Client systems that use a smart card for user authentication must meet certain requirements.

VMware recommends that you use an Android 4.0 or later operating system. The CPU architecture may be ARM or x86. VMware tested the baiMobile 3000MP Bluetooth Smart Card reader, baiMobile 301MP USB Smart Card reader, and baiMobile 301MP_LT Smart Card reader.

Each client system that uses a smart card for user authentication must have the following software and hardware:

  • Horizon Client

  • A compatible smart card reader

  • Smart card middleware

    The Android device app must support your baiMobile smart card reader. For example, one such app is baiMobile PCSC-Lite (Android device tile name baiMobile PC/SC). Horizon Client for Android contains support for both the baiMobile 3000MP Bluetooth and baiMobile 301MP USB smart card readers. Without such an app, you can pair the Bluetooth card reader with the Android device, but you cannot connect it. The app sends a connection request to the reader and you tap the OK button on the reader to establish the Bluetooth connection.

  • Product-specific application drivers

You must also install product-specific application drivers on the remote desktops or Microsoft RDS host. VMware tested the ActiveClient6.2.0.50, ActivClient_7.0.1, Gemalto.MiniDriver.NET.inf, and Charismathics CSTC PIV 5.2.2 drivers.

Users that authenticate with smart cards must have a smart card and each smart card must contain a user certificate.

In addition to meeting these requirements for Horizon Client systems, other Horizon components must meet certain configuration requirements to support smart cards:

  • For information about configuring Connection Server to support smart card use, see the View Administration document.

    You must add all applicable Certificate Authority (CA) certificates for all trusted user certificates to a server truststore file on the Connection Server host or security server host. These certificates include root certificates and must include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.

  • For information about tasks you might need to perform in Active Directory to implement smart card authentication, see the View Administration document.

Enabling the Username Hint Field in Horizon Client

In some environments, smart card users can use a single smart card certificate to authenticate to multiple user accounts. Users enter their user name in the Username hint field during smart card sign-in.

To make the Username hint field appear on the Horizon Client login dialog box, you must enable the smart card user name hints feature for the Connection Server instance in Horizon Administrator. The smart card user name hints feature is supported only with Horizon 7 version 7.0.2 and later servers and agents. For information about enabling the smart card user name hints feature, see the View Administration document.

If your environment uses an Access Point appliance rather than a security server for secure external access, you must configure the Access Point appliance to support the smart card user name hints feature. The smart card user name hints feature is supported only with Access Point 2.7.2 and later. For information about enabling the smart card user name hints feature in Access Point, see the Deploying and Configuring Access Point document.

Note:

Horizon Client still supports single-account smart card certificates when the smart card user name hints feature is enabled.