Before end users can connect to a server and access a remote desktop or published application, a Horizon administrator must install Connection Server and install security servers, if used.

You can use Unified Access Gateway appliances, rather than security servers, for secure external access. For more information, see the Deploying and Configuring Unified Access Gateway document.

Following is a check list of the tasks that a Horizon administrator must perform to use HTML Access.

  1. Install Connection Server with the Install HTML Access setting selected on the server, or servers, that comprise a Connection Server replicated group. This setting installs the HTML Access component. This setting is selected in the installer by default. For more information, see the Horizon 7 Installation document.

    To verify that the HTML Access component is installed, you can open the Windows Uninstall a Program applet and look for VMware Horizon 7 HTML Access in the list.

  2. If you use security servers, install Security Server. The version of Security Server must match the version of Connection Server. For installation instructions, see the Horizon 7 Installation document.

  3. Verify that each Connection Server instance or security server has a TLS certificate that can be fully verified by using the host name that you enter in the Web browser. For more information, see the Horizon 7 Installation document.

  4. To use two-factor authentication, such as RSA SecurID or RADIUS authentication, verify that this feature is enabled on Connection Server. For more information, see the topics about two-factor authentication in the Horizon 7 Administration document.

    Important:

    If you enable the Hide domain list in client user interface settings and select two-factor authentication (RSA SecureID or RADIUS) for the Connection Server instance, do not enforce Windows user name matching. Enforcing Windows user name matching prevents users from entering domain information in the user name text box and login always fails. For more information, see the topics about two-factor authentication in the Horizon 7 Administration document.

  5. If you use third-party firewalls, configure rules to allow inbound traffic to TCP port 8443 for all security servers and Connection Server hosts in a replicated group, and configure a rule to allow inbound traffic (from servers) to TCP port 22443 on remote desktop virtual machines and RDS hosts in the data center. For more information, see Firewall Rules for Client Web Browser Access.

  6. To provide unauthenticated access to published applications, enable this feature in Connection Server. For more information, see the Horizon 7 Administration document.

After the servers are installed, the Blast Secure Gateway setting is enabled on the applicable Connection Server instances and security servers in Horizon Administrator. Also, the Blast External URL setting is configured to use the Blast Secure Gateway on the applicable Connection Server instances and security servers. By default, the URL includes the FQDN of the secure tunnel external URL and the default port number, 8443. The URL must contain the FQDN and port number that a client system can use to reach the Connection Server host or security server host. For more information, see "Set the External URLs for a Connection Server Instance," in the Horizon 7 Installation document.

Note:

You can use HTML Access with VMware Workspace ONE to allow users to connect to their desktops from an HTML5 browser. For information about installing Workspace ONE and configuring it for use with Connection Server, see the Workspace ONE documentation. For information about pairing Connection Server with a SAML Authentication server, see the Horizon 7 Administration document.