VMware Horizon Client 3.4 Instruction Manual
Using VMware Horizon Client for iOS
June 2015
Horizon Client
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001481-03
Using VMware Horizon Client for iOS
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2010–2015 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
Using VMware Horizon Client for iOS 5
Setup and Installation 7
1
System Requirements 7
Preparing View Connection Server for Horizon Client 8
Smart Card Authentication Requirements 9
Configure Smart Card Authentication for Mobile Clients 9
Using Embedded RSA SecurID Software Tokens 10
Configure Advanced SSL Options 11
Supported Desktop Operating Systems 12
Install or Upgrade Horizon Client on an iOS Device 12
Configure AirWatch to Deliver Horizon Client to Mobile Devices 12
Horizon Client Data Collected by VMware 13
Using URIs to Configure Horizon Client 17
2
Syntax for Creating vmware-view URIs 17
Examples of vmware-view URIs 19
Managing Remote Desktop and Application Connections 21
3
Connect to a Remote Desktop or Application for the First Time 21
Certificate Checking Modes for Horizon Client 23
Manage Saved Servers 24
Select a Favorite Remote Desktop or Application 25
Disconnecting from a Remote Desktop or Application 26
Log Off From a Remote Desktop 26
Manage Desktop and Application Shortcuts 27
VMware, Inc.
Using a Microsoft Windows Desktop or Application on a Mobile Device 29
4
Feature Support Matrix for iOS 29
External Keyboards and Input Devices 31
Enable the Japanese 106/109 Keyboard Layout 32
Using Native Operating System Gestures with Touch Redirection 32
Using the Unity Touch Sidebar with a Remote Desktop 32
Using the Unity Touch Sidebar with a Remote Application 35
Horizon Client Tools 36
Gestures 38
Multitasking 39
Saving Documents in a Remote Application 39
Configure Horizon Client to Support Reversed Mouse Buttons 40
Screen Resolutions and Using External Displays 40
PCoIP Client-Side Image Cache 41
3
Using VMware Horizon Client for iOS
Suppress the Cellular Data Warning Message 41
Internationalization 41
Troubleshooting Horizon Client 43
5
Collecting and Sending Logging Information 43
Enable Horizon Client Log Collection 43
Manually Retrieve and Send Horizon Client Log Files 44
Disable Horizon Client Log Collection 44
Reset a Remote Desktop or Application 45
Uninstall Horizon Client 45
Horizon Client Stops Responding or the Remote Desktop Freezes 46
Problem Establishing a Connection When Using a Proxy 46
Index 47
4 VMware, Inc.
Using VMware Horizon Client for iOS
This guide, Using VMware Horizon Client for iOS, provides information about installing and using VMware
Horizon® Client™ software on an iOS device to connect to a remote desktop or application in the
datacenter.
The information in this document includes system requirements and instructions for installing
Horizon Client. This document also provides tips for improving the user experience of navigating and using
Windows desktop elements on an iOS device such as an iPad.
This information is intended for administrators who need to set up a View deployment that includes iOS
client devices. The information is written for experienced system administrators who are familiar with
virtual machine technology and datacenter operations.
VMware, Inc.
5
Using VMware Horizon Client for iOS
6 VMware, Inc.
Setup and Installation 1
Setting up a View deployment for iOS clients involves using certain View Connection Server configuration
settings, meeting the system requirements for View servers and iOS clients, and installing the app for
Horizon Client from the Apple App Store. VMware also recommends that you set up a View security server
so that your iOS clients will not need a VPN connection.
This chapter includes the following topics:
“System Requirements,” on page 7
n
“Preparing View Connection Server for Horizon Client,” on page 8
n
“Smart Card Authentication Requirements,” on page 9
n
“Configure Smart Card Authentication for Mobile Clients,” on page 9
n
“Using Embedded RSA SecurID Software Tokens,” on page 10
n
“Configure Advanced SSL Options,” on page 11
n
“Supported Desktop Operating Systems,” on page 12
n
“Install or Upgrade Horizon Client on an iOS Device,” on page 12
n
“Configure AirWatch to Deliver Horizon Client to Mobile Devices,” on page 12
n
“Horizon Client Data Collected by VMware,” on page 13
n
System Requirements
You can install Horizon Client on all models of iPad and iPhone.
The iOS device on which you install Horizon Client, and the peripherals it uses, must meet certain system
requirements.
iPad and iPhone Models
Operating systems
External keyboards
Smart cards
VMware, Inc. 7
iPhone 4, 4S, 5, 5S, 5C, 6, and 6 Plus
n
iPad 2, iPad (3rd generation), iPad (4th generation), iPad mini, iPad mini
n
3, iPad mini with Retina display, iPad Air, and iPad Air 2
Horizon Client 3.4 includes 64-bit processor support for iPhone 5S, 6, and 6
Plus, and iPad Air, iPad Air 2, iPad mini 2, and iPad mini 3.
iOS 6.0 and later, including iOS 8.x.
(Optional) iPad Keyboard Dock and Apple Wireless Keyboard (Bluetooth)
See “Smart Card Authentication Requirements,” on page 9.
Using VMware Horizon Client for iOS
View Connection
Server, Security Server,
and View Agent
Latest maintenance release of View 5.3.x and later releases.
VMware recommends that you use a security server so that your iOS clients
will not require a VPN connection.
To use the Unity Touch feature with View 5.3.x desktops, the Remote
Experience Agent must be installed on the desktops.
Remote applications are available on Horizon 6.0 with View and later
servers.
Display protocol for
PCoIP
View
Preparing View Connection Server for Horizon Client
Administrators must perform specific tasks to enable end users to connect to remote desktops and
applications.
Before end users can connect to View Connection Server or a security server and access a remote desktop or
application, you must configure certain pool settings and security settings:
If you are using a security server, as VMware recommends, verify that you are using the latest
n
maintenance releases of View Connection Server 5.3.x and View Security Server 5.3.x or later releases.
See the View Installation document.
If you plan to use a secure tunnel connection for client devices and if the secure connection is
n
configured with a DNS host name for View Connection Server or a security server, verify that the client
device can resolve this DNS name.
To enable or disable the secure tunnel, in View Administrator, go to the Edit View Connection Server
Settings dialog box and use the check box called Use secure tunnel connection to desktop.
Verify that a desktop or application pool has been created and that the user account that you plan to use
n
is entitled to access the pool. For View Connection Server 5.3.x, see the topics about creating desktop
pools in the View Administration document. For View Connection Server 6.0 and later, see the topics
about creating desktop and application pools in the Setting Up Desktop and Application Pools in View
document.
To use two-factor authentication with Horizon Client, such as RSA SecurID or RADIUS authentication,
n
you must enable this feature on View Connection Server. For more information, see the topics about
two-factor authentication in the View Administration document.
To allow end users to save their passwords with Horizon Client, so that users do not always need to
n
supply credentials when connecting to a remote desktop or application, configure the policy for this
feature on View Connection Server.
Users can save their passwords if the policy is configured to allow it and if Horizon Client can fully
verify the server certificate that View Connection Server presents. For instructions about configuring
this policy, see the topic called "Allow Users to Save Credentials" in the chapter called "Setting Up User
Authentication," in the View Administration document.
Verify that the desktop or application pool is set to use the PCoIP display protocol. For View
n
Connection Server 5.3.x, see the View Administration document. For View Connection Server 6.0 and
later, see the Setting Up Desktop and Application Pools in View document.
8 VMware, Inc.
Smart Card Authentication Requirements
Client systems that use a smart card for user authentication must meet certain requirements.
Horizon Client for iOS supports using smart cards with remote desktops that have Windows 7, Windows
Vista, Windows 8.1, Windows XP, or Windows Server 2008 R2 guest operating systems. For Microsoft RDS
host-based desktops and applications, the Windows Server 2008 R2 and Windows Server 2012 R2 operating
systems are supported. VMware recommends using an iOS 6.1.3 or later operating system. The baiMobile
301MP USB Smart Card Reader and the following smart cards were tested:
Oberthur ID One V5.2a DOD CAC card
n
Gemalto TOPDLGX4 DOD CAC card
n
ActivIdentity 64K V2C Java Card
n
Each client system that uses a smart card for user authentication must have the following software and
hardware:
Horizon Client
n
A compatible smart card reader
n
Product-specific application drivers
n
Chapter 1 Setup and Installation
You must also install product-specific application drivers on the remote desktops or Microsoft RDS host.
Users that authenticate with smart cards must have a smart card, and each smart card must contain a user
certificate.
In addition to meeting these requirements for Horizon Client systems, other View components must meet
certain configuration requirements to support smart cards:
For information about configuring View servers to support smart card use, see the topic "Configure
n
Smart Card Authentication," in the View Administration document.
For information about tasks you might need to perform in Active Directory to implement smart card
n
authentication, see the topics about preparing Active Directory for smart card authentication, in the
View Installation document.
Configure Smart Card Authentication for Mobile Clients
Configuration tasks include connecting and pairing the card reader with the mobile device and setting the
smart card removal policy.
Prerequisites
Verify that you are using the correct version of the client, desktop agent, server, mobile device
n
operating system, smart card reader, and smart card. See “Smart Card Authentication Requirements,”
on page 9.
If you have not already done so, perform the tasks described in "Prepare Active Directory for Smart
n
Card Authentication," in the View Installation document.
Configure View servers to support smart card use. See the topic "Configure Smart Card
n
Authentication," in the View Administration document.
VMware, Inc. 9
Using VMware Horizon Client for iOS
Procedure
1 Pair the mobile device with the smart card reader, according to the documentation provided by the
manufacturer of the reader.
If your iOS device has a 30-pin connector, you can plug the smart card reader into the connector. For
iPad Air and iPhone 5S, which have Lightning interfaces, you must use a 30-pin adapter to plug the
smart card reader into the device's 30-pin connector.
2 Configure the smart card removal policy.
Option Description
Set the policy on the server
Set the policy on the desktop
If you use View Administrator to set a policy, the choices are to disconnect
users from View Connection Server when they remove their smart cards or
to keep users connected to View Connection Server when they remove
their smart cards and let them start new desktop or application sessions
without reauthenticating.
a In View Administrator, select View Configuration > Servers.
b On the Connection Servers tab, select the View Connection Server
instance and click Edit.
c On the Authentication tab, select or deselect the Disconnect user
sessions on smart card removal check box to configure the smart card
removal policy.
d Click OK to save your changes.
e Restart the View Connection Server service to make your changes take
effect.
If you select the Disconnect user sessions on smart card removal check
box, Horizon Client returns to the Recent Connections screen (
Horizon Client 3.0) or Recent screen (Horizon Client 3.1 and later) when
users remove their smart cards.
If you use the Group Policy Editor (gpedit.msc), you have the following
possible settings: no action, lock workstation, force log off, or Disconnect if
a Remote Desktop Services session.
After you open gpedit.msc in the desktop operating system, go to
Windows settings > Security settings > Local policies > Security options >
Interactive logon: smart card removal behavior. Run the
gpupdate /force command after you change the configuration to force a
group policy refresh.
Using Embedded RSA SecurID Software Tokens
If you create and distribute RSA SecurID software tokens to end users, they need enter only their PIN, rather
than PIN and token code, to authenticate.
Setup Requirements
You can use Compressed Token Format (CTF) or dynamic seed provisioning, which is also called CT-KIP
(Cryptographic Token Key Initialization Protocol), to set up an easy-to-use RSA authentication system. With
this system, you generate a URL to send to end users. To install the token, end users paste this URL directly
into Horizon Client on their client devices. The dialog box for pasting this URL appears when end users
connect to View Connection Server with Horizon Client.
After the software token is installed, end users enter a PIN to authenticate. With external RSA tokens, end
users must enter a PIN and the token code generated by a hardware or software authentication token.
The following URL prefixes are supported if end users will be copying and pasting the URL into
Horizon Client when Horizon Client is connected to an RSA-enabled View Connection Server:
viewclient-securid://
n
10 VMware, Inc.
Chapter 1 Setup and Installation
com.rsa.securid.iphone://
n
com.rsa.securid://
n
For end users who will be installing the token by tapping the URL, only the prefix viewclient-securid:// is
supported.
For information about using dynamic seed provisioning or file-based (CTF) provisioning, see the Web page
RSA SecurID Software Token for iPhone Devices at http://www.rsa.com/node.aspx?id=3652 or RSA SecurID
Software Token for Android at http://www.rsa.com/node.aspx?id=3832.
Instructions to End Users
When you create a CTFString URL or CT-KIP URL to send to end users, you can generate a URL with or
without a password or activation code. You send this URL to end users in an email that must include the
following information:
Instructions for navigating to the Install Software Token dialog box.
n
Tell end users to tap External Token in the Horizon Client dialog box that prompts them for RSA
SecurID credentials when they connect to View Connection Server.
CTFString URL or CT-KIP URL in plain text.
n
If the URL has formatting on it, end users will get an error message when they try to use it in
Horizon Client.
Activation code, if the CT-KIP URL that you create does not already include the activation code.
n
End users must enter this activation code in a text field of the dialog box.
If the CT-KIP URL includes an activation code, tell end users that they need not enter anything in the
n
Password or Activation Code text box in the Install Software Token dialog box.
Configure Advanced SSL Options
You can select the security protocols that Horizon Client can use. You can also specify the cipher control
string.
Prerequisites
Verify the security protocol that the View server can use. If you configure a security protocol for
Horizon Client that is not enabled on the View server to which the client connects, an SSL error occurs and
the connection fails. For information about configuring the security protocols that are accepted by View
Connection Server instances, see the View Security document.
Horizon Client and View Connection Server support TLS v1.0 and TLS v1.1 by default. You should change
the security protocols in Horizon Client only if your View administrator instructs you to do so, or if your
View server does not support the current settings.
Procedure
1 In your iOS Settings app, tap VMware View (Horizon Client 3.0) or Horizon (Horizon Client 3.1 and
later).
2 Tap Advanced SSL Options.
3 Make sure that the Reset to Default Settings option is set to Off.
4 To enable or disable a security protocol, tap the On or Off toggle next to the security protocol name.
TLS v1.0 and TLS v1.1 are enabled by default.
VMware, Inc. 11
Using VMware Horizon Client for iOS
5 To change the cipher control string, replace the default string.
The default cipher control string (AES:!aNULL:@STRENGTH) includes cipher suites that use either 128bit or 256-bit AES encryption, except for anonymous DH algorithms, and sorts them by strength.
6 (Optional) If you need to revert to the default settings, tap to toggle the Reset to Default Settings
option to On.
Your changes take effect the next time you connect to View Connection Server.
Supported Desktop Operating Systems
Administrators create virtual machines with a guest operating system and install View Agent in the guest
operating system. End users can log in to these virtual machines from a client device.
For a list of the supported Windows guest operating systems, see the "Supported Operating Systems for
View Agent" topic in the View 5.x or 6.x installation documentation.
Install or Upgrade Horizon Client on an iOS Device
You can install Horizon Client from the VMware Downloads page or from the App Store.
Prerequisites
If you have not already set up the iOS device, do so. See the user guide from Apple.
n
Verify that you have the URL for a download page that contains the Horizon Client installer. This URL
n
might be the VMware Downloads page at http://www.vmware.com/go/viewclients, or it might be the
URL for a View Connection Server instance.
Procedure
1 On your iOS device, Mac, or PC, browse to the URL for downloading the installer file, or search the
App Store for the Horizon Client app.
2 Download the app.
3 If you downloaded the app to a Mac or PC, connect your iOS device to the computer and follow the
onscreen instructions in iTunes.
4 To determine whether the installation succeeded, verify that the VMware View (Horizon Client 3.0) or
Horizon (Horizon Client 3.1 and later) app icon appears on the iOS device.
Configure AirWatch to Deliver Horizon Client to Mobile Devices
You can configure AirWatch to deliver Horizon Client to mobile device users. You can optionally specify a
default list of View Connection Server instances. The View Connection Server instances that you specify
appear as shortcuts in Horizon Client.
Prerequisites
Install and deploy AirWatch. See http://www.air-watch.com.
n
Become familiar with the AirWatch console. This procedure assumes you know how to use the
n
AirWatch console. For more information, see the AirWatch documentation or online help.
AirWatch integration is supported with Horizon Client 3.2 and later.
Procedure
1 Log in to the AirWatch console as an administrator.
12 VMware, Inc.
Chapter 1 Setup and Installation
2 Select Accounts > Users > List View, click Add User, and add user accounts for the users who will run
Horizon Client on their mobile devices.
3 Select Accounts > Users > User Groups, click Add, and create a user group for the user accounts that
you created.
4 Upload and add the Horizon Client application to AirWatch.
a Select Apps & Books > Applications > List View and click Add Application on the Public tab.
b Search for and select VMware Horizon Client for Apple iOS in the App Store.
c On the Info tab, type an application name and specify the supported mobile device models.
d On the Assignment tab, assign the Horizon Client application to the user group that you created.
e (Optional) To configure a default View Connection Server instance, on the Deployment tab, select
the Send Application Configuration check box, type servers in the Configuration Key text box,
select String from the Value Type drop-down menu, and type an IP address or host name in the
Configuration Value text box.
servers is case sensitive. To specify a list of View Connection Server instances, type multiple IP
addresses or host names, separated by commas, in the Configuration Value text box.
For example: 123.456.1.1, viewserver4.mydomain.com, 123.456.1.2
NOTE This feature is supported only for iOS 7 and later devices. You cannot push a default View
Connection Server list to an iOS 6 device.
f Publish the Horizon Client application.
5 Install and set up the AirWatch MDM Agent on each iOS device.
You can download the AirWatch MDM Agent from iTunes.
6 Use the AirWatch console to install the Horizon Client application on the mobile devices.
You cannot install the Horizon Client application before the effective date on the Deployment tab.
AirWatch delivers Horizon Client to the mobile devices in the user group that you associated with the
Horizon Client application.
When a user launches Horizon Client, Horizon Client communicates with the AirWatch MDM Agent on the
device. If you configured a default list of View Connection Server instances, AirWatch pushes the server
information to the AirWatch MDM Agent on the device and shortcuts for those servers appear in
Horizon Client.
What to do next
You can use the AirWatch console to edit the Horizon Client application and push those changes to mobile
devices. For example, you can add a default View Connection Server instance to the server list for the
Horizon Client application.
Horizon Client Data Collected by VMware
If your company participates in the customer experience improvement program, VMware collects data from
certain Horizon Client fields. Fields containing sensitive information are made anonymous.
VMware collects data on the clients to prioritize hardware and software compatibility. If your company's
administrator has opted to participate in the customer experience improvement program, VMware collects
anonymous data about your deployment in order to improve VMware's response to customer requirements.
No data that identifies your organization is collected. Horizon Client information is sent first to View
Connection Server and then on to VMware, along with data from View servers, desktop pools, and remote
desktops.
VMware, Inc. 13
Using VMware Horizon Client for iOS
Although the information is encrypted while in transit to View Connection Server, the information on the
client system is logged unencrypted in a user-specific directory. The logs do not contain any personally
identifiable information.
The administrator who installs View Connection Server can select whether to participate in the VMware
customer experience improvement program while running the View Connection Server installation wizard,
or an administrator can set an option in View Administrator after the installation.
Table 1‑1. Data Collected from Horizon Clients for the Customer Experience Improvement Program
Description
Company that produced the
Horizon Client application
Product name No VMware Horizon Client
Client product version No (The format is x.x.x-yyyyyy, where x.x.x is the client version
Client binary architecture No Examples include the following:
Client build name No Examples include the following:
Host operating system No Examples include the following:
Host operating system kernel No Examples include the following:
Host operating system architecture No Examples include the following:
Host system model No Examples include the following:
Is This Field
Made
Anonymous
? Example Value
No VMware
number and yyyyyy is the build number.)
i386
n
x86_64
n
arm
n
VMware-Horizon-Client-Win32-Windows
n
VMware-Horizon-Client-Linux
n
VMware-Horizon-Client-iOS
n
VMware-Horizon-Client-Mac
n
VMware-Horizon-Client-Android
n
VMware-Horizon-Client-WinStore
n
Windows 8.1
n
Windows 7, 64-bit Service Pack 1 (Build 7601 )
n
iPhone OS 5.1.1 (9B206)
n
Ubuntu 12.04.4 LTS
n
Mac OS X 10.8.5 (12F45)
n
Windows 6.1.7601 SP1
n
Darwin Kernel Version 11.0.0: Sun Apr 8 21:52:26 PDT
n
2012; root:xnu-1878.11.10~1/RELEASE_ARM_S5L8945X
Darwin 11.4.2
n
Linux 2.6.32-44-generic #98-Ubuntu SMP Mon Sep 24
n
17:27:10 UTC 2012
unknown (for Windows Store)
n
x86_64
n
i386
n
armv71
n
ARM
n
Dell Inc. OptiPlex 960
n
iPad3,3
n
MacBookPro8,2
n
Dell Inc. Precision WorkStation T3400 (A04 03/21/2008)
n
14 VMware, Inc.
Chapter 1 Setup and Installation
Table 1‑1. Data Collected from Horizon Clients for the Customer Experience Improvement Program
(Continued)
Is This Field
Made
Anonymous
Description
Host system CPU No Examples include the following:
Number of cores in the host system's
processor
MB of memory on the host system No Examples include the following:
Number of USB devices connected No 2 (USB device redirection is supported only for Linux,
Maximum concurrent USB device
connections
USB device vendor ID No Examples include the following:
USB device product ID No Examples include the following:
USB device family No Examples include the following:
USB device usage count No (Number of times the device was shared)
? Example Value
Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GH
n
Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GH
n
unknown (for iPad)
n
No
For example: 4
4096
n
unknown (for Windows Store)
n
Windows, and Mac OS X clients.)
No 2
Kingston
n
NEC
n
Nokia
n
Wacom
n
DataTraveler
n
Gamepad
n
Storage Drive
n
Wireless Mouse
n
Security
n
Human Interface Device
n
Imaging
n
VMware, Inc. 15
Loading...