Before end users can connect to a server and access a remote desktop or published application, a Horizon administrator must configure certain Connection Server settings.

Unified Access Gateway and Security Servers

If your VMware Horizon deployment includes a Unified Access Gateway appliance, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring VMware Unified Access Gateway document. Unified Access Gateway appliances perform the same role as security servers.

If your VMware Horizon deployment includes a security server, verify that you are using the latest maintenance releases of Connection Server 7.5 and Security Server 7.5 or later releases. For more information, see the installation document for your Horizon version.

Note: Security servers are not supported in VMware Horizon 2006 and later.

Secure Tunnel Connection

If you plan to use a secure tunnel connection for client devices, and if the secure connection is configured with a DNS host name for a Connection Server instance or a security server, verify that the client device can resolve this DNS name. .

Desktop and Application Pools

Use the following check list when configuring desktop and application pools.

  • Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For more information, see the Setting Up Virtual Desktops in Horizon and Setting Up Published Desktops and Applications in Horizon documents.
  • If end users have a high-resolution display and use the High Resolution Mode client setting while viewing their remote desktops in full-screen mode, verify that sufficient vRAM is allocated for each Windows remote desktop. The amount of vRAM depends on the display resolution and the number of monitors configured for end users.

User Authentication

Use the following check list when setting up user authentication.

  • To provide end users with unauthenticated access to published applications in Horizon Client, you must enable this feature in the Connection Server instance. For more information, see the topics about unauthenticated access in the Horizon Administration document.
  • To use two-factor authentication, such as RSA SecurID or RADIUS authentication, with Horizon Client, you must enable the two-factor authentication feature for the Connection Server instance. Beginning with Horizon 7 version 7.11, you can customize the labels on the RADIUS authentication login page. Beginning with Horizon 7 version 7.12, you can configure two-factor authentication to occur after a remote session times out. For more information, see the topics about two-factor authentication in the Horizon Administration document.
  • To allow the Connection Server instance to accept the user identity and credential information that is passed when users select Log in as current user in the Options menu in Horizon Client, enable the Accept logon as current user setting for the Connection Server instance. This setting is available in Horizon 7 version 7.8 and later. For more information, see the Horizon Administration document.

    You can use Horizon Client group policy settings to configure the Log in as current user feature, including specifying a list of Connection Server instances that can accept Log in as current user authentication information. For information about these client-side settings, see Security Settings for Client GPOs.

  • To hide the server URL in Horizon Client, enable the Hide server information in client user interface global setting. For more information, see the Horizon Administration document.
  • To hide the Domain drop-down menu in Horizon Client, enable the Hide domain list in client user interface global setting. Beginning with Horizon 7 version 7.8, this setting is enabled by default. For more information, see the Horizon Administration document.
  • To send the domain list to Horizon Client, enable the Send domain list global setting in Horizon Console. This setting is available in Horizon 7 version 7.8 and later and is disabled by default. Earlier Horizon 7 versions send the domain list. For more information, see the Horizon Administration document.

The following table shows how the Send domain list and Hide domain list in client user interface global settings determine how users can log in to the server.

Send domain list setting Hide domain list in client user interface setting How users log in
Disabled (default) Enabled The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Disabled (default) Disabled If a default domain is configured on the client, the default domain appears in the Domain drop-down menu. If the client does not know a default domain, *DefaultDomain* appears in the Domain drop-down menu. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Enabled Enabled The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
  • User name (not allowed for multiple domains)
  • domain\username
  • username@domain.com
Enabled Disabled Users can enter a user name in the User name text box and then select a domain from the Domain drop-down menu. Alternatively, users can enter one of the following values in the User name text box.
  • domain\username
  • username@domain.com