You can configure certain options by adding entries to the files /etc/vmware/config or /etc/vmware/viewagent-custom.conf.

During the installation of View Agent or Horizon Agent, the installer copies two configuration template files, config.template and viewagent-custom.conf.template, to /etc/vmware. In addition, if /etc/vmware/config and /etc/vmware/viewagent-custom.conf do not exist, the installer copies config.template to config and viewagent-custom.conf.template to viewagent-custom.conf. In the template files, all the configuration options are listed and documented. To set an option, simply remove the comment and change the value as appropriate.

After you make configuration changes, reboot Linux for the changes to take effect.

Configuration Options in /etc/vmware/config

VMwareBlastServer and its related plug-ins use the configuration file /etc/vmware/config.

Note:

The following table includes description for each agent-enforced policy setting for USB in the Horizon Agent configuration file. Horizon Agent uses the settings to decide if a USB can be forwarded to the host machine. Horizon Agent also passes the settings to Horizon Client for interpretation and enforcement according to whether you specify the merge (m) modifier to apply the Horizon Agent filter policy setting in addition to the Horizon Client filter policy setting, or override the (o) modifier to use the Horizon Agent filter policy setting instead of the Horizon Client filter policy setting.

Table 1. Configuration Options in /etc/vmware/config

Option

Value/Format

Default

Description

VVC.ScRedir.Enable

true or false

true

Set this option to enable/disable smart card redirection.

VVC.logLevel

fatal error, warn, info, debug, or trace

info

Use this option to set the log level of the VVC proxy node.

VVC.RTAV.Enable

true or false

true

Set this option to enable/disable audio input.

Clipboard.Direction

0, 1, 2, or 3

2

Use this option to specify the clipboard redirection policy. Valid values are as follows:

  • 0 - Disable clipboard redirection.

  • 1 - Enable clipboard redirection in both directions.

  • 2 - Enable clipboard redirection from client to remote desktop only.

  • 3 - Enable clipboard redirection from remote desktop to client only.

cdrserver.logLevel

error, warn, info, debug, traceor verbose

info

Use this option to set the log level for vmware-CDRserver.log file.

cdrserver.forcedByAdmin

true or false

false

Set this option to control whether the client can share additional folders that are not specified with the cdrserver.shareFolders option.

cdrserver.sharedFolders

file_path1,R;file-path2,; file_path3,R; ...

undefined

Specify one or more file paths to the folders that the client can share with the Linux desktop. For example:

  • For a Windows client: C:\spreadsheets,;D:\ebooks,R

  • For a non-Windows client: /tmp/spreadsheets;/tmp/ebooks,;/home/finance,R

cdrserver.permissions

R

RW

Use this option to apply additional read/write permissions that Horizon Agent has on the folders shared by Horizon Client. For example:

  • If the folder shared by Horizon Client has read and write permissions and you set cdrserver.permissions=R, then Horizon Agent has only read access permissions.

  • If the folder shared by Horizon Client has only read permissions and you set cdrserver.permissions=RW, Horizon Agent still has only read access rights. Horizon Agent cannot change the read only attribute that was set by Horizon Client. Horizon Agent can only remove the write access rights.

Typical uses are as follows:

  • cdrserver.permissions=R

  • #cdrserver.permissions=R (for example, comment it out or delete the entry)

cdrserver.cacheEnable

true or false

true

Set this option to enable or disable the write caching feature from the agent towards the client side.

UsbRedirPlugin.log.logLevel

error, warn, info, debug, trace, or verbose

info

Use this option to set the log level for the USB Redirection plugin.

UsbRedirServer.log.logLevel

error, warn, info, debug, trace, or verbose

info

Use this option to set the log level for the USB Redirection server.

viewusb.AllowAutoDeviceSplitting

{m|o}:{true|false}

undefined, which equates to false

Set this option to allow or disallow the automatic splitting of composite USB devices.

Example: m:true

viewusb.SplitExcludeVidPid

{m|o}:vid-xxx1_pid-yyy1[;vid-xxx2_pid-yyy2;...]

undefined

Use this option to exclude or include a specified composite USB device from splitting by Vendor and Product IDs . The format of the setting is vid-xxx1_pid-yyy1[;vid-xxx2_pid-yyy2;...]. You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

Example: m:vid-0f0f_pid-55**

viewusb.SplitVidPid

{m|o}: vid-xxxx_pid-yyyy([exintf:zz[;exintf:ww]])[;...]

undefined

Set this option to treat the components of a composite USB device specified by Vendor and Product IDs as separate devices. The format of the setting is vid-xxxx_pid-yyyy(exintf:zz[;exintf:ww]).

You can use the exintf keyword to exclude components from redirection by specifying their interface number. You must specify ID numbers in hexadecimal, and interface numbers in decimal including any leading zero. You can use the wildcard character (*) in place of individual digits in an ID.

Example: o:vid-0f0f_pid-***(exintf-01);vid-0781_pid-554c(exintf:01;exintf:02)

Note:

Horizon does not automatically include the components that you have not explicitly excluded. You must specify a filter policy such as Include VidPid Device to include those components.

viewusb.AllowAudioIn

{m|o}:{true|false}

undefined, which equates to true

Use this option to allow or disallow audio input devices to be redirected. Example: o:false

viewusb.AllowAudioOut

{m|o}:{true|false}

undefined, which equates to false

Set this option to allow or disallow redirection of audio output devices.

viewusb.AllowHIDBootable

{m|o}:{true|false}

undefined, which equates to true

Use this option to allow or disallow the redirection of input devices other than keyboards or mice that are available at boot time, also known as HID-bootable devices.

viewusb.AllowDevDescFailsafe

{m|o}:{true|false}

undefined, which equates to false

Set this option to allow or disallow devices to be redirected even if Horizon Client fails to get the configuration or device descriptors. To allow a device even if it fails to get the configuration or device descriptors, include it in the Include filters, such as IncludeVidPid or IncludePath.

viewusb.AllowKeyboardMouse

{m|o}:{true|false}

undefined, which equates to false

Use this option to allow or disallow the redirection of keyboards with integrated pointing devices (such as a mouse, trackball, or touch pad).

viewusb.AllowSmartcard

{m|o}:{true|false}

undefined, which equates to false

Set this option to allow or disallow smart card devices to be redirected.

viewusb.AllowVideo

{m|o}:{true|false}

undefined, which equates to true

Use this option to allow or disallow video devices to be redirected.

viewusb.DisableRemoteConfig

{m|o}:{true|false}

undefined, which equates to false

Set this option to disable or enable the use of Horizon Agent settings when performing USB device filtering.

viewusb.ExcludeAllDevices

{true|false}

undefined, which equates to false

Use this option to exclude or include all USB devices from being redirected. If set to true, you can use other policy settings to allow specific devices or families of devices to be redirected. If set to false, you can use other policy settings to prevent specific devices or families of devices from being redirected. If you set the value of ExcludeAllDevices to true on Horizon Agent, and this setting is passed to Horizon Client, the Horizon Agent setting overrides the Horizon Client setting.

viewusb.ExcludeFamily

{m|o}:family_name_1[;family_name_2;...]

undefined

Use this option to exclude families of devices from being redirected. For example: m:bluetooth;smart-card

If you have enabled automatic device splitting, Horizon examines the device family of each interface of a composite USB device to decide which interfaces should be excluded. If you have disabled automatic device splitting, Horizon examines the device family of the whole composite USB device.

Note:

Mice and keyboards are excluded from redirection by default and do not need to be excluded with this setting.

viewusb.ExcludeVidPid

{m|o}:vid-xxx1_ pid-yyy1[;vid-xxx2_pid-yyy2;..]

undefined

Set this option to exclude devices with specified vendor and product IDs from being redirected. You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: o:vid-0781_pid- ****;vid-0561_pid-554c

viewusb.ExcludePath

{m|o}:bus-x1[/y1].../ port-z1[;bus-x2[/y2].../port-z2;...]

undefined

Use this option to exclude devices at specified hub or port paths from being redirected. You must specify bus and port numbers in hexadecimal. You cannot use the wildcard character in paths.

For example:m:bus-1/2/3_port- 02;bus-1/1/1/4_port-ff

viewusb.IncludeFamily

{m|o}:family_name_1[;family_name_2]...

undefined

Set this option to include families of devices that can be redirected.

For example: o:storage; smart-card

viewusb.IncludePath

{m|o}:bus-x1[/y1].../ port-z1[;bus-x2[/y2].../portz2;...]

undefined

Use this option to include devices at specified hub or port paths that can be redirected. You must specify bus and port numbers in hexadecimal. You cannot use the wildcard character in paths.

For example: m:bus-1/2_port- 02;bus-1/7/1/4_port-0f

viewusb.IncludeVidPid

{m|o}:vid-xxx1_ pid-yyy1[;vid-xxx2_pid-yyy2;...]

undefined

Set this option to include devices with specified Vendor and Product IDs that can be redirected. You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: o:vid-***_pid-0001;vid-0561_pid-554c

mksVNCServer.useXExtButtonMapping

true or false

false

Set this option to enable or disable the support of a left-handed mouse on SLED 11 SP3.

mksvhan.clipboardSize

An integer

1024

Use this option to specify the clipboard maximum size to copy and paste.

RemoteDisplay.maxBandwidthKbps

An integer

4096000

Specifies the maximum bandwidth in kilobits per second (kbps) for a VMware Blast session. The bandwidth includes all imaging, audio, virtual channel, and VMware Blast control traffic. The max value is 4 Gbps (4096000).

RemoteDisplay.maxFPS

An integer

60

Specifies the maximum rate of screen updates. Use this setting to manage the average bandwidth that users consume. Valid value should be between 3 and 60. The default is 60 updates per second.

RemoteDisplay.enableStats

true or false

false

Enables or disables the VMware Blast display protocol statistics in mks log, such as bandwidth, FPS, RTT, and so on.

RemoteDisplay.allowH264

true or false

true

Set this option to enable or disable H.264 encoding.

vdpservice.log.logLevel

fatal error, warn, info, debug, or trace

info

Use this option to set the log level of the vdpservice.

RemoteDisplay.qpmaxH264

available range of values: 0-51

36

Use this option to set the H264minQP quantization parameter, which specifies the best image quality for the remote display configured to use H.264 encoding. Set the value to greater than the value set for RemoteDisplay.qpminH264.

RemoteDisplay.qpminH264

available range of values: 0-51

10

Use this option to set the H264maxQP quantization parameter, which specifies the lowest image quality for the remote display configured to use H.264 encoding. Set the value to less than the value set for RemoteDisplay.qpmaxH264.

RemoteDisplay.minQualityJPEG

available range of values: 1-100

25

Specifies the image quality of the desktop display for JPEG/PNG encoding. The low-quality settings are for areas of the screen that change often, for example, when scrolling occurs.

RemoteDisplay.midQualityJPEG

available range of values: 1-100

35

Specifies the image quality of the desktop display for JPEG/PNG encoding. Use to set the medium-quality settings of the desktop display.

RemoteDisplay.maxQualityJPEG

available range of values: 1-100

90

Specifies the image quality of the desktop display for JPEG/PNG encoding. The high-quality settings are for areas of the screen that are more static, resulting in a better image quality.

Configuration Options in /etc/vmware/viewagent-custom.conf

Java Standalone Agent uses the configuration file /etc/vmware/viewagent-custom.conf.

Table 2. Configuration Options in /etc/vmware/viewagent-custom.conf

Option

Value

Default

Description

Subnet

NULL or network address and mask in IP address/CIDR format

NULL

If multiple local IP addresses have different subnets, use this option to set the subnet that the Linux Agent provides to the Connection Server instance.

When multiple subnet configurations are detected on a Linux Agent machine, this option is required to specify the correct subnet that should be used by the Linux Agent. For example, if you installed Docker on the Linux machine, it will be introduced as a virtual network adapter. To avoid Linux Agent from using Docker as a virtual network adapter, you have to set this option to use the real physical network adapter.

You must specify the value in IP address/CIDR format. For example, Subnet=192.168.1.0/24.

NULL implies that the Linux Agent randomly selects the IP address.

SSOEnable

true or false

true

Set this option to enable/disable single sign-on (SSO).

SSOUserFormat

A text string

[username]

Use this option to specify the format of the login name for single sign-on. The default is the user name only. Set this option if the domain name is also required. Typically, the login name is the domain name plus a special character followed by the user name. If the special character is the backslash, you must escape it with another backslash. Examples of login name formats are as follows:

  • SSOUserFormat=[domain]\\[username]

  • SSOUserFormat=[domain]+[username]

  • SSOUserFormat=[username]@[domain]

CDREnable

true or false

true

Set this option to enable or disable the Client Drive Redirection (CDR) feature.

USBEnable

true or false

true

Set this option to enable or disable the USB Redirection feature.

KeyboardLayoutSync

true or false

true

Use this option to specify whether to synchronize a client's system locale list and current keyboard layout with Horizon Agent for Linux desktops.

When this setting is enabled or not configured, synchronization is allowed. When this setting is disabled, synchronization is not allowed.

This feature is supported only for Horizon Client for Windows, and only for the English, French, German, Japanese, Korean, Spanish, Simplified Chinese, and Traditional Chinese locales.

StartBlastServerTimeout

An integer

20

This option determines the amount of time, in seconds, that the VMwareBlastServer process has for initialization. If the process is not ready within this timeout value, the user's login will fail.

SSLCiphers

A text string

!aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES

Use this option to specify the list of ciphers. You must use the format that is defined in https://www.openssl.org/docs/manmaster/man1/ciphers.html.

SSLProtocols

A text string

TLSv1_1:TLSv1_2

Use this option to specify the security protocols. The supported protocols are TLSv1.0, TLSv1.1, and TLSv1.2.

SSLCipherServerPreference

true or false

true

Use this option to enable or disable the option SSL_OP_CIPHER_SERVER_PREFERENCE. For more information, see https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html.

SSODesktopType

UseMATE or UseGnomeFlashback or UseKdePlasma or UseGnomeClassic

This option specifies the desktop environment to use, instead of the default desktop environment, when SSO is enabled.

You must ensure that the chosen desktop environment is installed on your desktop first before specifying to use it. After this option is set in an Ubuntu 14.04/16.04 desktop, the option takes effect regardless if the SSO feature is enabled or not. If this option is specified in a RHEL/CentOS 7.x desktop, the chosen desktop environment is used only if SSO is enabled.

LogCnt

An integer

-1

Use this option to set the reserved log file count in /tmp/vmware-root.

  • -1 - keep all

  • 0 - delete all

  • > 0 - reserved log count.

RunOnceScript

Use this option to rejoin the cloned virtual machine to Active Directory.

Set the run once script after the host name has changed. The specified script is executed only once after the first host name change. The script is executed as root permission when the agent service starts and host name has been changed since agent installation.

For example, for the winbind solution, you must join the base virtual machine to Active Directory with winbind, and set this option to a script path. This must contain the domain rejoin command /usr/bin/net ads join -U <ADUserName>%<ADUserPassword>. After VM Clone, the operating system customization changes the host name. When the agent service starts, the script is executed to join the cloned virtual machine to Active Directory.

RunOnceScriptTimeout

120

Use this option to set the timeout time in seconds for the RunOnceScript option.

For example, set RunOnceScriptTimeout=120

Note:

The three security options, SSLCiphers, SSLProtocols, and SSLCipherServerPreference are for the VMwareBlastServer process. When starting the VMwareBlastServer process, the Java Standalone Agent passes these options as parameters. When Blast Secure Gateway (BSG) is enabled, these options affect the connection between BSG and the Linux desktop. When BSG is disabled, these options affect the connection between the client and the Linux desktop.