VMware Horizon View - 7.0 Administrator’s Guide

View Administration

VMware Horizon 7

Version 7.0

This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.

EN-002001-00

View Administration

You can find the most up-to-date technical documentation on the VMware Web site at:

http://www.vmware.com/support/

The VMware Web site also provides the latest product updates.

If you have comments about this documentation, submit your feedback to:

docfeedback@vmware.com

VMware, Inc.

3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com

2 VMware, Inc.

View Administration 7

Using View Administrator 9

View Administrator and View Connection Server 9

Tips for Using the View Administrator Interface 10

Troubleshooting the Text Display in View Administrator 12

Configuring View Connection Server 13

Configuring vCenter Server and View Composer 13

Backing Up View Connection Server 25

Configuring Settings for Client Sessions 25

Disable or Enable View Connection Server 36

Edit the External URLs 37

Join or Withdraw from the Customer Experience Program 38

View LDAP Directory 38

Setting Up Smart Card Authentication 41

Logging In with a Smart Card 42

Configure Smart Card Authentication on View Connection Server 42

Configure Smart Card Authentication on Third-Party Solutions 47

Prepare Active Directory for Smart Card Authentication 47

Verify Your Smart Card Authentication Configuration 50

Using Smart Card Certificate Revocation Checking 51

VMware, Inc.

Setting Up Other Types of User Authentication 55

Using Two-Factor Authentication 55

Using SAML Authentication 59

Configure Biometric Authentication 63

Authenticating Users Without Requiring Credentials 65

Using the Log In as Current User Feature Available with Windows-Based Horizon Client 65

Allow Mobile Client Users to Save Credentials 66

Setting Up True SSO 67

Configuring Role-Based Delegated Administration 89

Understanding Roles and Privileges 89

Using Access Groups to Delegate Administration of Pools and Farms 90

Understanding Permissions 91

Manage Administrators 92

Manage and Review Permissions 93

View Administration

Manage and Review Access Groups 95

Manage Custom Roles 97

Predefined Roles and Privileges 99

Required Privileges for Common Tasks 103

Best Practices for Administrator Users and Groups 105

Configuring Policies in View Administrator and Active Directory 107

Setting Policies in View Administrator 107

Using View Group Policy Administrative Template Files 109

Maintaining View Components 115

Backing Up and Restoring View Configuration Data 115

Monitor View Components 123

Monitor Machine Status 123

Understanding View Services 124

Change the Product License Key 126

Monitoring Product License Usage 126

Update General User Information from Active Directory 127

Migrate View Composer to Another Machine 128

Update the Certificates on a View Connection Server Instance, Security Server, or View Composer 133

Information Collected by the Customer Experience Improvement Program 134

Managing View Composer Linked-Clone Desktop Virtual Machines 151

Reduce Linked-Clone Size with Machine Refresh 151

Update Linked-Clone Desktops 153

Rebalance Linked-Clone Virtual Machines 157

Manage View Composer Persistent Disks 160

Managing Desktop Pools, Machines, and Sessions 165

Change the Image of an Instant-Clone Desktop Pool 165

Managing Desktop Pools 166

Managing Virtual Machine-Based Desktops 174

Managing Unmanaged Machines 179

Manage Remote Desktop and Application Sessions 182

Export View Information to External Files 183

Managing Application Pools, Farms, and RDS Hosts 185

Managing Application Pools 185

Managing Farms 186

Managing RDS Hosts 189

Configuring Load Balancing for RDS Hosts 193

Configure an Anti-Affinity Rule for an Application Pool 199

Managing ThinApp Applications in View Administrator 201

View Requirements for ThinApp Applications 201

Capturing and Storing Application Packages 202

Assigning ThinApp Applications to Machines and Desktop Pools 205

Maintaining ThinApp Applications in View Administrator 211

4 VMware, Inc.

Monitoring and Troubleshooting ThinApp Applications in View Administrator 214

ThinApp Configuration Example 217

Contents

Setting Up Clients in Kiosk Mode 219

Configure Clients in Kiosk Mode 219

Troubleshooting View 229

Monitoring System Health 229

Monitor Events in View 230

Collecting Diagnostic Information for View 231

Update Support Requests 235

Troubleshooting an Unsuccessful Security Server Pairing with View Connection Server 235

Troubleshooting View Server Certificate Revocation Checking 236

Troubleshooting Smart Card Certificate Revocation Checking 237

Further Troubleshooting Information 237

Using the vdmadmin Command 239

vdmadmin Command Usage 241

Configuring Logging in Horizon Agent Using the -A Option 243

Overriding IP Addresses Using the -A Option 244

Setting the Name of a View Connection Server Group Using the -C Option 245

Updating Foreign Security Principals Using the -F Option 246

Listing and Displaying Health Monitors Using the -H Option 247

Listing and Displaying Reports of View Operation Using the -I Option 248

Generating View Event Log Messages in Syslog Format Using the -I Option 249

Assigning Dedicated Machines Using the -L Option 250

Displaying Information About Machines Using the -M Option 251

Reclaiming Disk Space on Virtual Machines Using the -M Option 252

Configuring Domain Filters Using the -N Option 253

Configuring Domain Filters 255

Displaying the Machines and Policies of Unentitled Users Using the -O and -P Options 259

Configuring Clients in Kiosk Mode Using the -Q Option 260

Displaying the First User of a Machine Using the -R Option 264

Removing the Entry for a View Connection Server Instance or Security Server Using the -S Option 264

Providing Secondary Credentials for Administrators Using the -T Option 265

Displaying Information About Users Using the -U Option 267

Unlocking or Locking Virtual Machines Using the -V Option 267

Detecting and Resolving LDAP Entry Collisions Using the -X Option 268

Index 271

VMware, Inc. 5

View Administration

6 VMware, Inc.

View Administration

View Administration describes how to configure and administer VMware Horizon® 7, including how to configure View Connection Server, create administrators, set up user authentication, configure policies, and manage VMware ThinApp® applications in View Administrator. This document also describes how to maintain and troubleshoot View components.

Intended Audience

This information is intended for anyone who wants to configure and administer VMware Horizon 7. The information is written for experienced Windows or Linux system administrators who are familiar with virtual machine technology and datacenter operations.

VMware, Inc.

View Administration

8 VMware, Inc.

Using View Administrator 1

View Administrator is the Web interface through which you configure View Connection Server and manage your remote desktops and applications.

For a comparison of the operations that you can perform with View Administrator, View cmdlets, and

vdmadmin, see the View Integration document.

NOTE In Horizon 7, View Administrator is named Horizon Administrator. This document refers to Horizon Administrator as View Administrator.

This chapter includes the following topics:

“View Administrator and View Connection Server,” on page 9

“Log In to View Administrator,” on page 10

“Tips for Using the View Administrator Interface,” on page 10

“Troubleshooting the Text Display in View Administrator,” on page 12

View Administrator and View Connection Server

View Administrator provides a management interface for View.

VMware, Inc.

Depending on your View deployment, you use one or more View Administrator interfaces.

Use one View Administrator interface to manage the View components that are associated with a

single, standalone View Connection Server instance or a group of replicated View Connection Server instances.

You can use the host name or IP address of any replicated instance to log in to View Administrator.

You must use a separate View Administrator interface to manage the View components for each single,

standalone View Connection Server instance and each group of replicated View Connection Server instances.

You also use View Administrator to manage security servers associated with View Connection Server. Each security server is associated with one View Connection Server instance.

NOTE If you use Access Point appliances rather than security servers, you must use the Access Point REST API to manage the Access Point appliances. For more information, see Deploying and Configuring Access Point.

View Administration

Log In to View Administrator

To perform initial configuration tasks, you must log in to View Administrator. You access View Administrator by using a secure (SSL) connection.

Prerequisites

Verify that View Connection Server is installed on a dedicated computer.

Verify that you are using a Web browser supported by View Administrator. For View Administrator

requirements, see the View Installation document.

Procedure

1 Open your Web browser and enter the following URL, where server is the host name of the View

Connection Server instance.

https://server/admin

NOTE You can use the IP address if you have to access a View Connection Server instance when the host name is not resolvable. However, the host that you contact will not match the SSL certificate that is configured for the View Connection Server instance, resulting in blocked access or access with reduced security.

Your access to View Administrator depends on the type of certificate that is configured on the View Connection Server computer.

If you open your Web browser on the View Connection Server host, use https://127.0.0.1 to connect, not https://localhost. This method improves security by avoiding potential DNS attacks on the

localhost resolution.

Option Description

You configured a certificate signed by a CA for View Connection Server.

The default, self-signed certificate supplied with View Connection Server is configured.

When you first connect, your Web browser displays View Administrator.

When you first connect, your Web browser might display a page warning that the security certificate associated with the address is not issued by a trusted certificate authority.

Click Ignore to continue using the current SSL certificate.

2 Log in as a user with credentials to access the View Administrators account.

You specify the View Administrators account when you install a standalone View Connection Server instance or the first View Connection Server instance in a replicated group. The View Administrators account can be the local Administrators group (BUILTIN\Administrators) on the View Connection Server computer or a domain user or group account.

After you log in to View Administrator, you can use View Configuration > Administrators to change the list of users and groups that have the View Administrators role.

Tips for Using the View Administrator Interface

You can use View Administrator user-interface features to navigate View Pages and to find, filter, and sort View objects.

View Administrator includes many common user interface features. For example, the navigation pane on the left side of each page directs you to other View Administrator pages. The search filters let you select filtering criteria that are related to the objects you are searching for.

10 VMware, Inc.

Chapter 1 Using View Administrator

Table 1-1 describes a few additional features that can help you to use View Administrator.

Table 1‑1. View Administrator Navigation and Display Features

View Administrator Feature Description

Navigating backward and forward in View Administrator pages

Bookmarking View Administrator pages

Multicolumn sorting You can sort View objects in a variety of ways by using multicolumn sorting.

Customizing table columns You can customize the display of View Administrator table columns by hiding

Click your browser's Back button to go to the previously displayed View Administrator page. Click the Forward button to return to the current page.

If you click the browser's Back button while you are using a View Administrator wizard or dialog box, you return to the main View Administrator page. The information you entered in the wizard or dialog is lost.

In View versions that preceded the View 5.1 release, you could not use your browser's Back and Forward buttons to navigate within View Administrator. Separate Back and Forward buttons in the View Administrator window were provided for navigation. These buttons are removed in the View 5.1 release.

You can bookmark View Administrator pages in your browser.

Click a heading in the top row of a View Administrator table to sort the View objects in alphabetical order based on that heading.

For example, in the Resources > Machines page, you can click Desktop Pool to sort desktops by the pools that contain them.

The number 1 appears next to the heading to indicate that it is the primary sorting column. You can click the heading again to reverse the sorting order, indicated by an up or down arrow.

To sort the View objects by a secondary item, Ctrl+click another heading.

For example, in the Machines table, you can click Users to perform a secondary sort by users to whom the desktops are dedicated. A number 2 appears next to the secondary heading. In this example, desktops are sorted by pool and by users within each pool.

You can continue to Ctrl+click to sort all the columns in a table in descending order of importance.

Press Ctrl+Shift and click to deselect a sort item.

For example, you might want to display the desktops in a pool that are in a particular state and are stored on a particular datastore. You can select Resources > Machines, click the Datastore heading, and Ctrl+click the Status heading.

selected columns and locking the first column. This feature lets you control the display of large tables such as Catalog > Desktop Pools that contain many columns.

Right-click any column header to display a context menu that lets you take the following actions:

Hide the selected column.

Customize columns. A dialog displays all columns in the table. You can

select the columns to display or hide.

Lock the first column. This option forces the left-hand column to remain

displayed as you scroll horizontally across a table with many columns. For example, on the Catalog > Desktop Pools page, the desktop ID remains displayed as you scroll horizontally to see other desktop characteristics.

VMware, Inc. 11

View Administration

Table 1‑1. View Administrator Navigation and Display Features (Continued)

View Administrator Feature Description

Selecting View objects and displaying View object details

Expanding dialog boxes to view details You can expand View Administrator dialog boxes to view details such as

Displaying context menus for View objects

In View Administrator tables that list View objects, you can select an object or display object details.

To select an object, click anywhere in the object's row in the table. At the

top of the page, menus and commands that manage the object become active.

To display object details, double-click the left cell in the object's row. A

new page displays the object's details.

For example, on the Catalog > Desktop Pools page, click anywhere in an individual pool's row to activate commands that affect the pool.

Double-click the ID cell in the left column to display a new page that contains details about the pool.

desktop names and user names in table columns.

To expand a dialog box, place your mouse over the dots in the lower right corner of the dialog box and drag the corner.

You can right-click View objects in View Administrator tables to display context menus. A context menu gives you access to the commands that operate on the selected View object.

For example, in the Catalog > Desktop Pools page, you can right-click a desktop pool to display commands such as Add, Edit, Delete, Disable (or Enable) Provisioning, and so on.

Troubleshooting the Text Display in View Administrator

If your Web browser runs on a non-Windows operating system such as Linux, UNIX, or Mac OS, the text in View Administrator does not display properly.

Problem

The text in the View Administrator interface is garbled. For example, spaces occur in the middle of words.

Cause

View Administrator requires Microsoft-specific fonts.

Solution

Install Microsoft-specific fonts on your computer.

Currently, the Microsoft Web site does not distribute Microsoft fonts, but you can download them from independent Web sites.

12 VMware, Inc.

Configuring View Connection Server 2

After you install and perform initial configuration of View Connection Server, you can add vCenter Server instances and View Composer services to your View deployment, set up roles to delegate administrator responsibilities, and schedule backups of your configuration data.

This chapter includes the following topics:

“Configuring vCenter Server and View Composer,” on page 13

“Backing Up View Connection Server,” on page 25

“Configuring Settings for Client Sessions,” on page 25

“Disable or Enable View Connection Server,” on page 36

“Edit the External URLs,” on page 37

“Join or Withdraw from the Customer Experience Program,” on page 38

“View LDAP Directory,” on page 38

Configuring vCenter Server and View Composer

To use virtual machines as remote desktops, you must configure View to communicate with vCenter Server. To create and manage linked-clone desktop pools, you must configure View Composer settings in View Administrator.

You can also configure storage settings for View. You can allow ESXi hosts to reclaim disk space on linkedclone virtual machines. To allow ESXi hosts to cache virtual machine data, you must enable View Storage Accelerator for vCenter Server.

Create a User Account for View Composer AD Operations

If you use View Composer, you must create a user account in Active Directory that allows View Composer to perform certain operations in Active Directory. View Composer requires this account to join linked-clone virtual machines to your Active Directory domain.

To ensure security, you should create a separate user account to use with View Composer. By creating a separate account, you can guarantee that it does not have additional privileges that are defined for another purpose. You can give the account the minimum privileges that it needs to create and remove computer objects in a specified Active Directory container. For example, the View Composer account does not require domain administrator privileges.

Procedure

1 In Active Directory, create a user account in the same domain as your View Connection Server host or

in a trusted domain.

VMware, Inc.

View Administration

2 Add the Create Computer Objects, Delete Computer Objects, and Write All Properties permissions to

the account in the Active Directory container in which the linked-clone computer accounts are created or to which the linked-clone computer accounts are moved.

The following list shows all the required permissions for the user account, including permissions that are assigned by default:

List Contents

Read All Properties

Write All Properties

Read Permissions

Reset Password

Create Computer Objects

Delete Computer Objects

NOTE Fewer permissions are required if you select the Allow reuse of pre-existing computer accounts setting for a desktop pool. Make sure that the following permissions are assigned to the user account:

List Contents

Read All Properties

Read Permissions

Reset Password

3 Make sure that the user account's permissions apply to the Active Directory container and to all child

objects of the container.

What to do next

Specify the account in View Administrator when you configure View Composer domains in the Add vCenter Server wizard and when you configure and deploy linked-clone desktop pools.

Add vCenter Server Instances to View

You must configure View to connect to the vCenter Server instances in your View deployment. vCenter Server creates and manages the virtual machines that View uses in desktop pools.

If you run vCenter Server instances in a Linked Mode group, you must add each vCenter Server instance to View separately.

View connects to the vCenter Server instance using a secure channel (SSL).

Prerequisites

Install the View Connection Server product license key.

Prepare a vCenter Server user with permission to perform the operations in vCenter Server that are

necessary to support View. To use View Composer, you must give the user additional privileges.

For details about configuring a vCenter Server user for View, see the View Installation document.

Verify that a TLS/SSL server certificate is installed on the vCenter Server host. In a production

environment, install a valid certificate that is signed by a trusted Certificate Authority (CA).

In a testing environment, you can use the default certificate that is installed with vCenter Server, but you must accept the certificate thumbprint when you add vCenter Server to View.

14 VMware, Inc.

Chapter 2 Configuring View Connection Server

Verify that all View Connection Server instances in the replicated group trust the root CA certificate for

the server certificate that is installed on the vCenter Server host. Check if the root CA certificate is in the Trusted Root Certification Authorities > Certificates folder in the Windows local computer certificate stores on the View Connection Server hosts. If it is not, import the root CA certificate into the Windows local computer certificate stores.

See "Import a Root Certificate and Intermediate Certificates into a Windows Certificate Store," in the View Installation document.

Verify that the vCenter Server instance contains ESXi hosts. If no hosts are configured in the vCenter

Server instance, you cannot add the instance to View.

If you upgrade to vSphere 5.5 or a later release, verify that the domain administrator account that you

use as the vCenter Server user was explicitly assigned permissions to log in to vCenter Server by a vCenter Server local user.

If you plan to use View in FIPS mode, verify that you have vCenter Server 6.0 or later and ESXi 6.0 or

later hosts.

For more information, see "Installing View in FIPS Mode," in the View Installation document.

Familiarize yourself with the settings that determine the maximum operations limits for vCenter Server

and View Composer. See “Concurrent Operations Limits for vCenter Server and View Composer,” on page 20 and “Setting a Concurrent Power Operations Rate to Support Remote Desktop Logon

Storms,” on page 21.

Procedure

1 In View Administrator, select View Configuration > Servers.

2 On the vCenter Servers tab, click Add.

3 In the vCenter Server Settings Server address text box, type the fully qualified domain name (FQDN) of

the vCenter Server instance.

The FQDN includes the host name and domain name. For example, in the FQDN

myserverhost.companydomain.com, myserverhost is the host name and companydomain.com is the domain.

NOTE If you enter a server by using a DNS name or URL, View does not perform a DNS lookup to verify whether an administrator previously added this server to View by using its IP address. A conflict arises if you add a vCenter Server with both its DNS name and its IP address.

4 Type the name of the vCenter Server user.

For example: domain\user or user@domain.com

5 Type the vCenter Server user password.

6 (Optional) Type a description for this vCenter Server instance.

7 Type the TCP port number.

The default port is 443.

8 Under Advanced Settings, set the concurrent operations limits for vCenter Server and View Composer

operations.

9 Click Next to display the View Composer Settings page.

What to do next

Configure View Composer settings.

If the vCenter Server instance is configured with a signed SSL certificate, and View Connection Server

trusts the root certificate, the Add vCenter Server wizard displays the View Composer Settings page.

VMware, Inc. 15

View Administration

If the vCenter Server instance is configured with a default certificate, you must first determine whether

to accept the thumbprint of the existing certificate. See “Accept the Thumbprint of a Default SSL

Certificate,” on page 22.

If View uses multiple vCenter Server instances, repeat this procedure to add the other vCenter Server instances.

Configure View Composer Settings

To use View Composer, you must configure settings that allow View to connect to the VMware Horizon View Composer service. View Composer can be installed on its own separate host or on the same host as vCenter Server.

There must be a one-to-one mapping between each VMware Horizon View Composer service and vCenter Server instance. A View Composer service can operate with only one vCenter Server instance. A vCenter Server instance can be associated with only one VMware Horizon View Composer service.

After the initial View deployment, you can migrate the VMware Horizon View Composer service to a new host to support a growing or changing View deployment. You can edit the initial View Composer settings in View Administrator, but you must perform additional steps to ensure that the migration succeeds. See

“Migrate View Composer to Another Machine,” on page 128.

Prerequisites

Verify that you created a user in Active Directory with permission to add and remove virtual machines

from the Active Directory domain that contains your linked clones. See “Create a User Account for

View Composer AD Operations,” on page 13.

Verify that you configured View to connect to vCenter Server. To do so, you must complete the vCenter

Server Information page in the Add vCenter Server wizard. See “Add vCenter Server Instances to

View,” on page 14.

Verify that this VMware Horizon View Composer service is not already configured to connect to a

different vCenter Server instance.

Procedure

1 In View Administrator, complete the vCenter Server Information page in the Add vCenter Server

wizard.

a Select View Configuration > Servers.

b On the vCenter Servers tab, click Add and provide the vCenter Server settings.

2 On the View Composer Settings page, if you are not using View Composer, select Do not use View

Composer.

If you select Do not use View Composer, the other View Composer settings become inactive. When you click Next, the Add vCenter Server wizard displays the Storage Settings page. The View Composer Domains page is not displayed.

16 VMware, Inc.

Chapter 2 Configuring View Connection Server

3 If you are using View Composer, select the location of the View Composer host.

Option Description

View Composer is installed on the same host as vCenter Server.

View Composer is installed on its own separate host.

a Select View Composer co-installed with the vCenter Server.

b Make sure that the port number is the same as the port that you

specified when you installed the VMware Horizon View Composer service on vCenter Server. The default port number is 18443.

a Select Standalone View Composer Server.

b In the View Composer server address text box, type the fully qualified

domain name (FQDN) of the View Composer host.

c Type the name of the View Composer user.

For example: domain.com\user or user@domain.com

d Type the password of the View Composer user.

e Make sure that the port number is the same as the port that you

specified when you installed the VMware Horizon View Composer service. The default port number is 18443.

4 Click Next to display the View Composer Domains page.

What to do next

Configure View Composer domains.

If the View Composer instance is configured with a signed SSL certificate, and View Connection Server

trusts the root certificate, the Add vCenter Server wizard displays the View Composer Domains page.

If the View Composer instance is configured with a default certificate, you must first determine

whether to accept the thumbprint of the existing certificate. See “Accept the Thumbprint of a Default

SSL Certificate,” on page 22.

Configure View Composer Domains

You must configure an Active Directory domain in which View Composer deploys linked-clone desktops. You can configure multiple domains for View Composer. After you first add vCenter Server and View Composer settings to View, you can add more View Composer domains by editing the vCenter Server instance in View Administrator.

Prerequisites

Your Active Directory administrator must create a View Composer user for AD operations. This

domain user must have permission to add and remove virtual machines from the Active Directory domain that contains your linked clones. For information about the required permissions for this user, see “Create a User Account for View Composer AD Operations,” on page 13.

In View Administrator, verify that you completed the vCenter Server Information and View Composer

Settings pages in the Add vCenter Server wizard.

Procedure

1 On the View Composer Domains page, click Add to add the View Composer user for AD operations

account information.

2 Type the domain name of the Active Directory domain.

For example: domain.com

3 Type the domain user name, including the domain name, of the View Composer user.

For example: domain.com\admin

4 Type the account password.

VMware, Inc. 17

View Administration

5 Click OK.

6 To add domain user accounts with privileges in other Active Directory domains in which you deploy

linked-clone pools, repeat the preceding steps.

7 Click Next to display the Storage Settings page.

What to do next

Enable virtual machine disk space reclamation and configure View Storage Accelerator for View.

Allow vSphere to Reclaim Disk Space in Linked-Clone Virtual Machines

In vSphere 5.1 and later, you can enable the disk space reclamation feature for View. Starting in vSphere 5.1, View creates linked-clone virtual machines in an efficient disk format that allows ESXi hosts to reclaim unused disk space in the linked clones, reducing the total storage space required for linked clones.

As users interact with linked-clone desktops, the clones' OS disks grow and can eventually use almost as much disk space as full-clone desktops. Disk space reclamation reduces the size of the OS disks without requiring you to refresh or recompose the linked clones. Space can be reclaimed while the virtual machines are powered on and users are interacting with their remote desktops.

Disk space reclamation is especially useful for deployments that cannot take advantage of storage-saving strategies such as refresh on logoff. For example, knowledge workers who install user applications on dedicated remote desktops might lose their personal applications if the remote desktops were refreshed or recomposed. With disk space reclamation, View can maintain linked clones at close to the reduced size they start out with when they are first provisioned.

This feature has two components: space-efficient disk format and space reclamation operations.

In a vSphere 5.1 or later environment, when a parent virtual machine is virtual hardware version 9 or later, View creates linked clones with space-efficient OS disks, whether or not space reclamation operations are enabled.

To enable space reclamation operations, you must use View Administrator to enable space reclamation for vCenter Server and reclaim VM disk space for individual desktop pools. The space reclamation setting for vCenter Server gives you the option to disable this feature on all desktop pools that are managed by the vCenter Server instance. Disabling the feature for vCenter Server overrides the setting at the desktop pool level.

The following guidelines apply to the space reclamation feature:

It operates only on space-efficient OS disks in linked clones.

It does not affect View Composer persistent disks.

It works only with vSphere 5.1 or later and only on virtual machines that are virtual hardware version 9

or later.

It does not operate on full-clone desktops.

It operates on virtual machines with SCSI controllers. IDE controllers are not supported.

Native NFS snapshot technology (VAAI) is not supported in pools that contain virtual machines with spaceefficient disks.

Prerequisites

Verify that your vCenter Server and ESXi hosts, including all ESXi hosts in a cluster, are version 5.1

with ESXi 5.1 download patch ESXi510-201212001 or later.

18 VMware, Inc.

Chapter 2 Configuring View Connection Server

Procedure

1 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage

Settings page.

a Select View Configuration > Servers.

b On the vCenter Servers tab, click Add.

c Complete the vCenter Server Information, View Composer Settings, and View Composer Domains

pages.

2 On the Storage Settings page, make sure that Enable space reclamation is selected.

Space reclamation is selected by default if you are performing a fresh installation of View 5.2 or later. You must select Enable space reclamation if you are upgrading to View 5.2 or later from View 5.1 or an earlier release.

What to do next

On the Storage Settings page, configure View Storage Accelerator.

To finish configuring disk space reclamation in View, set up space reclamation for desktop pools.

Configure View Storage Accelerator for vCenter Server

In vSphere 5.0 and later, you can configure ESXi hosts to cache virtual machine disk data. This feature, called View Storage Accelerator, uses the Content Based Read Cache (CBRC) feature in ESXi hosts. View Storage Accelerator improves View performance during I/O storms, which can take place when many virtual machines start up or run anti-virus scans at once. The feature is also beneficial when administrators or users load applications or data frequently. Instead of reading the entire OS or application from the storage system over and over, a host can read common data blocks from cache.

By reducing the number of IOPS during boot storms, View Storage Accelerator lowers the demand on the storage array, which lets you use less storage I/O bandwidth to support your View deployment.

You enable caching on your ESXi hosts by selecting the View Storage Accelerator setting in the vCenter Server wizard in View Administrator, as described in this procedure.

Make sure that View Storage Accelerator is also configured for individual desktop pools. To operate on a desktop pool, View Storage Accelerator must be enabled for vCenter Server and for the individual desktop pool.

View Storage Accelerator is enabled for desktop pools by default. The feature can be disabled or enabled when you create or edit a pool. The best approach is to enable this feature when you first create a desktop pool. If you enable the feature by editing an existing pool, you must ensure that a new replica and its digest disks are created before linked clones are provisioned. You can create a new replica by recomposing the pool to a new snapshot or rebalancing the pool to a new datastore. Digest files can only be configured for the virtual machines in a desktop pool when they are powered off.

You can enable View Storage Accelerator on desktop pools that contain linked clones and pools that contain full virtual machines.

View Storage Accelerator is now qualified to work in configurations that use View replica tiering, in which replicas are stored on a separate datastore than linked clones. Although the performance benefits of using View Storage Accelerator with View replica tiering are not materially significant, certain capacity-related benefits might be realized by storing the replicas on a separate datastore. Hence, this combination is tested and supported.

IMPORTANT If you plan to use this feature and you are using multiple View pods that share some ESXi hosts, you must enable the View Storage Accelerator feature for all pools that are on the shared ESXi hosts. Having inconsistent settings in multiple pods can cause instability of the virtual machines on the shared ESXi hosts.

VMware, Inc. 19

View Administration

Prerequisites

Procedure

1 In View Administrator, complete the Add vCenter Server wizard pages that precede the Storage

2 On the Storage Settings page, make sure that the Enable View Storage Accelerator check box is

Verify that your vCenter Server and ESXi hosts are version 5.0 or later.

In an ESXi cluster, verify that all the hosts are version 5.0 or later.

Verify that the vCenter Server user was assigned the Host > Configuration > Advanced settings privilege in vCenter Server.

See the topics in the View Installation document that describe View and View Composer privileges required for the vCenter Server user.

Settings page.

a Select View Configuration > Servers.

b On the vCenter Servers tab, click Add.

c Complete the vCenter Server Information, View Composer Settings, and View Composer Domains

pages.

selected.

This check box is selected by default.

3 Specify a default host cache size.

The default cache size applies to all ESXi hosts that are managed by this vCenter Server instance.

The default value is 1,024MB. The cache size must be between 100MB and 2,048MB.

4 To specify a different cache size for an individual ESXi host, select an ESXi host and click Edit cache

size.

a In the Host cache dialog box, check Override default host cache size.

b Type a Host cache size value between 100MB and 2,048MB and click OK.

5 On the Storage Settings page, click Next.

6 Click Finish to add vCenter Server, View Composer, and Storage Settings to View.

What to do next

Configure settings for client sessions and connections. See “Configuring Settings for Client Sessions,” on page 25.

To complete View Storage Accelerator settings in View, configure View Storage Accelerator for desktop pools. See "Configure View Storage Accelerator for Desktop Pools" in the Setting Up Desktop and Application Pools in View document.

Concurrent Operations Limits for vCenter Server and View Composer

When you add vCenter Server to View or edit the vCenter Server settings, you can configure several options that set the maximum number of concurrent operations that are performed by vCenter Server and View Composer.

You configure these options in the Advanced Settings panel on the vCenter Server Information page.

20 VMware, Inc.

Chapter 2 Configuring View Connection Server

Table 2‑1. Concurrent Operations Limits for vCenter Server and View Composer

Setting Description

Max concurrent vCenter provisioning operations

Max concurrent power operations

Max concurrent View Composer maintenance operations

Max concurrent View Composer provisioning operations

Determines the maximum number of concurrent requests that View Connection Server can make to provision and delete full virtual machines in this vCenter Server instance.

The default value is 20.

This setting applies to full virtual machines only.

Determines the maximum number of concurrent power operations (startup, shutdown, suspend, and so on) that can take place on virtual machines managed by View Connection Server in this vCenter Server instance.

The default value is 50.

For guidelines for calculating a value for this setting, see “Setting a Concurrent Power

Operations Rate to Support Remote Desktop Logon Storms,” on page 21.

This setting applies to full virtual machines and linked clones.

Determines the maximum number of concurrent View Composer refresh, recompose, and rebalance operations that can take place on linked clones managed by this View Composer instance.

The default value is 12.

Remote desktops that have active sessions must be logged off before a maintenance operation can begin. If you force users to log off as soon as a maintenance operation begins, the maximum number of concurrent operations on remote desktops that require logoffs is half the configured value. For example, if you configure this setting as 24 and force users to log off, the maximum number of concurrent operations on remote desktops that require logoffs is 12.

This setting applies to linked clones only.

Determines the maximum number of concurrent creation and deletion operations that can take place on linked clones managed by this View Composer instance.

The default value is 8.

This setting applies to linked clones only.

Setting a Concurrent Power Operations Rate to Support Remote Desktop Logon Storms

The Max concurrent power operations setting governs the maximum number of concurrent power operations that can occur on remote desktop virtual machines in a vCenter Server instance. This limit is set to 50 by default. You can change this value to support peak power-on rates when many users log on to their desktops at the same time.

As a best practice, you can conduct a pilot phase to determine the correct value for this setting. For planning guidelines, see "Architecture Design Elements and Planning Guidelines" in the View Architecture Planning document.

The required number of concurrent power operations is based on the peak rate at which desktops are powered on and the amount of time it takes for the desktop to power on, boot, and become available for connection. In general, the recommended power operations limit is the total time it takes for the desktop to start multiplied by the peak power-on rate.

For example, the average desktop takes two to three minutes to start. Therefore, the concurrent power operations limit should be 3 times the peak power-on rate. The default setting of 50 is expected to support a peak power-on rate of 16 desktops per minute.

The system waits a maximum of five minutes for a desktop to start. If the start time takes longer, other errors are likely to occur. To be conservative, you can set a concurrent power operations limit of 5 times the peak power-on rate. With a conservative approach, the default setting of 50 supports a peak power-on rate of 10 desktops per minute.

VMware, Inc. 21

View Administration

Logons, and therefore desktop power on operations, typically occur in a normally distributed manner over a certain time window. You can approximate the peak power-on rate by assuming that it occurs in the middle of the time window, during which about 40% of the power-on operations occur in 1/6th of the time window. For example, if users log on between 8:00 AM and 9:00 AM, the time window is one hour, and 40% of the logons occur in the 10 minutes between 8:25 AM and 8:35 AM. If there are 2,000 users, 20% of whom have their desktops powered off, then 40% of the 400 desktop power-on operations occur in those 10 minutes. The peak power-on rate is 16 desktops per minute.

Accept the Thumbprint of a Default SSL Certificate

When you add vCenter Server and View Composer instances to View, you must ensure that the SSL certificates that are used for the vCenter Server and View Composer instances are valid and trusted by View Connection Server. If the default certificates that are installed with vCenter Server and View Composer are still in place, you must determine whether to accept these certificates' thumbprints.

If a vCenter Server or View Composer instance is configured with a certificate that is signed by a CA, and the root certificate is trusted by View Connection Server, you do not have to accept the certificate thumbprint. No action is required.

If you replace a default certificate with a certificate that is signed by a CA, but View Connection Server does not trust the root certificate, you must determine whether to accept the certificate thumbprint. A thumbprint is a cryptographic hash of a certificate. The thumbprint is used to quickly determine if a presented certificate is the same as another certificate, such as the certificate that was accepted previously.

NOTE If you install vCenter Server and View Composer on the same Windows Server host, they can use the same SSL certificate, but you must configure the certificate separately for each component.

For details about configuring SSL certificates, see "Configuring SSL Certificates for View Servers" in the View Installation document.

You first add vCenter Server and View Composer in View Administrator by using the Add vCenter Server wizard. If a certificate is untrusted and you do not accept the thumbprint, you cannot add vCenter Server and View Composer.

After these servers are added, you can reconfigure them in the Edit vCenter Server dialog box.

NOTE You also must accept a certificate thumbprint when you upgrade from an earlier release and a vCenter Server or View Composer certificate is untrusted, or if you replace a trusted certificate with an untrusted certificate.

On the View Administrator dashboard, the vCenter Server or View Composer icon turns red and an Invalid Certificate Detected dialog box appears. You must click Verify and follow the procedure shown here.

Similarly, in View Administrator you can configure a SAML authenticator for use by a View Connection Server instance. If the SAML server certificate is not trusted by View Connection Server, you must determine whether to accept the certificate thumbprint. If you do not accept the thumbprint, you cannot configure the SAML authenticator in View. After a SAML authenticator is configured, you can reconfigure it in the Edit View Connection Server dialog box.

Procedure

1 When View Administrator displays an Invalid Certificate Detected dialog box, click View Certificate.

2 Examine the certificate thumbprint in the Certificate Information window.

22 VMware, Inc.

Chapter 2 Configuring View Connection Server

3 Examine the certificate thumbprint that was configured for the vCenter Server or View Composer

instance.

a On the vCenter Server or View Composer host, start the MMC snap-in and open the Windows

Certificate Store.

b Navigate to the vCenter Server or View Composer certificate.

c Click the Certificate Details tab to display the certificate thumbprint.

Similarly, examine the certificate thumbprint for a SAML authenticator. If appropriate, take the preceding steps on the SAML authenticator host.

4 Verify that the thumbprint in the Certificate Information window matches the thumbprint for the

vCenter Server or View Composer instance.

Similarly, verify that the thumbprints match for a SAML authenticator.

5 Determine whether to accept the certificate thumbprint.

Option Description

The thumbprints match.

The thumbprints do not match.

Click Accept to use the default certificate.

Click Reject.

Troubleshoot the mismatched certificates. For example, you might have provided an incorrect IP address for vCenter Server or View Composer.

Remove a vCenter Server Instance from View

You can remove the connection between View and a vCenter Server instance. When you do so, View no longer manages the virtual machines created in that vCenter Server instance.

Prerequisites

Delete all the virtual machines that are associated with the vCenter Server instance. See “Delete a Desktop

Pool,” on page 172.

Procedure

1 Click View Configuration > Servers.

2 On the vCenter Servers tab, select the vCenter Server instance.

3 Click Remove.

A dialog warns you that View will no longer have access to the virtual machines that are managed by this vCenter Server instance.

4 Click OK.

View can no longer access the virtual machines created in the vCenter Server instance.

Remove View Composer from View

You can remove the connection between View and the VMware Horizon View Composer service that is associated with a vCenter Server instance.

Before you disable the connection to View Composer, you must remove from View all the linked-clone virtual machines that were created by View Composer. View prevents you from removing View Composer if any associated linked clones still exist. After the connection to View Composer is disabled, View cannot provision or manage new linked clones.

VMware, Inc. 23

View Administration

Procedure

1 Remove the linked-clone desktop pools that were created by View Composer.

2 Select View Configuration > Servers.

3 On the vCenter Servers tab, select the vCenter Server instance with which View Composer is

4 Click Edit.

5 Under View Composer Server Settings, click Edit, select Do not use View Composer, and click OK.

a In View Administrator, select Catalog > Desktop Pools.

b Select a linked-clone desktop pool and click Delete.

A dialog box warns that you will permanently delete the linked-clone desktop pool from View. If the linked-clone virtual machines are configured with persistent disks, you can detach or delete the persistent disks.

c Click OK.

The virtual machines are deleted from vCenter Server. In addition, the associated View Composer database entries and the replicas that were created by View Composer are removed.

d Repeat these steps for each linked-clone desktop pool that was created by View Composer.

associated.

You can no longer create linked-clone desktop pools in this vCenter Server instance, but you can continue to create and manage full virtual-machine desktop pools in the vCenter Server instance.

What to do next

If you intend to install View Composer on another host and reconfigure View to connect to the new VMware Horizon View Composer service, you must perform certain additional steps. See “Migrate View

Composer Without Linked-Clone Virtual Machines,” on page 131.

Conflicting vCenter Server Unique IDs

If you have multiple vCenter Server instances configured in your environment, an attempt to add a new instance might fail because of conflicting unique IDs.

Problem

You try to add a vCenter Server instance to View, but the unique ID of the new vCenter Server instance conflicts with an existing instance.

Cause

Two vCenter Server instances cannot use the same unique ID. By default, a vCenter Server unique ID is randomly generated, but you can edit it.

Solution

1 In vSphere Client, click Administration > vCenter Server Settings > Runtime Settings.

2 Type a new unique ID and click OK.

For details about editing vCenter Server unique ID values, see the vSphere documentation.

24 VMware, Inc.

Backing Up View Connection Server

After you complete the initial configuration of View Connection Server, you should schedule regular backups of your View and View Composer configuration data.

For information about backing up and restoring your View configuration, see “Backing Up and Restoring

View Configuration Data,” on page 115.

Configuring Settings for Client Sessions

You can configure global settings that affect the client sessions and connections that are managed by a View Connection Server instance or replicated group. You can set the session timeout length, display prelogin and warning messages, and set security-related client connection options.

Set Options for Client Sessions and Connections

You configure global settings to determine the way client sessions and connections work.

The global settings are not specific to a single View Connection Server instance. They affect all client sessions that are managed by a standalone View Connection Server instance or a group of replicated instances.

Chapter 2 Configuring View Connection Server

You can also configure View Connection Server instances to use direct, nontunneled connections between Horizon clients and remote desktops. See “Configure the Secure Tunnel and PCoIP Secure Gateway,” on page 32 for information about configuring direct connections.

Prerequisites

Familiarize yourself with the global settings. See “Global Settings for Client Sessions,” on page 26 and

“Global Security Settings for Client Sessions and Connections,” on page 28.

Procedure

1 In View Administrator, select View Configuration > Global Settings.

2 Choose whether to configure general settings or security settings.

Option Description

General global settings

Global security settings

3 Configure the global settings.

4 Click OK.

What to do next

You can change the data recovery password that was provided during installation. See “Change the Data

Recovery Password,” on page 25.

In the General pane, click Edit.

In the Security pane, click Edit.

Change the Data Recovery Password

You provide a data recovery password when you install View Connection Server version 5.1 or later. After installation, you can change this password in View Administrator. The password is required when you restore the View LDAP configuration from a backup.

When you back up View Connection Server, the View LDAP configuration is exported as encrypted LDIF data. To restore the encrypted backup View configuration, you must provide the data recovery password.

VMware, Inc. 25

View Administration

The password must contain between 1 and 128 characters. Follow your organization's best practices for generating secure passwords.

Procedure

1 In View Administrator, select View Configuration > Global Settings.

2 In the Security pane, click Change data recovery password.

3 Type and retype the new password.

4 (Optional) Type a password reminder.

NOTE You can also change the data recovery password when you schedule your View configuration data to be backed up. See “Schedule View Configuration Backups,” on page 116.

What to do next

When you use the vdmimport utility to restore a backup View configuration, provide the new password.

Global Settings for Client Sessions

General global settings determine session timeout lengths, SSO enablement and timeout limits, status updates in View Administrator, whether prelogin and warning messages are displayed, and whether View Administrator treats Windows Server as a supported operating system for remote desktops.

Changes to any of the settings in the table below take effect immediately. You do not need to restart View Connection Server or Horizon Client.

Table 2‑2. General Global Settings for Client Sessions

Setting Description

View Administrator session timeout

Forcibly disconnect users Disconnects all desktops and applications after the specified number of minutes

Determines how long an idle View Administrator session continues before the session times out.

IMPORTANT Setting the View Administrator session timeout to a high number of minutes increases the risk of unauthorized use of View Administrator. Use caution when you allow an idle session to persist a long time.

By default, the View Administrator session timeout is 30 minutes. You can set a session timeout from 1 to 4320 minutes (72 hours).

has passed since the user logged in to View. All desktops and applications will be disconnected at the same time regardless of when the user opened them.

For clients that do not support application remoting, a maximum timeout value of 1200 minutes applies if the value of this setting is Never or greater than 1200 minutes.

The default is After 600 minutes.

26 VMware, Inc.

Chapter 2 Configuring View Connection Server

Table 2‑2. General Global Settings for Client Sessions (Continued)

Setting Description

Single sign-on (SSO) If SSO is enabled, View caches a user's credentials so that the user can launch

For clients that support applications.

If the user stops using the keyboard and mouse, disconnect their applications and discard SSO credentials:

Other clients.

Discard SSO credentials:

Enable automatic status updates Determines if status updates appear in the global status pane in the upper-left

Display a pre-login message Displays a disclaimer or another message to Horizon Client users when they log

remote desktops or applications without having to provide credentials to log in to the remote Windows session. The default is Enabled.

If you plan to use the True SSO feature, introduced in Horizon 7 or later, SSO must be enabled. With True SSO, if a user logs in using some other form of authentication than Active Directory credentials, the True SSO feature generates short-term certificates to use, rather than cached credentials, after users log in to VMware Identity Manager.

NOTE If a desktop is launched from Horizon Client, and the desktop is locked, either by the user or by Windows based on a security policy, and if the desktop is running View Agent 6.0 or later or Horizon Agent 7.0 or later, View Connection Server discards the user's SSO credentials. The user must provide login credentials to launch a new desktop or a new application, or reconnect to any disconnected desktop or application. To enable SSO again, the user must disconnect from View Connection Server or exit Horizon Client, and reconnect to View Connection Server. However, if the desktop is launched from Workspace Portal or VMware Identity Manager and the desktop is locked, SSO credentials are not discarded.

Protects application sessions when there is no keyboard or mouse activity on the client device. If set to After ... minutes, View disconnects all applications and discards SSO credentials after the specified number of minutes without user activity. Desktop sessions are not disconnected. Users must log in again to reconnect to the applications that were disconnected or launch a new desktop or application.

This setting also applies to the True SSO feature. After SSO credentials are discarded, users are prompted for Active Directory credentials. If users logged in to VMware Identity Manager without using AD credentials and do not know what AD credentials to enter, users can log out and log in to VMware Identity Manager again to access their remote desktops and applications.

IMPORTANT Users must be aware that when they have both applications and desktops open, and their applications are disconnected because of this timeout, their desktops remain connected. Users must not rely on this timeout to protect their desktops.

If set to Never, View never disconnects applications or discards SSO credentials due to user inactivity.

The default is Never.

Discards SSO credentials after the specified number of minutes. This setting is for clients that do not support application remoting. If set to After ... minutes, users must log in again to connect to a desktop after the specified number of minutes has passed since the user logged in to View, regardless of any user activity on the client device.

If set to Never, View stores SSO credentials until the user closes Horizon Client, or the Forcibly disconnect users timeout is reached, whichever comes first.

The default is After 15 minutes.

corner of View Administrator every few minutes. The dashboard page of View Administrator is also updated every few minutes.

By default, this setting is not enabled.

in.

Type your information or instructions in the text box in the Global Settings dialog box.

To display no message, leave the check box unselected.

VMware, Inc. 27

View Administration

Table 2‑2. General Global Settings for Client Sessions (Continued)

Setting Description

Display warning before forced logoff

Enable Windows Server desktops Determines whether you can select available Windows Server 2008 R2 and

Mirage Server configuration Allows you to specify the URL of a Mirage server, using the format

Displays a warning message when users are forced to log off because a scheduled or immediate update such as a desktop-refresh operation is about to start. This setting also determines how long to wait after the warning is shown before the user is logged off.

Check the box to display a warning message.

Type the number of minutes to wait after the warning is displayed and before logging off the user. The default is 5 minutes.

Type your warning message. You can use the default message:

Your desktop is scheduled for an important update and will be shut down in 5 minutes. Please save any unsaved work now.

Windows Server 2012 R2 machines for use as desktops. When this setting is enabled, View Administrator displays all available Windows Server machines, including machines on which View server components are installed.

NOTE The Horizon Agent software cannot coexist on the same virtual or physical machine with any other View server software component, including a security server, View Connection Server, or View Composer.

mirage://server-name:port or mirages://server-name:port. Here server- name is the fully qualified domain name. If you do not specify the port number,

the default port number 8000 is used.

NOTE You can override this global setting by specifying a Mirage server in the desktop pool settings.

Specifying the Mirage server in View Administrator is an alternative to specifying the Mirage server when installing the Mirage client. To find out which versions of Mirage support having the server specified in View Administrator, see the Mirage documentation, at

https://www.vmware.com/support/pubs/mirage_pubs.html.

Global Security Settings for Client Sessions and Connections

Global security settings determine whether clients are reauthenticated after interruptions, message security mode is enabled, and IPSec is used for security server connections.

SSL is required for all Horizon Client connections and View Administrator connections to View. If your View deployment uses load balancers or other client-facing, intermediate servers, you can off-load SSL to them and then configure non-SSL connections on individual View Connection Server instances and security servers. See “Off-load SSL Connections to Intermediate Servers,” on page 34.

28 VMware, Inc.

Chapter 2 Configuring View Connection Server

Table 2‑3. Global Security Settings for Client Sessions and Connections

Setting Description

Reauthenticate secure tunnel connections after network interruption

Message security mode Determines the security mechanism used for sending JMS messages between

Enhanced Security Status (Read-

only)

Use IPSec for Security Server connections

Determines if user credentials must be reauthenticated after a network interruption when Horizon clients use secure tunnel connections to remote desktops.

When you select this setting, if a secure tunnel connection is interrupted, Horizon Client requires the user to reauthenticate before reconnecting.

This setting offers increased security. For example, if a laptop is stolen and moved to a different network, the user cannot automatically gain access to the remote desktop without entering credentials.

When this setting is not selected, the client reconnects to the remote desktop without requiring the user to reauthenticate.

This setting has no effect when the secure tunnel is not used.

components

When the mode is set to Enabled, signing and verification of the JMS messages

passed between View components takes place.

When the mode is set to Enhanced, security is provided by mutually

authenticated SSL JMS connections and access control on JMS topics.

For details, see “Message Security Mode for View Components,” on page 30.

For new installations, by default, message security mode is set to Enhanced. If you upgrade from a previous version, the setting used in the previous version is retained.

Read-only field that appears when Message security mode is changed from Enabled to Enhanced. Because the change is made in phases, this field shows the progress through the phases:

Waiting for Message Bus restart is the first phase. This state is displayed until

you manually restart either all View Connection Server instances in the pod or the VMware Horizon View Message Bus Component service on all View Connection Server hosts in the pod.

Pending Enhanced is the next state. After all View Message Bus Component

services have been restarted, the system begins changing the message security mode to Enhanced for all desktops and security servers.

Enhanced is the final state, indicating that all components are now using

Enhanced message security mode.

You can also use the vdmutil command-line utility to monitor progress. See

“Using the vdmutil Utility to Configure the JMS Message Security Mode,” on

page 31.

Determines whether to use Internet Protocol Security (IPSec) for connections between security servers and View Connection Server instances.

By default, secure connections (using IPSec) for security server connections is enabled.

NOTE If you upgrade to View 5.1 or later from an earlier View release, the global setting Require SSL for client connections is displayed in View Administrator, but only if the setting was disabled in your View

configuration before you upgraded. Because SSL is required for all Horizon Client connections and View Administrator connections to View, this setting is not displayed in fresh installations of View 5.1 or later versions and is not displayed after an upgrade if the setting was already enabled in the previous View configuration.

After an upgrade, if you do not enable the Require SSL for client connections setting, HTTPS connections from Horizon clients will fail, unless they connect to an intermediate device that is configured to make onward connections using HTTP. See “Off-load SSL Connections to Intermediate Servers,” on page 34.

VMware, Inc. 29

View Administration

Message Security Mode for View Components

You can set the message security mode to specify the security mechanism used when JMS messages pass among View components.

Table 2-4 shows the options you can select to configure the message security mode. To set an option, select it

from the Message security mode list in the Global Settings dialog window.

Table 2‑4. Message Security Mode Options

Option Description

Disabled Message security mode is disabled.

Mixed Message security mode is enabled but not enforced.

You can use this mode to detect components in your View environment that predate View 3.0. The log files generated by View Connection Server contain references to these components. This setting is not recommended. Use this setting only to discover components that need to be upgraded.

Enabled Message security mode is enabled, using a combination of message signing and encryption. JMS messages

are rejected if the signature is missing or invalid, or if a message was modified after it was signed.

Some JMS messages are encrypted because they carry sensitive information such as user credentials. If you use the Enabled setting, you can also use IPSec to encrypt all JMS messages between View Connection Server instances, and between View Connection Server instances and security servers.

NOTE View components that predate View 3.0 are not allowed to communicate with other View components.

Enhanced SSL is used for all JMS connections. JMS access control is also enabled so that desktops, security servers,

and View Connection Server instances can only send and receive JMS messages on certain topics.

View components that predate Horizon 6 version 6.1 cannot communicate with a View Connection Server

6.1 instance.

NOTE Using this mode requires opening TCP port 4002 between DMZ-based security servers and their paired View Connection Server instances.

When you first install View on a system, the message security mode is set to Enhanced. If you upgrade View from a previous release, the message security mode remains unchanged from its existing setting.

IMPORTANT If you plan to change an upgraded View environment from Enabled to Enhanced, you must first upgrade all View Connection Server instances, security servers, and View desktops to Horizon 6 version 6.1 or a later release. After you change the setting to Enhanced, the new setting takes place in stages.

1 You must manually restart the VMware Horizon View Message Bus Component service on all View

Connection Server hosts in the pod, or restart the View Connection Server instances.

2 After the services are restarted, the View Connection Server instances reconfigure the message security

mode on all desktops and security servers, changing the mode to Enhanced.

3 To monitor the progress in View Administrator, go to View Configuration > Global Settings.

On the Security tab, the Enhanced Security Status item will show Enhanced when all components have made the transition to Enhanced mode.

Alternatively, you can use the vdmutil command-line utility to monitor progress. See “Using the

vdmutil Utility to Configure the JMS Message Security Mode,” on page 31.

View components that predate Horizon 6 version 6.1 cannot communicate with a View Connection Server

6.1 instance that uses Enhanced mode

If you plan to change an active View environment from Disabled to Enabled, or from Enabled to Disabled, change to Mixed mode for a short time before you make the final change. For example, if your current mode is Disabled, change to Mixed mode for one day, then change to Enabled. In Mixed mode, signatures are attached to messages but not verified, which allows the change of message mode to propagate through the environment.

30 VMware, Inc.

+ 248 hidden pages