Client systems that use a smart card for user authentication must meet certain requirements.

Horizon Client for Android supports using smart cards with remote desktops that have Windows XP, Windows Vista, or Windows 7 guest operating systems. VMware recommends using an Android 4.0 or later operating system. The CPU architecture must be ARM. The baiMobile 3000MP Bluetooth Smart Card reader, baiMobile 301MP USB Smart Card reader, and baiMobile 301MP_LT Smart Card reader were tested with the following smart cards:

  • Oberthur ID One V5.2a DOD CAC card

  • Gemalto TOPDLGX4 DOD CAC card

  • ActivIdentity 64K V2C Java Card

  • Gemalto ID Prime .NET (formerly .NET V2+ Orange)

Each client system that uses a smart card for user authentication must have the following software and hardware:

  • Horizon Client

  • A compatible smart card reader

  • Smart card middleware

    The app on the Android device must support your baiMobile smart card reader. One such app is baiMobile PCSC-Lite, whose tile name on Android devices is baiMobile PC/SC. Version 5.14 contains support for both the baiMobile 3000MP Bluetooth and baiMobile 301MP USB smart card readers. For example, without such an app, you can pair the Bluetooth card reader with the Android device, but you cannot connect it. To make a connection, the app sends a connection request to the reader, and you must tap the OK button on the reader to establish the Bluetooth connection.

  • Product-specific application drivers

You must also install product-specific application drivers on the remote desktops or Microsoft RDS host. For example, the following drivers were tested: ActiveClient6.2.0.50, ActivClient_7.0.1, and Gemalto.MiniDriver.NET.inf.

Users that authenticate with smart cards must have a smart card, and each smart card must contain a user certificate.

In addition to meeting these requirements for Horizon Client systems, other View components must meet certain configuration requirements to support smart cards:

  • For information about configuring Connection Server to support smart card use, see the topic "Configure Smart Card Authentication," in the View Administration document.

    All applicable CA (certificate authority) certificates for all trusted user certificates must be added to a server truststore file on the Connection Server host or security server host. These certificates include root certificates and must include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.

  • For information about tasks you might need to perform in Active Directory to implement smart card authentication, see the topics about preparing Active Directory for smart card authentication, in the View Installation document.