The View Connection Server upgrade process has specific requirements and limitations.
- View Connection Server requires a valid license key for this latest release.
- The domain user account that you use to install the new version of View Connection Server must have administrative privileges on the View Connection Server host. The View Connection Server administrator must have administrative credentials for vCenter Server.
- When you run the installer, you authorize a View Administrators account. You can specify the local Administrators group or a domain user or group account. View assigns full View Administration rights, including the right to install replicated View Connection Server instances, to this account only. If you specify a domain user or group, you must create the account in Active Directory before you run the installer.
- When you back up View Connection Server, the View LDAP configuration is exported as encrypted LDIF data. To restore the encrypted backup View configuration, you must provide the data recovery password. The password must contain between 1 and 128 characters.
- View Connection Server requires an SSL certificate that is signed by a CA (certificate authority) and that your clients can validate. Although a default self-signed certificate is generated in the absence of a CA-signed certificate when you install View Connection Server, you must replace the default self-signed certificate as soon as possible. Self-signed certificates are shown as invalid in View Administrator.
Also, updated clients expect information about the server's certificate to be communicated as part of the SSL handshake between client and server. Often updated clients do not trust self-signed certificates.
For complete information about security certificate requirements, see "Configuring SSL Certificates for View Servers" in the View Installation guide. Also see the Scenarios for Setting Up SSL Connections to View document, which describes setting up intermediate servers that perform tasks such as load balancing and off-loading SSL connections.Note: If your original servers already have SSL certificates signed by a CA, during the upgrade, View imports your existing CA-signed certificate into the Windows Server certificate store.
- Certificates for vCenter Server, View Composer, and View servers must include certificate revocation lists (CRLs). For more information, see "Configuring Certificate Revocation Checking on Server Certificates" in the View Installation guide.
Important: If your company uses proxy settings for Internet access, you might have to configure your View Connection Server hosts to use the proxy. This step ensures that servers can access certificate revocation checking sites on the Internet. You can use Microsoft Netshell commands to import the proxy settings to View Connection Server. For more information, see "Troubleshooting View Server Certificate Revocation Checking" in the View Administration guide.
- If you plan to pair a security server with this View Connection Server instance, verify that Windows Firewall with Advanced Security is set to on in the active profiles. It is recommended that you turn this setting to on for all profiles. By default, IPsec rules govern connections between security server and View Connection Server and require Windows Firewall with Advanced Security to be enabled.
- If your network topology includes a firewall between a security server and a View Connection Server instance, you must configure the firewall to support IPsec. See the View Installation document.
- You might need to make security protocol configuration changes to continue to be compatible with vSphere. If possible, apply patches to ESXi and vCenter Server to support TLSv1.1 and TLSv1.2 before upgrading View Connection Server. If you cannot apply patches, reenable TLSv1.0 on View Connection Server before upgrading. For more information, see Enable TLSv1.0 on vCenter Connections from Connection Server.
- If you use Horizon 7 servers with a version of View Agent older than 6.2, you will need to enable TLSv1.0 for PCoIP connections. View Agent versions that are older than 6.2 support the security protocol TLSv1.0 only for PCoIP. Horizon 7 servers, including connection servers and security servers, have TLSv1.0 disabled by default. You can enable TLSv1.0 for PCoIP connections on these servers by following the instructions in the VMware Knowledge Base, at http://kb.vmware.com/kb/2130798.
If you plan to perform fresh installations of View Connection Server instances on additional physical or virtual machines, see the complete list of installation requirements in the View Installation document.