Before end users can connect to a server and access a remote desktop or published application, a Horizon administrator must install Connection Server and install security servers, if used.
You can use Unified Access Gateway appliances, rather than security servers, for secure external access. For more information, see the Deploying and Configuring Unified Access Gateway document.
Following is a check list of tasks that a Horizon administrator must perform to use Horizon Client for Chrome.
Install Connection Server. For installation instructions, see the Horizon 7 Installation document.
If you use security servers, install Security Server. The version of Security Server must match the version of Connection Server. For installation instructions, see the Horizon 7 Installation document.
Verify that each Connection Server instance or security server has a TLS certificate that can be fully verified by using the host name that you enter in the Web browser. For more information, see the Horizon 7 Installation document.
To use two-factor authentication, such as RSA SecurID or RADIUS authentication, verify that this feature is enabled on Connection Server. For more information, see the topics about two-factor authentication in the Horizon 7 Administration document.Important:
If you enable the Hide domain list in client user interface settings and select two-factor authentication (RSA SecureID or RADIUS) for the Connection Server instance, do not enforce Windows user name matching. Enforcing Windows user name matching prevents users from entering domain information in the user name text box and login always fails. For more information, see the topics about two-factor authentication in the Horizon 7 Administration document.
If you use third-party firewalls, configure rules to allow inbound traffic to TCP port 8443 for all security servers and Connection Server hosts in a replicated group, and configure a rule to allow inbound traffic (from servers) to TCP port 22443 on remote desktop virtual machines and RDS hosts in the data center. For more information, see Firewall Rules for Client Web Browser Access.
After the servers are installed, the Blast Secure Gateway setting is enabled on the applicable Connection Server instances and security servers in Horizon Administrator. Also, the Blast External URL setting is configured to use the Blast Secure Gateway on the applicable Connection Server instances and security servers. By default, the URL includes the FQDN of the secure tunnel external URL and the default port number, 8443. The URL must contain the FQDN and port number that a client system can use to reach the Connection Server host or security server host. For more information, see "Set the External URLs for a Connection Server Instance," in the Horizon 7 Installation document.