Before end users can connect to a server and access a remote desktop or published application, a Horizon administrator must configure certain Connection Server settings.

Unified Access Gateway and Security Servers

  • If your Horizon deployment includes a Unified Access Gateway appliance, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring Unified Access Gateway document. Unified Access Gateway appliances perform the same role as security servers.

  • If your Horizon deployment includes a security server, verify that you are using the latest maintenance releases of Connection Server 6.x and Security Server 6.x or later releases. For more information, see the installation document for your Horizon version.

Secure Tunnel Connection

If you plan to use a secure tunnel connection for client devices, and if the secure connection is configured with a DNS host name for a Connection Server instance or a security server, verify that the client device can resolve this DNS name.

Desktop and Application Pools

  • Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For more information, see the Setting Up Virtual Desktops in Horizon 7 and Setting Up Published Desktops and Applications in Horizon 7 documents.

  • If end users have a high-resolution display and use the High Resolution Mode client setting while viewing their remote desktops in full screen mode, verify that sufficient vRAM is allocated for each Windows 7 or later remote desktop. The amount of vRAM depends on the number of monitors configured for end users and on the display resolution. To estimate the amount of vRAM, see the Horizon 7 Architecture Planning document.

User Authentication

  • To use two-factor authentication, such as RSA SecurID or RADIUS authentication, with Horizon Client, you must enable the two-factor authentication feature in Connection Server. For more information, see the topics about two-factor authentication in the Horizon 7 Administration document.

  • To hide security information in Horizon Client, including server URL information and the Domain drop-down menu, enable the Hide server information in client user interface and Hide domain list in client user interface settings for the Connection Server instance. These global settings are available in Horizon 7 version 7.1 and later. For information about configuring global settings, see the Horizon 7 Administration document.

    To authenticate when the Domain drop-down menu is hidden, users must provide domain information by entering their user name in the format domain\username or username@domain in the User name text box.

    Important:

    If you enable the Hide server information in client user interface and Hide domain list in client user interface settings and select two-factor authentication (RSA SecureID or RADIUS) for the Connection Server instance, do not enforce Windows user name matching. Enforcing Windows user name matching prevents users from entering domain information in the user name text box and login always fails. For more information, see the topics about two-factor authentication in the Horizon 7 Administration document.

  • To enable end users to save their passwords with Horizon Client, so that they do not have to supply credentials when they connect to a Connection Server instance, configure Horizon LDAP for this feature in Connection Server.

    Users can save their passwords if Horizon LDAP is configured to allow it, if the Horizon Client certificate verification mode is set to Warn before connecting to untrusted servers or Never connect to untrusted servers, and if Horizon Client can fully verify the server certificate that Connection Server presents. For more information, see the Horizon 7 Administration document.