Before end users can connect to a server in a Horizon 8 deployment and access a remote desktop or published application, a Horizon administrator must configure certain Connection Server settings.
Unified Access Gateway and Security Servers
If your deployment includes a Unified Access Gateway appliance, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring VMware Unified Access Gateway document. Unified Access Gateway appliances perform the same role as security servers.
If your deployment includes a security server, verify that you are using the latest maintenance releases of Connection Server 7.13 and Security Server 7.13 or later. For more information, see the installation document for your server version.
Secure Tunnel Connection
If you plan to use a secure tunnel connection for client devices, and if the secure connection is configured with a DNS host name for a Connection Server instance or a security server, verify that the client device can resolve this DNS name. .
Desktop and Application Pools
Use the following check list when configuring desktop and application pools.
- Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For more information, see the Windows Desktops and Applications in Horizon document.
- If end users have a high-resolution display and use the High Resolution Mode client setting while viewing their remote desktops in full-screen mode, verify that sufficient vRAM is allocated for each Windows remote desktop. The amount of vRAM depends on the display resolution and the number of monitors configured for end users.
User Authentication
Use the following check list when setting up user authentication.
- To provide end users with unauthenticated access to published applications in Horizon Client, you must enable this feature in the Connection Server instance. For more information, see the topics about unauthenticated access in the Horizon Administration document.
- To use two-factor authentication, such as RSA SecurID or RADIUS authentication, with Horizon Client, you must enable the two-factor authentication feature for the Connection Server instance. You can customize the labels on the RADIUS authentication login page and configure two-factor authentication to occur after a remote session times out. For more information, see the topics about two-factor authentication in the Horizon Administration document.
- To allow the Connection Server instance to accept the user identity and credential information that is passed when users select Log in As Current User from the Options menu in Horizon Client menu bar, enable the Accept logon as current user setting for the Connection Server instance. For more information, see the Horizon Administration document.
You can use Horizon Client group policy settings to configure the Log in as current user feature, including specifying a list of Connection Server instances that can accept Log in as current user authentication information. For information about these client-side settings, see Using Group Policy Settings to Configure Horizon Client.
- To hide the server URL in Horizon Client, enable the Hide server information in client user interface global setting. For more information, see the Horizon Administration document.
- To hide the Domain drop-down menu in Horizon Client, enable the Hide domain list in client user interface global setting. This setting is enabled by default. For more information, see the Horizon Administration document.
- To send the domain list to Horizon Client, enable the Send domain list global setting in Horizon Console. This setting is deactivated by default. For more information, see the Horizon Administration document.
The following table shows how the Send domain list and Hide domain list in client user interface global settings determine how users can log in to the server.
Send domain list setting | Hide domain list in client user interface setting | How users log in |
---|---|---|
Disabled (default) | Enabled | The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
|
Disabled (default) | Disabled | If a default domain is configured on the client, the default domain appears in the Domain drop-down menu. If the client does not know a default domain, *DefaultDomain* appears in the Domain drop-down menu. Users must enter one of the following values in the User name text box.
|
Enabled | Enabled | The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
|
Enabled | Disabled | Users can enter a user name in the User name text box and then select a domain from the Domain drop-down menu. Alternatively, users can enter one of the following values in the User name text box.
|