VMware Horizon View - 7.0 Installation Manual
View Installation
VMware Horizon 7
Version 7.0
This document supports the version of each product listed and
supports all subsequent versions until the document is
replaced by a new edition. To check for more recent editions
of this document, see http://www.vmware.com/support/pubs.
EN-001996-00
View Installation
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2019–2016 VMware, Inc. All rights reserved. Copyright and trademark information.
VMware, Inc.
3401 Hillview Ave.
Palo Alto, CA 94304
www.vmware.com
2 VMware, Inc.
Contents
View Installation 5
System Requirements for Server Components 7
1
View Connection Server Requirements 7
View Administrator Requirements 9
View Composer Requirements 10
System Requirements for Guest Operating Systems 13
2
Supported Operating Systems for Horizon Agent 13
Supported Operating Systems for Standalone View Persona Management 14
Remote Display Protocol and Software Support 15
Installing View in an IPv6 Environment 21
3
Setting Up View in an IPv6 Environment 21
Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment 22
Supported Operating Systems for View Servers in an IPv6 Environment 22
Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment 23
Supported Clients in an IPv6 Environment 23
Supported Remoting Protocols in an IPv6 Environment 23
Supported Authentication Types in an IPv6 Environment 24
Other Supported Features in an IPv6 Environment 24
Installing View in FIPS Mode 27
4
Overview of Setting Up View in FIPS Mode 27
System Requirements for FIPS Mode 28
VMware, Inc.
Preparing Active Directory 29
5
Configuring Domains and Trust Relationships 29
Creating an OU for Remote Desktops 31
Creating OUs and Groups for Kiosk Mode Client Accounts 31
Creating Groups for Users 31
Creating a User Account for vCenter Server 31
Creating a User Account for a Standalone View Composer Server 32
Create a User Account for View Composer AD Operations 32
Create a User Account for Instant Clone Operations 33
Configure the Restricted Groups Policy 33
Using View Group Policy Administrative Template Files 34
Prepare Active Directory for Smart Card Authentication 34
Disable Weak Ciphers in SSL/TLS 37
3
View Installation
Installing View Composer 39
6
Prepare a View Composer Database 39
Configuring an SSL Certificate for View Composer 46
Install the View Composer Service 47
Enable TLSv1.0 on vCenter and ESXi Connections from View Composer 48
Configuring Your Infrastructure for View Composer 49
Installing View Connection Server 51
7
Installing the View Connection Server Software 51
Installation Prerequisites for View Connection Server 52
Install View Connection Server with a New Configuration 53
Install a Replicated Instance of View Connection Server 59
Configure a Security Server Pairing Password 65
Install a Security Server 66
Firewall Rules for View Connection Server 73
Reinstall View Connection Server with a Backup Configuration 75
Microsoft Windows Installer Command-Line Options 76
Uninstalling View Components Silently by Using MSI Command-Line Options 78
Configuring SSL Certificates for View Servers 79
8
Understanding SSL Certificates for View Servers 79
Overview of Tasks for Setting Up SSL Certificates 81
Obtaining a Signed SSL Certificate from a CA 82
Configure View Connection Server, Security Server, or View Composer to Use a New SSL
Certificate 83
Configure Client Endpoints to Trust Root and Intermediate Certificates 88
Configuring Certificate Revocation Checking on Server Certificates 90
Configure the PCoIP Secure Gateway to Use a New SSL Certificate 91
Setting View Administrator to Trust a vCenter Server or View Composer Certificate 95
Benefits of Using SSL Certificates Signed by a CA 95
Troubleshooting Certificate Issues on View Connection Server and Security Server 96
Configuring View for the First Time 97
9
Configuring User Accounts for vCenter Server and View Composer 97
Configuring View Connection Server for the First Time 100
Configuring Horizon Client Connections 111
Replacing Default Ports for View Services 118
Sizing Windows Server Settings to Support Your Deployment 123
Configuring Event Reporting 125
10
Add a Database and Database User for View Events 125
Prepare an SQL Server Database for Event Reporting 126
Configure the Event Database 127
Configure Event Logging for Syslog Servers 128
Index 131
4 VMware, Inc.
View Installation
View Installation explains how to install the VMware Horizon® 7 server and client components.
Intended Audience
This information is intended for anyone who wants to install VMware Horizon 7. The information is written
for experienced Windows or Linux system administrators who are familiar with virtual machine technology
and datacenter operations.
VMware, Inc. 5
View Installation
6 VMware, Inc.
System Requirements for Server
Components 1
Hosts that run View server components must meet specific hardware and software requirements.
This chapter includes the following topics:
“View Connection Server Requirements,” on page 7
n
“View Administrator Requirements,” on page 9
n
“View Composer Requirements,” on page 10
n
View Connection Server Requirements
View Connection Server acts as a broker for client connections by authenticating and then directing
incoming user requests to the appropriate remote desktops and applications. View Connection Server has
specific hardware, operating system, installation, and supporting software requirements.
Hardware Requirements for View Connection Server on page 8
n
You must install all View Connection Server installation types, including standard, replica, security
server, and enrollment server installations, on a dedicated physical or virtual machine that meets
specific hardware requirements.
Supported Operating Systems for View Connection Server on page 8
n
You must install View Connection Server on a supported Windows Server operating system.
Virtualization Software Requirements for View Connection Server on page 8
n
View Connection Server requires certain versions of VMware virtualization software.
Network Requirements for Replicated View Connection Server Instances on page 9
n
When installing replicated View Connection Server instances, you must usually configure the
instances in the same physical location and connect them over a high-performance LAN. Otherwise,
latency issues could cause the View LDAP configurations on View Connection Server instances to
become inconsistent. A user could be denied access when connecting to a View Connection Server
instance with an out-of-date configuration.
VMware, Inc.
7
View Installation
Hardware Requirements for View Connection Server
You must install all View Connection Server installation types, including standard, replica, security server,
and enrollment server installations, on a dedicated physical or virtual machine that meets specific hardware
requirements.
Table 1‑1. View Connection Server Hardware Requirements
Hardware Component Required Recommended
Processor Pentium IV 2.0GHz processor
or higher
Network Adapter 100Mpbs NIC 1Gbps NICs
Memory
Windows Server 2008 R2 64-bit
Memory
Windows Server 2012 R2 64-bit
These requirements also apply to replica and security server View Connection Server instances that you
install for high availability or external access.
4GB RAM or higher At least 10GB RAM for deployments of 50 or more
4GB RAM or higher At least 10GB RAM for deployments of 50 or more
4 CPUs
remote desktops
remote desktops
IMPORTANT The physical or virtual machine that hosts View Connection Server must have an IP address
that does not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment,
machines automatically get IP addresses that do not change.
Supported Operating Systems for View Connection Server
You must install View Connection Server on a supported Windows Server operating system.
The following operating systems support all View Connection Server installation types, including standard,
replica, and security server installations.
Table 1‑2. Operating System Support for View Connection Server
Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
NOTE Windows Server 2008 R2 with no service pack is no longer supported.
Virtualization Software Requirements for View Connection Server
View Connection Server requires certain versions of VMware virtualization software.
If you are using vSphere, you must use a supported version of vSphere ESX/ESXi hosts and vCenter Server.
For details about which versions of View are compatible with which versions of vCenter Server and ESXi,
see the VMware Product Interoperability Matrix at
http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.
8 VMware, Inc.
Chapter 1 System Requirements for Server Components
Network Requirements for Replicated View Connection Server Instances
When installing replicated View Connection Server instances, you must usually configure the instances in
the same physical location and connect them over a high-performance LAN. Otherwise, latency issues could
cause the View LDAP configurations on View Connection Server instances to become inconsistent. A user
could be denied access when connecting to a View Connection Server instance with an out-of-date
configuration.
IMPORTANT To use a group of replicated View Connection Server instances across a WAN, MAN
(metropolitan area network), or other non-LAN, in scenarios where a View deployment needs to span
datacenters, you must use the Cloud Pod Architecture feature. You can link together 25 View pods to
provide a single large desktop brokering and management environment for five geographically distant sites
and provide desktops and applications for up to 50,000 sessions. For more information, see Administering
View Cloud Pod Architecture.
View Administrator Requirements
Administrators use View Administrator to configure View Connection Server, deploy and manage remote
desktops and applications, control user authentication, initiate and examine system events, and carry out
analytical activities. Client systems that run View Administrator must meet certain requirements.
View Administrator is a Web-based application that is installed when you install View Connection Server.
You can access and use View Administrator with the following Web browsers:
Internet Explorer 9 (not recommended)
n
Internet Explorer 10
n
Internet Explorer 11
n
Firefox (latest supported versions)
n
Chrome (latest supported versions)
n
Safari 6 and later releases
n
Microsoft Edge (Windows 10)
n
To use View Administrator with your Web browser, you must install Adobe Flash Player 10.1 or later. Your
client system must have access to the Internet to allow Adobe Flash Player to be installed.
The computer on which you launch View Administrator must trust the root and intermediate certificates of
the server that hosts View Connection Server. The supported browsers already contain certificates for all of
the well-known certificate authorities (CAs). If your certificates come from a CA that is not well known, you
must follow the instructions in “Configure Client Endpoints to Trust Root and Intermediate Certificates,” on
page 88.
To display text properly, View Administrator requires Microsoft-specific fonts. If your Web browser runs on
a non-Windows operating system such as Linux, UNIX, or Mac OS X, make sure that Microsoft-specific
fonts are installed on your computer.
Currently, the Microsoft Web site does not distribute Microsoft fonts, but you can download them from
independent Web sites.
VMware, Inc. 9
View Installation
View Composer Requirements
With View Composer, you can deploy multiple linked-clone desktops from a single centralized base image.
View Composer has specific installation and storage requirements.
Supported Operating Systems for View Composer on page 10
n
View Composer supports 64-bit operating systems with specific requirements and limitations. You can
install View Composer on the same physical or virtual machine as vCenter Server or on a separate
server.
Hardware Requirements for Standalone View Composer on page 10
n
If you install View Composer on a different physical or virtual machine from the one used for
vCenter Server, you must use a dedicated machine that meets specific hardware requirements.
Database Requirements for View Composer and the Events Database on page 11
n
View Composer requires an SQL database to store data. The View Composer database must reside on,
or be available to, the View Composer server host. You can optionally set up an Events database to
record information from View Connection Server about View events.
Supported Operating Systems for View Composer
View Composer supports 64-bit operating systems with specific requirements and limitations. You can
install View Composer on the same physical or virtual machine as vCenter Server or on a separate server.
Table 1‑3. Operating System Support for View Composer
Operating System Version Edition
Windows Server 2008 R2 SP1 64-bit Standard
Enterprise
Datacenter
Windows Server 2012 R2 64-bit Standard
Datacenter
NOTE Windows Server 2008 R2 with no service pack is no longer supported.
If you plan to install View Composer on a different physical or virtual machine than vCenter Server, see
“Hardware Requirements for Standalone View Composer,” on page 10.
Hardware Requirements for Standalone View Composer
If you install View Composer on a different physical or virtual machine from the one used for
vCenter Server, you must use a dedicated machine that meets specific hardware requirements.
A standalone View Composer installation works with vCenter Server installed on a separate Windows
Server machine or with the Linux-based vCenter Server appliance. VMware recommends having a one-toone mapping between each View Composer service and vCenter Server instance.
Table 1‑4. View Composer Hardware Requirements
Hardware Component Required Recommended
Processor 1.4 GHz or faster Intel 64 or
AMD 64 processor with 2 CPUs
Networking One or more 10/100Mbps
network interface cards (NICs)
2GHz or faster and 4 CPUs
1Gbps NICs
10 VMware, Inc.
Chapter 1 System Requirements for Server Components
Table 1‑4. View Composer Hardware Requirements (Continued)
Hardware Component Required Recommended
Memory 4GB RAM or higher 8GB RAM or higher for deployments of 50 or more
remote desktops
Disk space 40GB 60GB
IMPORTANT The physical or virtual machine that hosts View Composer must have an IP address that does
not change. In an IPv4 environment, configure a static IP address. In an IPv6 environment, machines
automatically get IP addresses that do not change.
Database Requirements for View Composer and the Events Database
View Composer requires an SQL database to store data. The View Composer database must reside on, or be
available to, the View Composer server host. You can optionally set up an Events database to record
information from View Connection Server about View events.
If a database server instance already exists for vCenter Server, View Composer can use that existing instance
if it is a version listed in Table 1-5. For example, View Composer can use the Microsoft SQL Server instance
provided with vCenter Server. If a database server instance does not already exist, you must install one.
View Composer supports a subset of the database servers that vCenter Server supports. If you are already
using vCenter Server with a database server that is not supported by View Composer, continue to use that
database server for vCenter Server and install a separate database server to use for View Composer.
IMPORTANT If you create the View Composer database on the same SQL Server instance as vCenter Server,
do not overwrite the vCenter Server database.
The following table lists the supported database servers and versions as of the publication date of this
document. For the most up-to-date information about supported databases, see the VMware Product
Interoperability Matrixes at http://www.vmware.com/resources/compatibility/sim/interop_matrix.php. For
Solution/Database Interoperability, after you select the product and version, for the Add Database step, to
see a list of all supported databases, select Any and click Add.
Table 1‑5. Supported Database Servers for View Composer and for the Events Database
Database Service Packs/Releases Editions
Microsoft SQL Server 2014
(32- and 64-bit)
Microsoft SQL Server 2012
(32- and 64-bit)
Microsoft SQL Server 2008 R2
(32- and 64-bit)
Oracle 12c Release 1 (any release up to 12.1.0.2) Standard One
No SP, SP1 Standard
Enterprise
SP2 Express
Standard
Enterprise
SP2, SP3 Express
Standard
Enterprise
Datacenter
Standard
Enterprise
NOTE The following versions are no longer supported: Microsoft SQL Server 2008 SP4 and Oracle 11g
Release 2 (11.2.0.04).
VMware, Inc. 11
View Installation
12 VMware, Inc.
System Requirements for Guest
Operating Systems 2
Systems running Horizon Agent or Standalone View Persona Management must meet certain hardware and
software requirements.
This chapter includes the following topics:
“Supported Operating Systems for Horizon Agent,” on page 13
n
“Supported Operating Systems for Standalone View Persona Management,” on page 14
n
“Remote Display Protocol and Software Support,” on page 15
n
Supported Operating Systems for Horizon Agent
The Horizon Agent component (called View Agent in previous releases) assists with session management,
single sign-on, device redirection, and other features. You must install Horizon Agent on all virtual
machines, physical systems, and RDS hosts.
The following table lists the Windows operating system versions that are supported on single-session
virtual machines in a desktop pool. The virtual machine version must support the guest operating system.
For example, to install Windows 8.1, you must use a vSphere 5.1 or later virtual machine.
Table 2‑1. Operating Systems for Linked-Clone and Full-Clone Remote Desktops
Guest Operating System Version Edition Service Pack
Windows 10 64-bit and 32-bit Enterprise None
Windows 8.1 64-bit and 32-bit Enterprise and
Professional
Windows 8 64-bit and 32-bit Enterprise and
Professional
Windows 7 64-bit and 32-bit Enterprise and
Professional
Windows Server 2012 R2 64-bit Datacenter Latest update
Windows Server 2008 R2 64-bit Datacenter SP1
To use the View Persona Management setup option with Horizon Agent, you must install Horizon Agent on
Windows 8, Windows 7, Windows Server 2012 R2, or Windows Server 2008 R2 virtual machines. This
option does not operate on physical computers or RDS hosts.
You can install the standalone version of View Persona Management on physical computers. See
“Supported Operating Systems for Standalone View Persona Management,” on page 14.
The following table lists the Windows versions that are supported for instant-clone remote desktops.
Latest update
None
SP1
VMware, Inc.
13
View Installation
Table 2‑2. Operating Systems for Instant-Clone Remote Desktops
Guest Operating System Version Edition Service pack
Windows 10 64-bit and 32-bit Enterprise None
Windows 7 64-bit and 32-bit Enterprise and Professional SP1
The following table lists the Windows operating systems versions that are supported for creating desktop
pools and application pools on an RDS host.
Table 2‑3. Operating Systems for RDS Hosts, Providing Remote Desktops or Applications
Guest Operating System Edition Service Pack
Windows Server 2008 R2 Standard, Enterprise, and
Windows Server 2012 Standard and Datacenter None
Windows Server 2012 R2 Standard and Datacenter Latest update
This table lists the fully supported operating systems as of the date of this publication. For updates to the list
of supported operating systems, see the Horizon 7 Release Notes, available from
https://www.vmware.com/support/pubs/view_pubs.html.
SP1
Datacenter
NOTE To use the VMware Blast display protocol, you must install Horizon Agent on a single-session virtual
machine or on an RDS host. The RDS host can be a physical machine or a virtual machine. The VMware
Blast display protocol does not operate on a single-user physical computer.
For enhanced security, VMware recommends configuring cipher suites to remove known vulnerabilities.
For instructions on how to set up a domain policy on cipher suites for Windows machines that run View
Composer or Horizon Agent, see “Disable Weak Ciphers in SSL/TLS,” on page 37.
Supported Operating Systems for Standalone View Persona Management
The standalone View Persona Management software provides persona management for standalone physical
computers and virtual machines that do not have Horizon Agent installed. When users log in, their profiles
are downloaded dynamically from a remote profile repository to their standalone systems.
NOTE To configure View Persona Management for View desktops, install Horizon Agent with the View
Persona Management setup option. The standalone View Persona Management software is intended for
non-View systems only.
Table 2-4 lists the operating systems supported for the standalone View Persona Management software.
Table 2‑4. Operating System Support for Standalone View Persona Management
Guest Operating System Version Edition Service Pack
Windows 10 64-bit and 32-bit Enterprise None
Windows 8.x 64-bit and 32-bit Enterprise and Professional None
Windows 7 64-bit and 32-bit Enterprise and Professional SP1
Windows Server 2012 R2 64-bit Datacenter Latest update
Windows Server 2008 R2 64-bit Datacenter SP1
The standalone View Persona Management software is not supported on Microsoft Remote Desktop
Services.
14 VMware, Inc.
Chapter 2 System Requirements for Guest Operating Systems
Remote Display Protocol and Software Support
Remote display protocols and software provide access to remote desktops and applications. The remote
display protocol used depends on the type of client device, whether you are connecting to a remote desktop
or a remote application, and how the administrator configures the desktop or application pool.
PCoIP on page 15
n
PCoIP (PC over IP) provides an optimized desktop experience for the delivery of a remote application
or an entire remote desktop environment, including applications, images, audio, and video content for
a wide range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency
or a reduction in bandwidth, to ensure that end users can remain productive regardless of network
conditions.
Microsoft RDP on page 17
n
Remote Desktop Protocol is the same multichannel protocol many people already use to access their
work computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses RDP to
transmit data.
VMware Blast Extreme on page 17
n
Optimized for the mobile cloud, VMware Blast Extreme supports the broadest range of client devices
that are H.264 capable. Of the display protocols, VMware Blast offers the lowest CPU consumption for
longer battery life on mobile devices. VMware Blast Extreme can compensate for an increase in latency
or a reduction in bandwidth and can leverage both TCP and UDP network transports.
PCoIP
PCoIP (PC over IP) provides an optimized desktop experience for the delivery of a remote application or an
entire remote desktop environment, including applications, images, audio, and video content for a wide
range of users on the LAN or across the WAN. PCoIP can compensate for an increase in latency or a
reduction in bandwidth, to ensure that end users can remain productive regardless of network conditions.
The PCoIP display protocol can be used for remote applications and for remote desktops that use virtual
machines, physical machines that contain Teradici host cards, or shared session desktops on an RDS host.
PCoIP Features
Key features of PCoIP include the following:
Users outside the corporate firewall can use this protocol with your company's virtual private network
n
(VPN), or users can make secure, encrypted connections to a security server or Access Point appliance
in the corporate DMZ.
Advanced Encryption Standard (AES) 128-bit encryption is supported and is turned on by default. You
n
can, however, change the encryption key cipher to AES-192 or AES-256.
Connections to Windows desktops with the Horizon Agent operating system versions listed in
n
“Supported Operating Systems for Horizon Agent,” on page 13 are supported.
Connections from all types of client devices.
n
Optimization controls for reducing bandwidth usage on the LAN and WAN.
n
32-bit color is supported for virtual displays.
n
ClearType fonts are supported.
n
Audio redirection with dynamic audio quality adjustment for LAN and WAN.
n
Real-Time Audio-Video for using webcams and microphones on some client types.
n
VMware, Inc. 15
View Installation
n
n
n
n
For information about which desktop operating systems support specific PCoIP features, see "Feature
Support Matrix for Horizon Agent" in the View Architecture Planning document.
For information about which client devices support specific PCoIP features, go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Recommended Guest Operating System Settings
1GB of RAM or more and a dual CPU is recommended for playing in high-definition, full screen mode, or
720p or higher formatted video. To use Virtual Dedicated Graphics Acceleration for graphics-intensive
applications such as CAD applications, 4GB of RAM is required.
Copy and paste of text and, on some clients, images between the client operating system and a remote
application or desktop. For other client types, only copy and paste of plain text is supported. You
cannot copy and paste system objects such as folders and files between systems.
Multiple monitors are supported for some client types. On some clients, you can use up to 4 monitors
with a resolution of up to 2560 x 1600 per display or up to 3 monitors with a resolution of 4K (3840 x
2160) for Windows 7 remote desktops with Aero disabled. Pivot display and autofit are also supported.
When the 3D feature is enabled, up to 2 monitors are supported with a resolution of up to 1920 x 1200,
or one monitor with a resolution of 4K (3840 x 2160).
USB redirection is supported for some client types.
MMR redirection is supported for some Windows client operating systems and some remote desktop
operating systems (with Horizon Agent installed).
Video Quality Requirements
480p-formatted video
720p-formatted video
1080p-formatted video
3D rendering
You can play video at 480p or lower at native resolutions when the remote
desktop has a single virtual CPU. If you want to play the video in highdefinition Flash or in full screen mode, the desktop requires a dual virtual
CPU. Even with a dual virtual CPU desktop, as low as 360p-formatted video
played in full screen mode can lag behind audio, particularly on Windows
clients.
You can play video at 720p at native resolutions if the remote desktop has a
dual virtual CPU. Performance might be affected if you play videos at 720p
in high definition or in full screen mode.
If the remote desktop has a dual virtual CPU, you can play 1080p formatted
video, although the media player might need to be adjusted to a smaller
window size.
You can configure remote desktops to use software- or hardware-accelerated
graphics. The software-accelerated graphics feature enables you to run
DirectX 9 and OpenGL 2.1 applications without requiring a physical graphics
processing unit (GPU). The hardware-accelerated graphics features enable
virtual machines to either share the physical GPUs (graphical processing
unit) on a vSphere host or dedicate a physical GPU to a single virtual
machine desktop.
For 3D applications, up to 2 monitors are supported, and the maximum
screen resolution is 1920 x 1200. The guest operating system on the remote
desktops must be Windows 7 or later.
16 VMware, Inc.
Chapter 2 System Requirements for Guest Operating Systems
Hardware Requirements for Client Systems
For information about processor and memory requirements, see the "Using VMware Horizon Client"
document for the specific type of desktop or mobile client device. Go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Microsoft RDP
Remote Desktop Protocol is the same multichannel protocol many people already use to access their work
computer from their home computer. Microsoft Remote Desktop Connection (RDC) uses RDP to transmit
data.
Microsoft RDP is a supported display protocol for remote desktops that use virtual machines, physical
machines, or shared session desktops on an RDS host. (Only the PCoIP display protocol and the VMware
Blast display protocol are supported for remote applications.) Microsoft RDP provides the following
features:
RDP 7 has true multiple monitor support, for up to 16 monitors.
n
You can copy and paste text and system objects such as folders and files between the local system and
n
the remote desktop.
32-bit color is supported for virtual displays.
n
RDP supports 128-bit encryption.
n
Users outside the corporate firewall can use this protocol with your company's virtual private network
n
(VPN), or users can make secure, encrypted connections to a View security server in the corporate
DMZ.
To support TLSv1.1 and TLSv1.2 connections to Windows 7 and Windows Server 2008 R2, you must apply
Microsoft hotfix KB3080079.
Hardware Requirements for Client Systems
For information about processor and memory requirements, see the "Using VMware Horizon Client"
document for the specific type of client system. Go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
NOTE Mobile client 3.x devices use only the PCoIP display protocol. Mobile client 4.x clients use only the
PCoIP display protocol or the VMware Blast display protocol.
VMware Blast Extreme
Optimized for the mobile cloud, VMware Blast Extreme supports the broadest range of client devices that
are H.264 capable. Of the display protocols, VMware Blast offers the lowest CPU consumption for longer
battery life on mobile devices. VMware Blast Extreme can compensate for an increase in latency or a
reduction in bandwidth and can leverage both TCP and UDP network transports.
The VMware Blast display protocol can be used for remote applications and for remote desktops that use
virtual machines or shared-session desktops on an RDS host. The RDS host can be a physical machine or a
virtual machine. The VMware Blast display protocol does not operate on a single-user physical computer.
VMware Blast Extreme Features
Key features of VMware Blast Extreme include the following:
Users outside the corporate firewall can use this protocol with your company's virtual private network
n
(VPN), or users can make secure, encrypted connections to a security server or Access Point appliance
in the corporate DMZ.
VMware, Inc. 17
View Installation
n
n
n
n
n
n
n
n
n
n
Advanced Encryption Standard (AES) 128-bit encryption is supported and is turned on by default. You
can, however, change the encryption key cipher to AES-192 or AES-256.
Connections to Windows desktops with the Horizon Agent operating system versions listed in
“Supported Operating Systems for Horizon Agent,” on page 13 are supported.
Connections from all types of client devices.
Optimization controls for reducing bandwidth usage on the LAN and WAN.
32-bit color is supported for virtual displays.
ClearType fonts are supported.
Audio redirection with dynamic audio quality adjustment for LAN and WAN.
Real-Time Audio-Video for using webcams and microphones on some client types.
Copy and paste of text and, on some clients, images between the client operating system and a remote
application or desktop. For other client types, only copy and paste of plain text is supported. You
cannot copy and paste system objects such as folders and files between systems.
Multiple monitors are supported for some client types. On some clients, you can use up to 4 monitors
with a resolution of up to 2560 x 1600 per display or up to 3 monitors with a resolution of 4K (3840 x
2160) for Windows 7 remote desktops with Aero disabled. Pivot display and autofit are also supported.
When the 3D feature is enabled, up to 2 monitors are supported with a resolution of up to 1920 x 1200,
or one monitor with a resolution of 4K (3840 x 2160).
USB redirection is supported for some client types.
n
MMR redirection is supported for some Windows client operating systems and some remote desktop
n
operating systems (with Horizon Agent installed).
For information about which client devices support specific VMware Blast Extreme features, go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
Recommended Guest Operating System Settings
1GB of RAM or more and a dual CPU is recommended for playing in high-definition, full screen mode, or
720p or higher formatted video. To use Virtual Dedicated Graphics Acceleration for graphics-intensive
applications such as CAD applications, 4GB of RAM is required.
Video Quality Requirements
480p-formatted video
720p-formatted video
You can play video at 480p or lower at native resolutions when the remote
desktop has a single virtual CPU. If you want to play the video in highdefinition Flash or in full screen mode, the desktop requires a dual virtual
CPU. Even with a dual virtual CPU desktop, as low as 360p-formatted video
played in full screen mode can lag behind audio, particularly on Windows
clients.
You can play video at 720p at native resolutions if the remote desktop has a
dual virtual CPU. Performance might be affected if you play videos at 720p
in high definition or in full screen mode.
18 VMware, Inc.
Chapter 2 System Requirements for Guest Operating Systems
1080p-formatted video
If the remote desktop has a dual virtual CPU, you can play 1080p formatted
video, although the media player might need to be adjusted to a smaller
window size.
3D rendering
You can configure remote desktops to use software- or hardware-accelerated
graphics. The software-accelerated graphics feature enables you to run
DirectX 9 and OpenGL 2.1 applications without requiring a physical graphics
processing unit (GPU). The hardware-accelerated graphics features enable
virtual machines to either share the physical GPUs (graphical processing
unit) on a vSphere host or dedicate a physical GPU to a single virtual
machine desktop.
For 3D applications, up to 2 monitors are supported, and the maximum
screen resolution is 1920 x 1200. The guest operating system on the remote
desktops must be Windows 7 or later.
Hardware Requirements for Client Systems
For information about processor and memory requirements, see the "Using VMware Horizon Client"
document for the specific type of desktop or mobile client device. Go to
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.
VMware, Inc. 19
View Installation
20 VMware, Inc.
Installing View in an IPv6
Environment 3
View supports IPv6 as an alternative to IPv4. The environment must be either IPv6 only or IPv4 only. View
does not support a mixed IPv6 and IPv4 environment.
Not all View features that are supported in an IPv4 environment are supported in an IPv6 environment.
View does not support upgrading from an IPv4 environment to an IPv6 environment. Also, View does not
support migration between IPv4 and IPv6 environments.
IMPORTANT To run View in an IPv6 environment, you must specify IPv6 when you install all View
components.
This chapter includes the following topics:
“Setting Up View in an IPv6 Environment,” on page 21
n
“Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment,” on page 22
n
“Supported Operating Systems for View Servers in an IPv6 Environment,” on page 22
n
“Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment,” on
n
page 23
“Supported Clients in an IPv6 Environment,” on page 23
n
“Supported Remoting Protocols in an IPv6 Environment,” on page 23
n
“Supported Authentication Types in an IPv6 Environment,” on page 24
n
“Other Supported Features in an IPv6 Environment,” on page 24
n
Setting Up View in an IPv6 Environment
To run View in an IPv6 environment, you must be aware of the requirements and choices that are specific to
IPv6 when you perform certain administrative tasks.
Before you install View, you must have a working IPv6 environment. The following View administrative
tasks have options that are specific to IPv6.
Installing View Connection Server. See “Install View Connection Server with a New Configuration,” on
n
page 53.
Installing View Replica Server. See “Install a Replicated Instance of View Connection Server,” on
n
page 59.
Installing View Security Server. See “Install a Security Server,” on page 66.
n
Configuring the PCoIP External URL. See “Configuring External URLs for Secure Gateway and Tunnel
n
Connections,” on page 114.
VMware, Inc.
21
View Installation
Setting the PCoIP External URL. See “Set the External URLs for a View Connection Server Instance,” on
n
page 115.
Modifying the PCoIP External URL. See “Set the External URLs for a View Connection Server Instance,”
n
on page 115.
Installing Horizon Agent. See the Horizon Agent installation topics in the Setting Up Desktop and
n
Application Pools document.
Installing Horizon Client for Windows. See the VMware Horizon Client for Windows document in
n
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html. Only Windows clients are
supported.
NOTE View does not require you to enter an IPv6 address in any administrative tasks. In cases where you
can specify either a fully qualified domain name (FQDN) or an IPv6 address, it is highly recommended that
you specify an FQDN to avoid potential errors.
Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment
In an IPv6 environment, View supports specific vSphere, database server, and Active Directory versions.
The following vSphere versions are supported in an IPv6 environment.
6.0
n
5.5 U2
n
The following database servers are supported in an IPv6 environment.
Database Server Version Edition
SQL Server 2012 SP1 32/64-bit Standard, Enterprise
SQL Server 2012 Express 32/64-bit Free
Oracle 11g R2 32/64-bit Standard, Standard Edition One, Enterprise
The following Active Directory versions are supported in an IPv6 environment.
Microsoft Active Directory 2008 R2
n
Microsoft Active Directory 2012 R2
n
Supported Operating Systems for View Servers in an IPv6 Environment
In an IPv6 environment, you must install View servers on specific Windows Server operating systems.
View servers include View Connection Server instances, replica servers, security servers, and View
Composer instances.
Operating System Edition
Windows Server 2008 R2 SP1 Standard, Enterprise
Windows Server 2012 R2 Standard
22 VMware, Inc.
Chapter 3 Installing View in an IPv6 Environment
Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment
In an IPv6 environment, View supports specific Windows operating systems for desktop machines and RDS
hosts. RDS hosts provide session-based desktops and applications to users.
The following Windows operating systems are supported for desktop machines.
Operating System Version Edition
Windows 7 SP1 32/64-bit Enterprise, Professional
Windows 8 32/64-bit Enterprise, Professional
Windows 8.1 32/64-bit Enterprise, Professional
Windows 10 32/64-bit Enterprise, Professional
Windows Server 2008 R2 SP1 Datacenter
The following Windows operating systems are supported for RDS hosts.
Operating System Edition
Windows Server 2008 R2 SP1 Standard, Enterprise, Datacenter
Windows Server 2012 R2 Standard, Datacenter
Supported Clients in an IPv6 Environment
In an IPv6 environment, View supports clients that run on specific desktop operating systems.
Operating System Version Edition
Windows 7 32/64-bit Home, Professional, Enterprise, Ultimate
Windows 7 SP1 32/64-bit Home, Professional, Enterprise, Ultimate
Windows 8 32/64-bit Enterprise, Professional
Windows 8.1 32/64-bit Enterprise, Professional
Windows 10 32/64-bit Enterprise, Professional
The following types of clients are not supported.
Clients that run on OS X, Android, iOS, Linux, or Windows Store
n
PCoIP Zero Client
n
Supported Remoting Protocols in an IPv6 Environment
In an IPv6 environment, View supports specific remoting protocols.
The following remoting protocols are supported:
RDP
n
RDP with Secure Tunnel
n
PCoIP
n
PCoIP through PCoIP Secure Gateway
n
VMware Blast
n
VMware, Inc. 23
View Installation
VMware Blast through Blast Secure Gateway
n
Supported Authentication Types in an IPv6 Environment
In an IPv6 environment, View supports specific authentication types.
The following authentication types are supported:
Password authentication using Active Directory
n
Smart Card
n
Single Sign-On
n
The following authentication types are not supported:
SecurID
n
RADIUS
n
SAML
n
Other Supported Features in an IPv6 Environment
In an IPv6 environment, View supports certain features that are not covered in previous topics.
The following features are supported:
Automated desktop pools of full virtual machines or View Composer linked clones
n
NOTE Automated desktop pools of instant clones are not supported.
Manual desktop pools, including vCenter Server virtual machines, physical computers, and virtual
n
machines not managed by vCenter Server
RDS desktop pools
n
Application pools
n
View Storage Accelerator
n
Disk space reclamation
n
Native NFS snapshots (VAAI)
n
ThinApp
n
Virtual Printing
n
Events
n
Role-based administration
n
System health dashboard
n
LDAP backup
n
View Composer database backup
n
Customer Experience Improvement Program (CEIP)
n
Single Sign-on, including the Log in as current user feature
n
Audio-out
n
The following features are not supported:
Virtual SAN
n
24 VMware, Inc.
Virtual Volumes
n
Cloud Pod Architecture
n
Scanner redirection
n
Multimedia redirection (MMR)
n
Real-time audio-video (RTAV)
n
Persona Management
n
vRealize Operations Desktop Agent
n
Lync
n
Syslog
n
Log Insight
n
Serial redirection
n
Flash URL redirection
n
Teradici TERA host card
n
Chapter 3 Installing View in an IPv6 Environment
VMware, Inc. 25
View Installation
26 VMware, Inc.
Installing View in FIPS Mode 4
View can perform cryptographic operations using FIPS (Federal Information Processing Standard) 140-2
compliant algorithms. You can enable the use of these algorithms by installing View in FIPS mode.
Not all View features are supported in FIPS mode. Also, View does not support upgrading from a non-FIPS
installation to a FIPS installation.
NOTE To ensure that View runs in FIPS mode, you must enable FIPS when you install all View components.
This chapter includes the following topics:
“Overview of Setting Up View in FIPS Mode,” on page 27
n
“System Requirements for FIPS Mode,” on page 28
n
Overview of Setting Up View in FIPS Mode
To set up View in FIPS mode, you must first enable FIPS mode in the Windows environment. Then you
install all the View components in FIPS mode.
The option to install View in FIPS mode is available only if FIPS mode is enabled in the Windows
environment. For more information about enabling FIPS mode in Windows, see
https://support.microsoft.com/en-us/kb/811833.
VMware, Inc.
NOTE View Administrator does not indicate whether View is running in FIPS mode.
To install View in FIPS mode, perform the following View administrative tasks.
When installing View Connection Server, select the FIPS mode option. See “Install View Connection
n
Server with a New Configuration,” on page 53.
When installing View Replica Server, select the FIPS mode option. See “Install a Replicated Instance of
n
View Connection Server,” on page 59.
Before installing a security server, deselect the global setting Use IPSec for Security Server
n
Connections in View Administrator and configure IPsec manually. See
http://kb.vmware.com/kb/2000175.
When installing View Security Server, select the FIPS mode option. See “Install a Security Server,” on
n
page 66.
Disable weak ciphers for View Composer and View Agent machines. See “Disable Weak Ciphers in
n
SSL/TLS,” on page 37.
When installing View Composer, select the FIPS mode option. See Chapter 6, “Installing View
n
Composer,” on page 39.
27
View Installation
When installing View Agent, select the FIPS mode option. See the View Agent installation topics in the
n
Setting Up Desktop and Application Pools document.
When installing Horizon Client for Windows, select the FIPS mode option. See the VMware Horizon
n
Client for Windows document in
https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html. Only Windows clients are
supported.
System Requirements for FIPS Mode
To support FIPS mode, your View deployment must meet the following requirements.
vSphere
View desktop
Horizon Client
Cryptographic protocol
vCenter Server 6.0 or later
n
ESXi 6.0 or later
n
Windows 7 SP1 (32- or 64-bit)
n
View Agent 6.2 or later
n
Windows 7 SP1 (32- or 64-bit)
n
Horizon Client for Windows 3.5 or later
n
Horizon Client for Linux 4.0 or later
n
TLSv1.2
n
28 VMware, Inc.
Preparing Active Directory 5
View uses your existing Microsoft Active Directory infrastructure for user authentication and management.
You must perform certain tasks to prepare Active Directory for use with View.
View supports the following Active Directory Domain Services (AD DS) domain functional levels:
Windows Server 2003
n
Windows Server 2008
n
Windows Server 2008 R2
n
Windows Server 2012
n
Windows Server 2012 R2
n
This chapter includes the following topics:
“Configuring Domains and Trust Relationships,” on page 29
n
“Creating an OU for Remote Desktops,” on page 31
n
“Creating OUs and Groups for Kiosk Mode Client Accounts,” on page 31
n
“Creating Groups for Users,” on page 31
n
“Creating a User Account for vCenter Server,” on page 31
n
“Creating a User Account for a Standalone View Composer Server,” on page 32
n
“Create a User Account for View Composer AD Operations,” on page 32
n
“Create a User Account for Instant Clone Operations,” on page 33
n
“Configure the Restricted Groups Policy,” on page 33
n
“Using View Group Policy Administrative Template Files,” on page 34
n
“Prepare Active Directory for Smart Card Authentication,” on page 34
n
“Disable Weak Ciphers in SSL/TLS,” on page 37
n
Configuring Domains and Trust Relationships
You must join each View Connection Server host to an Active Directory domain. The host must not be a
domain controller.
Active Directory also manages the Horizon Agent machines, including single-user machines and RDS hosts,
and the users and groups in your Horizon 7 deployment. You can entitle users and groups to remote
desktops and applications, and you can select users and groups to be administrators in View Administrator.
VMware, Inc.
29
View Installation
You can place Horizon Agent machines, View Composer servers, and users and groups, in the following
Active Directory domains:
n
n
n
n
Users are authenticated using Active Directory against the View Connection Server domain and any
additional user domains with which a trust agreement exists.
If your users and groups are in one-way trusted domains, you must provide secondary credentials for the
administrator users in View Administrator. Administrators must have secondary credentials to give them
access to the one-way trusted domains. A one-way trusted domain can be an external domain or a domain
in a transitive forest trust.
Secondary credentials are required only for View Administrator sessions, not for end users' desktop or
application sessions. Only administrator users require secondary credentials.
You can provide secondary credentials by using the vdmadmin -T command.
The View Connection Server domain
A different domain that has a two-way trust relationship with the View Connection Server domain
A domain in a different forest than the View Connection Server domain that is trusted by the View
Connection Server domain in a one-way external or realm trust relationship
A domain in a different forest than the View Connection Server domain that is trusted by the View
Connection Server domain in a one-way or two-way transitive forest trust relationship
You configure secondary credentials for individual administrator users.
n
For a forest trust, you can configure secondary credentials for the forest root domain. View Connection
n
Server can then enumerate the child domains in the forest trust.
For details, see "Providing Secondary Credentials for Administrators Using the -T Option" in the View
Administration document.
NOTE Because security servers do not access any authentication repositories, including Active Directory,
they do not need to reside in an Active Directory domain.
Trust Relationships and Domain Filtering
To determine which domains it can access, a View Connection Server instance traverses trust relationships
beginning with its own domain.
For a small, well-connected set of domains, View Connection Server can quickly determine the full list of
domains, but the time that it takes increases as the number of domains increases or as the connectivity
between the domains decreases. The list might also include domains that you would prefer not to offer to
users when they connect to their remote desktops and applications.
You can use the vdmadmin command to configure domain filtering to limit the domains that a View
Connection Server instance searches and that it displays to users. See the View Administration document for
more information.
If a forest trust is configured with name suffix exclusions, the configured exclusions are used to filter the list
of forest child domains. Name suffix exclusion filtering is applied in addition to the filtering that is specified
with the vdmadmin command.
30 VMware, Inc.
Loading...