Before end users can connect to a server and access a remote desktop or published application, a Horizon administrator must configure certain Connection Server settings.
Unified Access Gateway and Security Servers
- If your Horizon deployment includes a Unified Access Gateway appliance, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring Unified Access Gateway document. Unified Access Gateway appliances perform the same role as security servers.
- If your Horizon deployment includes a security server, verify that you are using the latest maintenance releases of Connection Server 6.2.x and Security Server 6.2.x or later releases. For more information, see the installation document for your Horizon version.
Secure Tunnel Connection
If you plan to use a secure tunnel connection for client devices, and if the secure connection is configured with a DNS host name for a Connection Server instance or a security server, verify that the client device can resolve this DNS name.
Desktop and Application Pools
- Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For more information, see the Setting Up Virtual Desktops in Horizon 7 and Setting Up Published Desktops and Applications in Horizon 7 documents.
- If end users have a high-resolution display and use the High Resolution Mode client setting while viewing their remote desktops in full screen mode, verify that sufficient vRAM is allocated for each Windows 7 or later remote desktop. The amount of vRAM depends on the number of monitors configured for end users and on the display resolution. To estimate the amount of vRAM, see the Horizon 7 Architecture Planning document.
User Authentication
- To provide end users with unauthenticated access to published applications in Horizon Client, you must enable this feature in the Connection Server instance. For more information, see the topics about unauthenticated access in the VMware Horizon Console Administration document.
- To use two-factor authentication, such as RSA SecurID or RADIUS authentication, with Horizon Client, you must enable the two-factor authentication feature for the Connection Server instance. Beginning with Horizon 7 version 7.11, you can customize the labels on the RADIUS authentication login page. Beginning with Horizon 7 version 7.12, you can configure two-factor authentication to occur after a remote session times out. For more information, see the topics about two-factor authentication in the VMware Horizon Console Administration document.
- To allow the Connection Server instance to accept the user identity and credential information that is passed when users select Log in as current user in the Options menu in Horizon Client, enable the Accept logon as current user setting for the Connection Server instance. This setting is available in Horizon 7 version 7.8 and later. For more information, see the VMware Horizon Console Administration document.
You can use Horizon Client group policy settings to configure the Log in as current user feature, including specifying a white list of Connection Server instances that can accept Log in as current user authentication information. For information about these client-side settings, see Security Settings for Client GPOs.
- To hide the server URL in Horizon Client, enable the Hide server information in client user interface global setting. This setting is available in Horizon 7 version 7.1 and later. For more information, see the VMware Horizon Console Administration document.
- To hide the Domain drop-down menu in Horizon Client, enable the Hide domain list in client user interface global setting. This setting is available in Horizon 7 version 7.1 and later. Beginning with Horizon 7 version 7.8, it is enabled by default. For more information, see the VMware Horizon Console Administration document.
- To send the domain list to Horizon Client, enable the Send domain list global setting in Horizon Console. This setting is available in Horizon 7 verison 7.8 and later and is disabled by default. Earlier Horizon 7 versions send the domain list. For more information, see the VMware Horizon Console Administration document.
The following table shows how the Send domain list and Hide domain list in client user interface global settings determine how users can log in to the server.
Send domain list setting | Hide domain list in client user interface setting | How users log in |
---|---|---|
Disabled (default) | Enabled | The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
|
Disabled (default) | Disabled | If a default domain is configured on the client, the default domain appears in the Domain drop-down menu. If the client does not know a default domain, *DefaultDomain* appears in the Domain drop-down menu. Users must enter one of the following values in the User name text box.
|
Enabled | Enabled | The Domain drop-down menu is hidden. Users must enter one of the following values in the User name text box.
|
Enabled | Disabled | Users can enter a user name in the User name text box and then select a domain from the Domain drop-down menu. Alternatively, users can enter one of the following values in the User name text box.
|