Continued) MSI Property Description Default Value SERVERNAME The host name of the virtual machine on which you install View Transfer Server. This value corresponds to the Apache Web Server host name that is configured during an interactive installation. For example: SERVERNAME=ts1.companydomain.
Configuring SSL Certificates for View Servers 7 You can configure SSL certificates for authentication of View Connection Server instances, security servers, and View Transfer Server instances. A default SSL server certificate is generated when you install View Connection Server instances, security servers, or View Transfer Server instances. You can use the default certificate for testing purposes. IMPORTANT Replace the default certificate as soon as possible.
VMware View Installation This chapter includes the following topics: n “Configuring SSL Certificates for View Connection Server and Security Server,” on page 76 n “Configuring SSL Certificates for View Transfer Server,” on page 83 n “Configuring Certificate Checking in View Client for Windows,” on page 87 n “Appendix: Additional SSL Configuration Tasks,” on page 88 Configuring SSL Certificates for View Connection Server and Security Server You can configure SSL server certificates for View Connecti
Chapter 7 Configuring SSL Certificates for View Servers Table 7-1. SSL Certificate Formats and Configuration Path (Continued) If you have this SSL certificate format... Take these steps PKCS#12 - You are not sure which type of CA has signed your certificate. If you are not sure whether your PKCS#12 file is signed by a root CA or intermediate CA, see “Determine the Type of CA Signature on Your PKCS#12 Certificate,” on page 77.
VMware View Installation Convert a PKCS#12 File to JKS Format If you already have a PKCS#12 keystore file and a server certificate that is signed by an intermediate CA rather than a root CA, you must convert the PKCS#12 keystore to JKS format before you can use it with View. Procedure 1 Create the JKS keystore and add the intermediate certificate and root certificate to the keystore.
Chapter 7 Configuring SSL Certificates for View Servers 3 Import an Intermediate Certificate into a Keystore File on page 80 If your server certificate is signed by an intermediate CA rather than by a root CA, you must add the intermediate certificate to the keystore before you add the server certificate. 4 Import a Signed Server Certificate into a Keystore File on page 81 If you obtained a signed server certificate from a CA, use keytool to import the certificate into your keystore file.
VMware View Installation If you downloaded a server certificate, import it into your keystore file. See “Import a Signed Server Certificate into a Keystore File,” on page 81. Import a Root Certificate into a Keystore File If your View Connection Server instance or security server does not trust the root certificate for the server certificate that you have obtained from a CA, use keytool to import the certificate into your keystore file before you add the server certificate.
Chapter 7 Configuring SSL Certificates for View Servers Import a Signed Server Certificate into a Keystore File If you obtained a signed server certificate from a CA, use keytool to import the certificate into your keystore file. Procedure 1 Copy the text file that contains your server certificate to the directory that contains your keystore file and save it as certificate.p7.
VMware View Installation 2 Add the keyfile, keypass, and storetype properties to the locked.properties file in the SSL gateway configuration directory on the View Connection Server or security server host. If the locked.properties file does not already exist, you must create it. a Set the keyfile property to the name of your keystore file. For example: keyfile=keys.jks or keyfile=keys.pfx b Set the keypass property to the password for your keystore file.
Chapter 7 Configuring SSL Certificates for View Servers 4 Restart the View Connection Server service to make your changes take effect. In a replicated group, you must restart the service on each View Connection Server instance and on each paired security server. 5 Reconfigure any firewalls and load balancers to permit client connections using the new SSL configuration. See the VMware View Architecture Planning document for more information.
VMware View Installation Prepare an Existing Certificate in PKCS#12 Format for Use with View Transfer Server An SSL certificate that is used with a View Transfer Server instance must be in PEM format. If you have an existing certificate in PKCS#12 format, you can use openssl to export the private key and server certificate in PEM format.
Chapter 7 Configuring SSL Certificates for View Servers 3 Send the CSR file to the CA in accordance with the CA's enrollment process and request a certificate in PEM format. After conducting some checks on your company, the CA signs your request, encrypts it with a private key, and sends you a validated certificate. 4 If necessary, convert your certificate to PEM format. Some CAs provide certificates in a format other than PEM. If you download this type of certificate, you must convert it to PEM format.
VMware View Installation If your SSL server certificate is signed by an intermediate CA, you must add the intermediate certificate to the View Transfer Server certificate directory and configure the Apache configuration file to specify the name of the intermediate certificate. Prerequisites n Add openssl to the system Path variable on your host. See “Add openssl to the System Path,” on page 89.
Chapter 7 Configuring SSL Certificates for View Servers Configure SSL for View Transfer Server Communications To configure whether SSL is used for communications and data transfers between client computers that host local desktops and View Transfer Server, you set View Connection Server settings in View Administrator. The SSL settings for View Transfer Server communications and data transfers are specific to a single View Connection Server instance.
VMware View Installation When you first set up a View environment, a default self-signed certificate is used. By default, the certificate verification mode that is used is Warn But Allow. In this mode, when either of the following server certificate issues occurs, a warning is displayed, but the user can choose to continue on and ignore the warning: n A self-signed certificate is provided by the View server.
Chapter 7 Configuring SSL Certificates for View Servers 7 Import the certificate. Option Description Root certificate a Right-click Trusted Root Certification Authorities and select Import. b Follow the prompts in the wizard to import the root certificate (for example, rootCA.cer) and click OK. a b Right-click Intermediate Certification Authorities and select Import. Follow the prompts in the wizard to import the intermediate certificate (for example, intermediateCA.cer) and click OK.
VMware View Installation 90 VMware, Inc.
Creating an Event Database 8 You create an event database to record information about View Manager events. If you do not configure an event database, you must look in the log file to get information about events, and the log file contains very limited information.
VMware View Installation 2 Add a user for this database that has permission to create tables, views, and, in the case of Oracle, triggers and sequences, as well as permission to read from and write to these objects. For a Microsoft SQL Server database, do not use the Integrated Windows Authentication security model method of authentication. Be sure to use the SQL Server Authentication method of authentication.
Chapter 8 Creating an Event Database n The type of database server: Microsoft SQL Server or Oracle. n The port number that is used to access the database server. The default is 1521 for Oracle and 1433 for SQL Server. For SQL Server, if the database server is a named instance or if you use SQL Server Express, you might need to determine the port number. See the Microsoft KB article about connecting to a named instance of SQL Server, at http://support.microsoft.com/kb/265808.
VMware View Installation 94 VMware, Inc.
Installing and Starting View Client 9 You can obtain the Windows-based View Client installer either from the VMware Web site or from View Portal, a Web access page provided by View Connection Server. You can set various startup options for end users after View Client is installed. For information about installing and using other View Clients, such as View Client for the Mac and View Client for iPad, see the documents that pertain to the specific client. Go to https://www.vmware.
VMware View Installation n If you plan to install View Client with Local Mode, verify that your license includes View Client with Local Mode. n If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. n Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop.
Chapter 9 Installing and Starting View Client Prerequisites n Verify that View Client or View Client with Local Mode is installed on the client device. n If you plan to use View Client with Local Mode, verify that your license includes View Client with Local Mode and verify that the View desktop meets the requirements for local mode. See the overview topic for setting up a local desktop deployment in the VMware View Administration document.
VMware View Installation If authentication to View Connection Server fails or if View Client cannot connect to a desktop, perform the following tasks: n Verify that the View Client setting for using secure (SSL) connections matches the global setting in View Administrator. For example, if the check box for secure connections is deselected on the client, the check box must also be deselected in View Administrator. n Verify that the security certificate for View Connection Server is working properly.
Chapter 9 Installing and Starting View Client n If you plan to install View Client with Local Mode, verify that none of the following products is installed: VMware View Client, VMware Player, VMware Workstation, VMware ACE, VMware Server. n Determine whether the person who uses the client device is allowed to access locally connected USB devices from a virtual desktop. If not, you must deselect the USB Redirection component that the wizard presents.
VMware View Installation Prerequisites Verify that the Virtual Printing component of View Agent is installed on the View desktop. In the View desktop file system, the drivers are located in C:\Program Files\Common Files\VMware\Drivers\Virtual Printer. Installing View Agent is one of the tasks required for preparing a virtual machine to be used as a View desktop. For more information, see the VMware View Administration document. Procedure 1 In the View desktop, click Start > Settings > Printers and Faxes.
Chapter 9 Installing and Starting View Client Installing View Client Silently You can install View Client silently by typing the installer filename and installation options at the command line. With silent installation, you can efficiently deploy View components in a large enterprise.
VMware View Installation n Determine whether to use the feature that lets end users log in to View Client and their virtual desktop as the currently logged in user. Credential information that the user entered when logging in to the client system is passed to the View Connection Server instance and ultimately to the virtual desktop. Some client operating systems do not support this feature.
Chapter 9 Installing and Starting View Client Silent Installation Properties for View Client You can include specific properties when you silently install View Client from the command line. You must use a PROPERTY=value format so that Microsoft Windows Installer (MSI) can interpret the properties and values. Table 9-1 shows the View Client silent installation properties that you can use at the command-line. Table 9-1.
VMware View Installation Table 9-2. View Client Silent Installation Features and Interactive Custom Setup Options (Continued) 104 Silent Installation Feature Custom Setup Option in an Interactive Installation TSSO Single Sign-on (SSO) USB USB Redirection VMware, Inc.
Index A Active Directory configuring domains and trust relationships 21 preparing for smart card authentication 24 preparing for SSL certificate configuration 88 preparing for use with View 21 Active Directory groups creating for kiosk mode client accounts 22 creating for View users and administrators 22 ADM template files 24 Adobe Flash requirements 19 antivirus software, View Composer 34 B browser requirements 9, 16 C certificate signing requests, See CSRs certificates additional tasks 88 checking in V
VMware View Installation Internet Explorer, supported versions 9, 16 J JKS keystores, converting from PKCS#12 78 JVM heap size default 64 increasing 64 K keyfile property 81 keypass property 81 keytool utility adding to the system path 89 creating a CSR 79 kiosk mode, Active Directory preparation 22 L license key, View Connection Server 53 local desktop configuration adding a View Transfer Server instance 67, 69 creating a vCenter Server user 49 hardware requirements 14 privileges for vCenter Server use
Index configuring a pairing password 42 configuring an external URL 57 configuring to use a certificate 81 installer file 43 installing silently 45 modifying an external URL 58 operating system requirements 8 silent installation properties 46 silent installation group policies to allow installation 71, 101 replicated instances 41 security servers 45 View Client 101 View Client with Local Mode 101 View Connection Server 37 View Transfer Server 71, 72 sizing Windows Server settings calculating ephemeral port
VMware View Installation View components, command-line options for silent installation 47 View Composer, database requirements 10 View Composer configuration creating a user account 23 creating a vCenter Server user 22, 49 privileges for the vCenter Server user 51 settings in View Administrator 55 View Composer database ODBC data source for Oracle 11g or 10g 32 ODBC data source for SQL Server 28 Oracle 11g and 10g 29, 30 requirements 27 SQL Server 28 View Composer infrastructure configuring vSphere 34 opti
