To set up Horizon 7 in FIPS mode, you must first enable FIPS mode in the Windows environment. Then you install all the Horizon 7 components in FIPS mode.

The option to install Horizon 7 in FIPS mode is available only if FIPS mode is enabled in the Windows environment. For more information about enabling FIPS mode in Windows, see https://support.microsoft.com/en-us/kb/811833.
Note: Horizon Administrator does not indicate whether Horizon 7 is running in FIPS mode.

To install Horizon 7 in FIPS mode, perform the following administrative tasks.

  • When installing Connection Server, select the FIPS mode option. See Install Horizon Connection Server with a New Configuration.
  • When installing a replica server, select the FIPS mode option. See Install a Replicated Instance of Horizon Connection Server.
  • Before installing a security server, deselect the global setting Use IPSec for Security Server Connections in Horizon Administrator and configure IPsec manually. See http://kb.vmware.com/kb/2000175.
  • When installing a security server, select the FIPS mode option. See Install a Security Server.
  • When a Windows system is configured for FIPS operation and Horizon 7 is configured to communicate between a Connection Server and a security server with IPSec, the security server fails to install. In an IPv4 environment, specify the PCoIP external URL as an IP address with the port number 4172. In an IPv6 environment, you can specify an IP address or a fully qualified domain name, and the port number 4172. In either case, do not include a protocol name.

    For example, in an IPv4 environment: 10.20.30.40:4172

    Clients must be able to use the URL to reach the security server.
  • Disable weak ciphers for View Composer and Horizon Agent machines. See Disable Weak Ciphers in SSL/TLS.
  • When installing View Composer, select the FIPS mode option. See Installing View Composer.
  • When installing Horizon Agent, select the FIPS mode option. See the Horizon Agent installation topics in the Setting Up Virtual Desktops in Horizon 7 or Setting Up Published Desktops and Applications in Horizon 7 document.
  • For Windows clients, enable FIPS mode in the client operating system and select the FIPS mode option when installing Horizon Client for Windows. See the VMware Horizon Client for Windows Installation and Setup Guide document.
  • For Linux clients, enable FIPS mode in the client operating system. See the VMware Horizon Client for Linux Installation and Setup Guide document.