Administrators must perform specific tasks so that end users can connect to remote desktops using a Web browser.
Before end users can connect to Connection Server or a security server and access a remote desktop, you must install Connection Server with the HTML Access component and install security servers.
Following is a check list of the tasks you must perform in order to use HTML Access:
- Install Connection Server with the HTML Access option on the server or servers that will compose a Connection Server replicated group.
By default, the HTML Access component is already selected in the installer. For installation instructions, see the View Installation documentation.Note: To check whether the HTML Access component is installed, you can open the Uninstall a Program applet in the Windows operating system and look for View HTML Access in the list.
- If you use security servers, install Security Server.
For installation instructions, see the View Installation documentation.Important: The version of Security Server must match the version of Connection Server.
- Verify that each Connection Server instance or security server has a security certificate that can be fully verified by using the host name that you enter in the browser.
For more information, see the View Installation documentation.
- To use two-factor authentication, such as RSA SecurID or RADIUS authentication, verify that this feature is enabled on Connection Server.
For more information, see the topics about two-factor authentication in the View Administration documentation.Important: If you enable the Hide domain list in client user interface settings and select two-factor authentication (RSA SecureID or RADIUS) for the Connection Server instance, do not enforce Windows user name matching. Enforcing Windows user name matching will prevent users from being able to enter domain information in the user name text box and login will always fail. For more information, see the topics about two-factor authentication in the View Administration document.
- If you use third-party firewalls, configure rules to allow inbound traffic to TCP port 8443 for all security servers and Connection Server hosts in a replicated group, and configure a rule to allow inbound traffic (from View servers) to TCP port 22443 on remote desktops in the datacenter. For more information, see Firewall Rules for HTML Access.
After the servers are installed, if you look in Horizon Administrator, you will see that the Blast Secure Gateway setting is enabled on the applicable Connection Server instances and security servers. Also, the Blast External URL setting is automatically configured to use for the Blast Secure Gateway on the applicable Connection Server instances and security servers. By default, the URL includes the FQDN of the secure tunnel external URL and the default port number, 8443. The URL must contain the FQDN and port number that a client system can use to reach this Connection Server host or security server host. For more information, see "Set the External URLs for a Connection Server Instance," in the View Installation documentation.