5.0
Table Of Contents
- VMware View Installation
- Contents
- VMware View Installation
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for Windows-Based View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Configuring SSL Certificates for View Connection Server and Security Server
- Configuring SSL Certificates for View Transfer Server
- Prepare an Existing Certificate in PKCS#12 Format for Use with View Transfer Server
- Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance
- Generate a Self-Signed Certificate for View Transfer Server
- Configure a View Transfer Server Instance to Use a Certificate
- Configure SSL for View Transfer Server Communications
- Configuring Certificate Checking in View Client for Windows
- Appendix: Additional SSL Configuration Tasks
- Creating an Event Database
- Installing and Starting View Client
- Index
Configuring SSL Certificates for View
Servers 7
You can configure SSL certificates for authentication of View Connection Server instances, security servers,
and View Transfer Server instances.
A default SSL server certificate is generated when you install View Connection Server instances, security
servers, or View Transfer Server instances. You can use the default certificate for testing purposes.
IMPORTANT Replace the default certificate as soon as possible. The default certificate is not signed by a
Certificate Authority (CA). Use of certificates that are not signed by a CA can allow untrusted parties to
intercept traffic by masquerading as your server.
View Connection Server instances, security servers, load balancers, and View Transfer Server instances require
an SSL server certificate if they receive SSL connections.
n
If you enable SSL for client connections, client-facing View Connection Server instances, security servers,
and load balancers that terminate SSL connections require an SSL server certificate.
n
If you enable the secure tunnel on a View Connection Server instance or security server, you must install
an SSL server certificate on that server. Even if you use a load balancer to terminate SSL connections, View
Client makes a second HTTPS connection to the View Connection Server or security server host on which
you enabled the secure tunnel.
n
If you enable SSL for local mode operations and desktop provisioning, View Transfer Server instances
require an SSL server certificate.
n
If you configure smart card authentication in VMware View, client-facing View Connection Server
instances and security servers require a root CA certificate in addition to an SSL server certificate.
You can request an SSL server certificate that is specific to a web domain such as www.mycorp.com, or you can
request a wildcard SSL server certificate that can be used throughout a domain such as *.mycorp.com. To
simplify administration, you might choose to request a wildcard certificate if you need to install the certificate
on multiple servers or in different subdomains. It is more usual to use domain-specific certificates in secure
installations, and CAs usually guarantee more protection against losses for domain-specific certificates than
for wildcard certificates. If you use a wildcard certificate, you need to ensure that the private key is transferrable
between servers.
When you replace the default certificate with your own certificate, clients use your certificate to authenticate
the server. If your certificate is signed by a CA, the certificate for the CA itself is typically embedded in the
browser or is located in a trusted database that the client can access. After a client accepts the certificate, it
responds by sending a secret key, which is encrypted with the public key contained in the certificate. The secret
key is used to encrypt traffic between the client and the server.
You follow different procedures to configure certificates for use with View Connection Server and security
server than you do for View Transfer Server. In addition, you can configure different levels of SSL security
checking in View Client for Windows.
VMware, Inc.
75