You can deploy Access Point from Horizon View and Horizon Air Hybrid-Mode. For the View component of VMware Horizon, the Access Point appliance fulfills the same role that was previously played by the View security server.

Procedure

  1. In the admin UI Configure Manually section, click Select.
  2. In the General Settings > Edge Service Settings line, click Show.
  3. Click the Horizon Settings gearbox icon.
  4. In the Horizon Settings page, change NO to YES to enable Horizon
  5. Configure the following edge service settings resources for Horizon

    Option

    Description

    Identifier

    Set by default to View. Access Point can communicate with servers that use the View XML protocol, such as View Connection Server, Horizon Air, and Horizon Air Hybrid-mode.

    Connection Server URL

    Enter the address of the Horizon server or load balancer. Enter as https://00.00.00.00

    Proxy Destination URL Thumb Prints

    Enter the list of Horizon server thumbprints.

    If you do not provide a comma-separated list of thumbprints, the server certificates must be issued by a trusted CA. Enter the hexadecimal thumpbrint digits. For example, type C3:89:A2:19:DC:7A:48:2B:85:1C:81:EC:5E:8F:6A:3C:33:F2:95:C3

  6. To configure the authentication method rule, and other advanced settings, click More.

    Option

    Description

    Auth Methods

    Select the authentication methods to use.

    The default is to use pass-through authentication of the user name and password. The authentication methods you configured in Access Point are listed in the drop-down menus.

    To configure authentication that includes applying a second authentication method if the first authentication attempt fails.

    1. Select one authentication method from the first drop-down menu.

    2. Click the + and select either AND or OR.

    3. Select the second authentication method from the third drop-down menu.

    To require users to authenticate through two authentication methods, change OR to AND in the drop-down.

    Health Check URL

    If a load balancer is configured, enter the URL that the load balancer uses to connect and check the health of the Access Point appliance.

    SAML SP

    Enter the name of the SAML service provider for the View XMLAPI broker. This name must either match the name of a configured service provider metadata or be the special value DEMO.

    PCOIP Enabled

    Change NO to YES to specifies whether the PCoIP Secure Gateway is enabled.

    Proxy External URL

    Enter the external URL of the Access Point appliance. Clients use this URL for secure connections through the PCoIP Secure Gateway. This connection is used for PCoIP traffic. The default is the Access Point IP address and port 4172.

    Smart Card Hint Prompt

    Change NO to YES to enable Access Point appliance to support the smart card user name hints feature. With the smart card hint feature, a user's smart card certificate can map to multiple Active directory domain user accounts.

    Blast Enabled

    To use the Blast Secure Gateway, change NO to YES.

    Blast External URL

    Enter the FQDN URL of the Access Point appliance that end users use to make a secure connection from the Web browsers through the Blast Secure Gateway. Enter as https://exampleappliance:443

    Tunnel Enabled

    If the View secure tunnel is used, change NO to YES. The Client uses the external URL for tunnel connections through the View Secure Gateway. The tunnel is used for RDP, USB, and multimedia redirection (MMR) traffic.

    Tunnel External URL

    Enter the external URL of the Access Point appliance. The default Access Point default value is used if not set.

    Match Windows User Name

    Change NO to YES to match RSA SecurID and Windows user name. When set to YES, securID-auth is set to true and the securID and Windows user name matching is enforced.

    Gateway Location

    Change NO to YES to enable the location from where the requests originate. The security server and Access Point set the gateway location. The location can be external or internal.

    Windows SSO Enabled

    Change NO to YES to enable RADIUS authentication. The Windows log in uses the credentials that are used the first successful RADIUS access request.

  7. Click Save.