Before end users can connect to a server and access a remote desktop or published application, a Horizon administrator must configure certain Connection Server settings.

Unified Access Gateway and Security Servers

If your VMware Horizon deployment includes a Unified Access Gateway appliance, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring VMware Unified Access Gateway document. Unified Access Gateway appliances perform the same role as security servers.

If your VMware Horizon deployment includes a security server, verify that you are using the latest maintenance releases of Connection Server 7.5 and Security Server 7.5 or later releases. For more information, see the installation document for your Horizon version.

Note: Security servers are not supported in VMware Horizon 2006 and later.

Secure Tunnel Connection

If you plan to use a secure tunnel connection for client devices, and if the secure connection is configured with a DNS host name for a Connection Server instance or a security server, verify that the client device can resolve this DNS name. .

Desktop and Application Pools

Use the following check list when configuring desktop and application pools.

  • Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For more information, see the Setting Up Virtual Desktops in Horizon and Setting Up Published Desktops and Applications in Horizon documents.
  • Verify that the desktop or application pool is set to use the VMware Blast display protocol or the PCoIP display protocol. For information, see the Setting Up Virtual Desktops in Horizon and Setting Up Published Desktops and Applications in Horizon documents.

User Authentication

Use the following check list when setting up user authentication.

  • To use Fingerprint authentication with Horizon Client, you must enable biometric authentication in Connection Server. For more information, see the Horizon Administration document.
  • To enable end users to save their passwords with Horizon Client, so that they do not have to supply credentials when they connect to a Connection Server instance, configure Horizon LDAP for this feature in Connection Server.

    Users can save their passwords if Horizon LDAP is configured to allow it, if the Horizon Client certificate verification mode is set to Warn before connecting to untrusted servers or Never connect to untrusted servers, and if Horizon Client can fully verify the server certificate that Connection Server presents. For more information, see the Horizon Administration document.

  • To provide end users with unauthenticated access to published applications in Horizon Client, you must enable this feature in the Connection Server instance. For more information, see the topics about unauthenticated access in the Horizon Administration document.
  • To use two-factor authentication, such as RSA SecurID or RADIUS authentication, with Horizon Client, you must enable the two-factor authentication feature for the Connection Server instance. Beginning with Horizon 7 version 7.11, you can customize the labels on the RADIUS authentication login page. Beginning with Horizon 7 version 7.12, you can configure two-factor authentication to occur after a remote session times out. For more information, see the topics about two-factor authentication in the Horizon Administration document.
  • To hide the server URL in Horizon Client, enable the Hide server information in client user interface global setting. For more information, see the Horizon Administration document.
  • To hide the Domain drop-down menu in Horizon Client, enable the Hide domain list in client user interface global setting. Beginning with Horizon 7 version 7.8, this setting is enabled by default. For more information, see the Horizon Administration document.
  • To send the domain list to Horizon Client, enable the Send domain list global setting in Horizon Console. This setting is available in Horizon 7 version 7.8 and later and is deactivated by default. Earlier Horizon 7 versions send the domain list. For more information, see the Horizon Administration document.

The following table shows how the Send domain list and Hide domain list in client user interface global settings determine how users can log in to the server.

Send domain list setting Hide domain list in client user interface setting How users log in
Disabled (default) Enabled The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Disabled (default) Disabled If a default domain is configured on the client, the default domain appears in the Domain drop-down menu. If the client does not know a default domain, *DefaultDomain* appears in the Domain drop-down menu. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Enabled Enabled The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Enabled Disabled Users can enter a user name in the User name text box and then select a domain from the Domain drop-down menu. Alternatively, users can enter one of the following values in the User name text box.
  • domain\username
  • username@domain.com