Before end users can connect to a server in a Horizon 8 deployment and access a remote desktop or published application, a Horizon administrator must configure certain Connection Server settings.

Unified Access Gateway and Security Servers

If your deployment includes a Unified Access Gateway appliance, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring VMware Unified Access Gateway document. Unified Access Gateway appliances perform the same role as security servers.

If your deployment includes a security server, verify that you are using the latest maintenance releases of Connection Server 7.13 and Security Server 7.13 or later. For more information, see the installation document for your server version.

Note: Security servers are not supported in VMware Horizon 2006 and later.

Secure Tunnel Connection

If you plan to use a secure tunnel connection for client devices, and if the secure connection is configured with a DNS host name for a Connection Server instance or a security server, verify that the client device can resolve this DNS name. .

Desktop and Application Pools

Use the following check list when configuring desktop and application pools.

  • Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For more information, see the Windows Desktops and Applications in Horizon document.
  • Verify that the desktop or application pool is set to use the VMware Blast display protocol or the PCoIP display protocol. For information, see the Windows Desktops and Applications in Horizon document.

User Authentication

Use the following check list when setting up user authentication.

  • To use Fingerprint authentication with Horizon Client, you must activate biometric authentication in Connection Server. For more information, see the Horizon Administration document.
  • To allow end users to save their passwords with Horizon Client, so that they do not have to supply credentials when they connect to a Connection Server instance, configure Horizon LDAP for this feature in Connection Server.

    Users can save their passwords if Horizon LDAP is configured to allow it, if the Horizon Client certificate verification mode is set to Warn before connecting to untrusted servers or Never connect to untrusted servers, and if Horizon Client can fully verify the server certificate that Connection Server presents. For more information, see the Horizon Administration document.

  • To provide end users with unauthenticated access to published applications in Horizon Client, you must activate this feature in the Connection Server instance. For more information, see the topics about unauthenticated access in the Horizon Administration document.
  • To use two-factor authentication, such as RSA SecurID or RADIUS authentication, with Horizon Client, you must activate the two-factor authentication feature for the Connection Server instance. You can customize the labels on the RADIUS authentication login page and configure two-factor authentication to occur after a remote session times out. For more information, see the topics about two-factor authentication in the Horizon Administration document.
  • To hide the server URL in Horizon Client, activate the Hide server information in client user interface global setting. For more information, see the Horizon Administration document.
  • To hide the Domain drop-down menu in Horizon Client, activate the Hide domain list in client user interface global setting. This setting is activated by default. For more information, see the Horizon Administration document.
  • To send the domain list to Horizon Client, activate the Send domain list global setting in Horizon Console. This setting is deactivated by default. For more information, see the Horizon Administration document.

The following table shows how the Send domain list and Hide domain list in client user interface global settings determine how users can log in to the server.

Send domain list setting Hide domain list in client user interface setting How users log in
Disabled (default) Enabled The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Disabled (default) Disabled If a default domain is configured on the client, the default domain appears in the Domain drop-down menu. If the client does not know a default domain, *DefaultDomain* appears in the Domain drop-down menu. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Enabled Enabled The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Enabled Disabled Users can enter a user name in the User name text box and then select a domain from the Domain drop-down menu. Alternatively, users can enter one of the following values in the User name text box.
  • domain\username
  • username@domain.com