5.0
Table Of Contents
- VMware View Installation
- Contents
- VMware View Installation
- System Requirements for Server Components
- System Requirements for Client Components
- Supported Operating Systems for View Agent
- Supported Operating Systems for Windows-Based View Client and View Client with Local Mode
- Hardware Requirements for Local Mode Desktops
- Client Browser Requirements for View Portal
- Remote Display Protocol and Software Support
- Adobe Flash Requirements
- Smart Card Authentication Requirements
- Preparing Active Directory
- Configuring Domains and Trust Relationships
- Creating an OU for View Desktops
- Creating OUs and Groups for Kiosk Mode Client Accounts
- Creating Groups for View Users
- Creating a User Account for vCenter Server
- Create a User Account for View Composer
- Configure the Restricted Groups Policy
- Using View Group Policy Administrative Template Files
- Prepare Active Directory for Smart Card Authentication
- Installing View Composer
- Installing View Connection Server
- Installing the View Connection Server Software
- Installation Prerequisites for View Connection Server
- Install View Connection Server with a New Configuration
- Install a Replicated Instance of View Connection Server
- Configure a Security Server Pairing Password
- Install a Security Server
- Microsoft Windows Installer Command-Line Options
- Uninstalling View Products Silently by Using MSI Command-Line Options
- Configuring User Accounts for vCenter Server and View Composer
- Where to Use the vCenter Server User and Domain User for View Composer
- Configure a vCenter Server User for View Manager, View Composer, and Local Mode
- View Manager Privileges Required for the vCenter Server User
- View Composer Privileges Required for the vCenter Server User
- Local Mode Privileges Required for the vCenter Server User
- Configuring View Connection Server for the First Time
- Configuring View Client Connections
- Sizing Windows Server Settings to Support Your Deployment
- Installing the View Connection Server Software
- Installing View Transfer Server
- Configuring SSL Certificates for View Servers
- Configuring SSL Certificates for View Connection Server and Security Server
- Configuring SSL Certificates for View Transfer Server
- Prepare an Existing Certificate in PKCS#12 Format for Use with View Transfer Server
- Obtain a Signed Certificate from a CA for Use with a View Transfer Server Instance
- Generate a Self-Signed Certificate for View Transfer Server
- Configure a View Transfer Server Instance to Use a Certificate
- Configure SSL for View Transfer Server Communications
- Configuring Certificate Checking in View Client for Windows
- Appendix: Additional SSL Configuration Tasks
- Creating an Event Database
- Installing and Starting View Client
- Index
When you first set up a View environment, a default self-signed certificate is used. By default, the certificate
verification mode that is used is Warn But Allow. In this mode, when either of the following server certificate
issues occurs, a warning is displayed, but the user can choose to continue on and ignore the warning:
n
A self-signed certificate is provided by the View server. In this case, it is acceptable if the certificate name
does not match the View Connection Server name provided by the user in View Client.
n
A verifiable certificate that was configured in your deployment has expired or is not yet valid.
You can change the default certificate verification mode. You can set the mode to No Security, so that no
certificate checking is done. Or you can set the mode to Full Security, so that users are not allowed to connect
to the server if any one of the checks fails. You can also allow end users to set the mode for themselves.
Use the Client Configuration ADM template file to change the verification mode. ADM template files for View
components are installed in the
install_directory
\VMware\VMware View\Server\Extras\GroupPolicyFiles
directory on your View Connection Server host. For information about using these templates to control GPO
settings, see the VMware View Administration document.
Appendix: Additional SSL Configuration Tasks
When you configure SSL certificates for View servers, you might need to perform certain additional tasks.
Add SSL Certificates in Active Directory
For CAs that are not well known, you must add the root CA certificate and intermediate certificate in Active
Directory. These steps allow the root CA certificate to be installed in your client systems' Trusted Root stores.
For example, you might need to take these steps if your organization uses an internal certificate service.
If your SSL server certificates are signed by a well known CA, you do not have to add certificates in Active
Directory. For well known CAs, the operating system venders preinstall the root certificate on client systems.
Specifically, if you use a little-known CA to provide SSL server certificates, you must add the root certificate
to the Enterprise NTAuth store and the Trusted Root Certification Authorities group policy in Active Directory.
You do not need to perform this procedure if the Windows domain controller acts as the root CA.
If your SSL server certificates are signed by an little-known intermediate CA, you must add the intermediate
certificate to the Intermediate Certification Authorities group policy in Active Directory.
Procedure
1 On your Active Directory server, use the certutil command to publish the certificate to the Enterprise
NTAuth store.
For example: certutil -dspublish -f
path_to_root_CA_cert
NTAuthCA
2 On your Active Directory server, select Start > All Programs > Administrative Tools > Active Directory
Users and Computers.
3 Right-click your domain and click Properties.
4 On the Group Policy tab, click Open to open the Group Policy Management plug-in.
5 Right-click Default Domain Policy and click Edit.
6 Expand the Computer Configuration section and open Windows Settings\Security Settings\Public
Key.
VMware View Installation
88 VMware, Inc.