A Horizon administrator must perform specific tasks to enable end users to connect to remote desktops and applications.
Before end users can connect to a Connection Server instance or a security server and access a remote desktop or application, a Horizon administrator must configure certain pool settings and security settings:
- If you plan to use Unified Access Gateway, configure Connection Server to work with Unified Access Gateway. See the Deploying and Configuring Unified Access Gateway document. Unified Access Gateway appliances fulfill the same role that was previously played by only security servers.
- If you are using a security server, verify that you are using the latest maintenance releases of Connection Server 6.x and Security Server 6.x or later releases. For more information, see the View Installation document.
- If you plan to use a secure tunnel connection for client devices and if the secure connection is configured with a DNS host name for Connection Server or a security server, verify that the client device can resolve this DNS name.
To enable or disable the secure tunnel, in Horizon Administrator, go to the Edit Horizon Connection Server Settings dialog box and use the check box called Use secure tunnel connection to desktop.
- Verify that a desktop or application pool has been created and that the user account that you plan to use is entitled to access the pool. For information, see the Setting Up Virtual Desktops in Horizon 7 or Setting Up Published Desktops and Applications in Horizon 7 document.
- To use two-factor authentication with Horizon Client, such as RSA SecurID or RADIUS authentication, you must enable this feature on Connection Server. For more information, see the topics about two-factor authentication in the View Administration document.
- To hide security information in Horizon Client, including server URL information and the Domain drop-down menu, enable the Hide server information in client user interface and Hide domain list in client user interface settings in Horizon Administrator. These global settings are available in Horizon 7 version 7.1 and later. For information about configuring global settings, see the View Administration document.
To authenticate when the Domain drop-down menu is hidden, users must provide domain information by entering their user name in the format domain\username or username@domain in the User name text box.Important: If you enable the Hide server information in client user interface and Hide domain list in client user interface settings and select two-factor authentication (RSA SecureID or RADIUS) for the Connection Server instance, do not enforce Windows user name matching. Enforcing Windows user name matching will prevent users from being able to enter domain information in the user name text box and login will always fail. For more information, see the topics about two-factor authentication in the View Administration document.
- To use Touch ID authentication, you must enable biometric authentication in Connection Server. Biometric authentication is supported in Horizon 6 version 6.2 and later. For more information, see the View Administration document.
- To enable end users to save their passwords with Horizon Client, so that they do not always need to supply credentials when connecting to a Connection Server instance, configure Horizon LDAP for this feature on the Connection Server host.
Users can save their passwords if Horizon LDAP is configured to allow it, if the Horizon Client certificate verification mode is set to Warn before connecting to untrusted servers or Never connect to untrusted servers, and if Horizon Client can fully verify the server certificate that Connection Server presents. For instructions, see the View Administration document.
- Verify that the desktop or application pool is set to use the VMware Blast display protocol or the PCoIP display protocol. For information, see the Setting Up Virtual Desktops in Horizon 7 and Setting Up Published Desktops and Applications in Horizon 7 documents.