Client systems that use a smart card for user authentication must meet certain requirements.

VMware recommends using a Mac OS X Mavericks (10.9) or later operating system on your client system. The following smart cards were tested:

  • U.S. Department of Defense Common Access Card (CAC)

  • U.S. Federal Government Personal Identity Verification (PIV), also called FIPS-201

Each client system that uses a smart card for user authentication must have the following software and hardware:

  • Horizon Client

  • A compatible smart card reader

  • Product-specific application drivers

You must also install product-specific application drivers on the remote desktops or Microsoft RDS host. For Windows 7 remote desktops, the operating system installs the related driver when you insert a smart card reader and PIV card. For Windows XP and Windows Vista remote desktops, you can install the related driver by using ActivIdentify ActivClient.

Users who authenticate with smart cards must have a smart card and each smart card must contain a user certificate. When you generate a certificate for a blank PIV card, enter the path to the server truststore file on the Connection Server or security server host on the Crypto Provider tab in the PIV Data Generator tool. For information about creating a server truststore file, see "Configure Smart Card Authentication" in the View Administration document.

In addition to meeting these requirements for Horizon Client systems, other View components must meet certain configuration requirements to support smart cards:

  • For information about configuring Connection Server to support smart card use, see the topic "Configure Smart Card Authentication," in the View Administration document.

    Note:

    Smart cards are supported only with View 5.3.2 or later servers and desktops.

    All applicable CA (certificate authority) certificates for all trusted user certificates must be added to a server truststore file on the Connection Server host or security server host. These certificates include root certificates and must include intermediate certificates if the user's smart card certificate was issued by an intermediate certificate authority.

  • For information about tasks you might need to perform in Active Directory to implement smart card authentication, see the topics about preparing Active Directory for smart card authentication, in the View Installation document.