For Linux desktops, you can configure certain options by adding entries to the /etc/vmware/config file or the /etc/vmware/viewagent-custom.conf file.
During Horizon Agent installation, the installer copies two configuration template files, config.template and viewagent-custom.conf.template, to /etc/vmware. In addition, if /etc/vmware/config and /etc/vmware/viewagent-custom.conf do not exist, the installer copies config.template to config and viewagent-custom.conf.template to viewagent-custom.conf. All the configuration options are listed and documented in the configuration files. To set an option, remove the comment and change the value, as appropriate.
For example, the following line in
/etc/vmware/config enables the build to lossless PNG mode.
RemoteDisplay.buildToPNG=TRUE
After you make configuration changes, reboot Linux to make the changes take effect.
Configuration Options in /etc/vmware/config
The VMware BlastServer and BlastProxy processes, along with their related plug-ins and processes, use the
/etc/vmware/config configuration file.
Note: The following table includes descriptions of each agent-enforced policy setting for USB devices in the
Horizon Agent configuration file.
Horizon Agent uses these settings to decide whether a USB device can be forwarded to the host machine.
Horizon Agent also passes these settings to
Horizon Client for interpretation and enforcement. The enforcement is based on whether you specify the merge (
(m)) modifier to apply the
Horizon Agent filter policy setting in addition to the
Horizon Client filter policy setting, or override the
(o) modifier to use the
Horizon Agent filter policy setting instead of the
Horizon Client filter policy setting.
| Option | Value/Format | Default | Description |
|---|---|---|---|
| appScanner | error, warn, info, or debug | info | Use this option to specify the level of detail reported in the appScanner log file, which records activity related to remote application sessions. Valid values range from the least detailed "error" level to the most detailed "debug" level. The appScanner log is located at /tmp/vmware-root/vmware-appScanner-<pid>.log, where <pid> is the ID of the appScanner process. |
| BlastProxy.log.logLevel | error, warn, info, verbose, debug, or trace | info | Use this option to specify the level of detail reported in the BlastProxy log file. Valid values range from the least detailed "error" level to the most detailed "trace" level. The BlastProxy log is located at /tmp/vmware-root/vmware-BlastProxy-<pid>.log, where <pid> is the ID of the BlastProxy process. |
| BlastProxy.UdpEnabled | true or false | true | Use this option to specify whether BlastProxy forwards UDP requests through secured port 22443 to Horizon Agent. true enables UDP forwarding. false disables UDP forwarding. |
| Clipboard.Direction | 0, 1, 2, or 3 | 2 | Use this option to specify the clipboard redirection policy. Valid values are as follows:
|
| rdeSvc.blockedWindows | List of semicolon-separated paths to application executables | N/A | Use this option to block specific applications from starting as a remote application session. Specify the path to each application executable and use semicolons to separate entries in the list. For example: rdeSvc.blockedWindows=/usr/libexec/gnome-terminal-server; |
| RemoteDisplay.allowAudio | true or false | true | Set this option to enable/disable audio out. |
| RemoteDisplay.allowH264 | true or false | true | Set this option to enable or disable H.264 encoding. |
| RemoteDisplay.buildToPNG | true or false | false | Graphic applications, especially graphic design applications, require pixel-exact rendering of images in the client display of a Linux desktop. You can configure the build to lossless PNG mode for images and video playback that are generated on a Linux desktop and rendered on the client device. This feature uses additional bandwidth between the client and the ESXi host. Enabling this option disables the H.264 encoding. |
| RemoteDisplay.enableNetworkContinuity | true or false | true | Set this option to enable or disable the Network Continuity feature in Horizon Agent for Linux. |
| RemoteDisplay.enableNetworkIntelligence | true or false | true | Set this option to enable or disable the Network Intelligence feature in Horizon Agent for Linux. |
| RemoteDisplay.enableStats | true or false | false | Enables or disables the VMware Blast display protocol statistics in mks log, such as bandwidth, FPS, RTT, and so on. |
| RemoteDisplay.enableUDP | true or false | true | Set this option to enable or disable UDP protocol support in Horizon Agent for Linux. |
| RemoteDisplay.maxBandwidthKbps | An integer | 1000000 | Specifies the maximum bandwidth in kilobits per second (kbps) for a VMware Blast session. The bandwidth includes all imaging, audio, virtual channel, and VMware Blast control traffic. Valid value must be less than 4 Gbps (4096000). |
| RemoteDisplay.minBandwidthKbps | An integer | 256 | Specifies the minimum bandwidth in kilobits per second (kbps) for a VMware Blast session. The bandwidth includes all imaging, audio, virtual channel, and VMware Blast control traffic. |
| RemoteDisplay.maxFPS | An integer | 30 | Specifies the maximum rate of screen updates. Use this setting to manage the average bandwidth that users consume. Valid value must be between 3 and 60. The default is 30 updates per second. |
| RemoteDisplay.maxQualityJPEG | available range of values: 1–100 | 90 | Specifies the image quality of the desktop display for JPEG/PNG encoding. The high-quality settings are for areas of the screen that are more static, resulting in a better image quality. |
| RemoteDisplay.midQualityJPEG | available range of values: 1–100 | 35 | Specifies the image quality of the desktop display for JPEG/PNG encoding. Use to set the medium-quality settings of the desktop display. |
| RemoteDisplay.minQualityJPEG | available range of values: 1–100 | 25 | Specifies the image quality of the desktop display for JPEG/PNG encoding. The low-quality settings are for areas of the screen that change often, for example, when scrolling occurs. |
| RemoteDisplay.qpmaxH264 | available range of values: 0–51 | 36 | Use this option to set the H264minQP quantization parameter, which specifies the best image quality for the remote display configured to use H.264 encoding. Set the value to greater than the value set for RemoteDisplay.qpminH264. |
| RemoteDisplay.qpminH264 | available range of values: 0–51 | 10 | Use this option to set the H264maxQP quantization parameter, which specifies the lowest image quality for the remote display configured to use H.264 encoding. Set the value to less than the value set for RemoteDisplay.qpmaxH264. |
| UsbRedirPlugin.log.logLevel | error, warn, info, debug, trace, or verbose | info | Use this option to set the log level for the USB Redirection plugin. |
| UsbRedirServer.log.logLevel | error, warn, info, debug, trace, or verbose | info | Use this option to set the log level for the USB Redirection server. |
| VMWPkcs11Plugin.log.enable | true or false | false | Set this option to enable or disable the logging mode for the True SSO feature. |
| VMWPkcs11Plugin.log.logLevel | error, warn, info, debug, trace, or verbose | info | Use this option to set the log level for the True SSO feature. |
| VVC.RTAV.Enable | true or false | true | Set this option to enable/disable audio input. |
| VVC.ScRedir.Enable | true or false | true | Set this option to enable/disable smart card redirection. |
| VVC.logLevel | fatal error, warn, info, debug, or trace | info | Use this option to set the log level of the VVC proxy node. |
| cdrserver.cacheEnable | true or false | true | Set this option to enable or disable the write caching feature from the agent towards the client side. |
| cdrserver.customizedSharedFolderPath | folder_path | /home/ | Use this option to change the client drive redirection shared folder location from the default /home/user/tsclient directory to a custom directory. For example, if the user test wants to place the client drive redirection shared folder at /mnt/test/tsclient instead of /home/test/tsclient, the user can specify cdrserver.customizedSharedFolderPath=/mnt/.
Note: For this option to take effect, the specified folder must exist and be configured with the correct user permissions.
|
| cdrserver.forcedByAdmin | true or false | false | Set this option to control whether the client can share additional folders that are not specified with the cdrserver.shareFolders option. |
| cdrserver.logLevel | error, warn, info, debug, trace, or verbose | info | Use this option to set the log level for the vmware-CDRserver.log file. |
| cdrserver.permissions | R | RW | Use this option to apply additional read/write permissions that Horizon Agent has on the folders shared by Horizon Client. For example:
Typical uses are as follows:
|
| cdrserver.sharedFolders | file_path1,R;file-path2,; file_path3,R; ... | undefined | Specify one or more file paths to the folders that the client can share with the Linux desktop. For example:
|
| collaboration.logLevel | error, info, or debug | info | Use this option to set the log level used for the collaboration session. If the log level is debug, all calls made to collabui functions and the contents of the collabor list are logged. |
| collaboration.maxCollabors | An integer less than or equal to 20 | 5 | Specifies the maximum number of collaborators that you can invite to join a session. |
| collaboration.enableEmail | true or false | true | Set this option to enable or disable sending of collaboration invitations by using an installed email application. When this option is disabled, you cannot use email to invite collaborators, even if an email application is installed. |
| collaboration.serverUrl | [URL] | undefined | Specifies the server URLs to include in the collaboration invitations. |
| collaboration.enableControlPassing | true or false | true | Set this option to permit or restrict collaborators from having control of the Linux desktop. To specify a read-only collaboration session, set this option to false. |
| mksVNCServer.useUInputButtonMapping | true or false | false | Set this option to enable the support of a left-handed mouse on Ubuntu or RHEL 7.x. You do not need to set this option on CentOS, which provides native support for a left-handed mouse. |
| mksvhan.clipboardSize | An integer | 1024 | Use this option to specify the clipboard maximum size to copy and paste. |
| vdpservice.log.logLevel | fatal error, warn, info, debug, or trace | info | Use this option to set the log level of the vdpservice. |
| viewusb.AllowAudioIn | {m|o}:{true|false} | undefined, which equates to true | Use this option to allow or disallow audio input devices to be redirected. Example: o:false |
| viewusb.AllowAudioOut | {m|o}:{true|false} | undefined, which equates to false | Set this option to allow or disallow redirection of audio output devices. |
| viewusb.AllowAutoDeviceSplitting | {m|o}:{true|false} | undefined, which equates to false | Set this option to allow or disallow the automatic splitting of composite USB devices. Example: m:true |
| viewusb.AllowDevDescFailsafe | {m|o}:{true|false} | undefined, which equates to false | Set this option to allow or disallow devices to be redirected even if Horizon Client fails to get the configuration or device descriptors. To allow a device even if it fails to get the configuration or device descriptors, include it in the Include filters, such as IncludeVidPid or IncludePath. |
| viewusb.AllowHIDBootable | {m|o}:{true|false} | undefined, which equates to true | Use this option to allow or disallow the redirection of input devices other than keyboards or mice that are available at boot time, also known as HID-bootable devices. |
| viewusb.AllowKeyboardMouse | {m|o}:{true|false} | undefined, which equates to false | Use this option to allow or disallow the redirection of keyboards with integrated pointing devices (such as a mouse, trackball, or touch pad). |
| viewusb.AllowSmartcard | {m|o}:{true|false} | undefined, which equates to false | Set this option to allow or disallow smart card devices to be redirected. |
| viewusb.AllowVideo | {m|o}:{true|false} | undefined, which equates to true | Use this option to allow or disallow video devices to be redirected. |
| viewusb.DisableRemoteConfig | {m|o}:{true|false} | undefined, which equates to false | Set this option to disable or enable the use of Horizon Agent settings when performing USB device filtering. |
| viewusb.ExcludeAllDevices | {true|false} | undefined, which equates to false | Use this option to exclude or include all USB devices from being redirected. If set to true, you can use other policy settings to allow specific devices or families of devices to be redirected. If set to false, you can use other policy settings to prevent specific devices or families of devices from being redirected. If you set the value of ExcludeAllDevices to true on Horizon Agent, and this setting is passed to Horizon Client, the Horizon Agent setting overrides the Horizon Client setting. |
| viewusb.ExcludeFamily | {m|o}:family_name_1[;family_name_2;...] | undefined | Use this option to exclude families of devices from being redirected. For example: m:bluetooth;smart-card
If you have enabled automatic device splitting, Horizon examines the device family of each interface of a composite USB device to decide which interfaces must be excluded. If you have disabled automatic device splitting, Horizon examines the device family of the whole composite USB device.
Note: Mice and keyboards are excluded from redirection by default and do not need to be excluded with this setting.
|
| viewusb.ExcludePath | {m|o}:bus-x1[/y1].../ port-z1[;bus-x2[/y2].../port-z2;...] | undefined | Use this option to exclude devices at specified hub or port paths from being redirected. You must specify bus and port numbers in hexadecimal. You cannot use the wild card character in paths. For example:m:bus-1/2/3_port- 02;bus-1/1/1/4_port-ff |
| viewusb.ExcludeVidPid | {m|o}:vid-xxx1_ pid-yyy1[;vid-xxx2_pid-yyy2;..] | undefined | Set this option to exclude devices with specified vendor and product IDs from being redirected. You must specify ID numbers in hexadecimal. You can use the wild card character (*) in place of individual digits in an ID. For example: o:vid-0781_pid- ****;vid-0561_pid-554c |
| viewusb.IncludeFamily | {m|o}:family_name_1[;family_name_2]... | undefined | Set this option to include families of devices that can be redirected. For example: o:storage; smart-card |
| viewusb.IncludePath | {m|o}:bus-x1[/y1].../ port-z1[;bus-x2[/y2].../portz2;...] | undefined | Use this option to include devices at specified hub or port paths that can be redirected. You must specify bus and port numbers in hexadecimal. You cannot use the wild card character in paths. For example: m:bus-1/2_port- 02;bus-1/7/1/4_port-0f |
| viewusb.IncludeVidPid | {m|o}:vid-xxx1_ pid-yyy1[;vid-xxx2_pid-yyy2;...] | undefined | Set this option to include devices with specified Vendor and Product IDs that can be redirected. You must specify ID numbers in hexadecimal. You can use the wild card character (*) in place of individual digits in an ID. For example: o:vid-***_pid-0001;vid-0561_pid-554c |
| viewusb.SplitExcludeVidPid | {m|o}:vid-xxx1_pid-yyy1[;vid-xxx2_pid-yyy2;...] | undefined | Use this option to exclude or include a specified composite USB device from splitting by Vendor and Product IDs . The format of the setting is vid-xxx1_pid-yyy1[;vid-xxx2_pid-yyy2;...]. You must specify ID numbers in hexadecimal. You can use the wild card character (*) in place of individual digits in an ID. Example: m:vid-0f0f_pid-55** |
| viewusb.SplitVidPid | {m|o}: vid-xxxx_pid-yyyy([exintf:zz[;exintf:ww]])[;...] | undefined | Set this option to treat the components of a composite USB device specified by Vendor and Product IDs as separate devices. The format of the setting is vid-xxxx_pid-yyyy(exintf:zz[;exintf:ww]). You can use the exintf keyword to exclude components from redirection by specifying their interface number. You must specify ID numbers in hexadecimal, and interface numbers in decimal including any leading zero. You can use the wild card character (*) in place of individual digits in an ID. Example: o:vid-0f0f_pid-***(exintf-01);vid-0781_pid-554c(exintf:01;exintf:02)
Note: VMware Horizon does not include the components that you have not explicitly excluded automatically. You must specify a filter policy such as
Include VidPid Device to include those components.
|
Configuration Options in /etc/vmware/viewagent-custom.conf
Java Standalone Agent uses the configuration file /etc/vmware/viewagent-custom.conf.
| Option | Value | Default | Description |
|---|---|---|---|
| CDREnable | true or false | true | Use this option to enable or disable the client drive redirection feature. |
| CollaborationEnable | true or false | true | Use this option to enable or disable the Session Collaboration feature on Linux desktops. |
| EndpointVPNEnable | true or false | false | Set this option to specify if the client's physical network card IP address or the VPN IP address is to be used when evaluating the endpoint IP address against the range of endpoint IP addresses used in the Dynamic Environment Manager Console. If the option is set to false, the client's physical network card IP address is used. Otherwise, the VPN IP address is used. |
| HelpDeskEnable | true or false | true | Set this option to enable or disable the Help Desk Tool feature. |
| KeyboardLayoutSync | true or false | true | Use this option to specify whether to synchronize a client's system locale list and current keyboard layout with Horizon Agent for Linux desktops. When this setting is enabled or not configured, synchronization is allowed. When this setting is disabled, synchronization is not allowed. This feature is supported only for Horizon Client for Windows, and only for the English, French, German, Japanese, Korean, Spanish, Simplified Chinese, and Traditional Chinese locales. |
| LogCnt | An integer | -1 | Use this option to set the reserved log file count in /tmp/vmware-root.
|
| MaxSessionsBuffer | An integer between 1 and the value specified for Max Sessions Per RDS Host in the farm configuration wizard. See Create an Automated Instant-Clone Farm of Linux Hosts. | 5 | When configuring farms and multi-session desktop pools, use this option to specify the number of pre-launche desktops per host machine. |
| NetbiosDomain | A text string, in all caps | When configuring True SSO, use this option to set the NetBIOS name of your organization's domain. | |
| OfflineJoinDomain | pbis or samba | pbis | Use this option to set the instant-clone offline domain join. The available methods to perform an offline domain join are the PowerBroker Identity Services Open (PBISO) authentication and the Samba offline domain join. If this property has a value other than pbis or samba, the offline domain join is ignored. |
| RunOnceScript | Use this option to rejoin the cloned virtual machine to Active Directory. Set the RunOnceScript option after the host name has changed. The specified script is run only once after the first host name change. The script is run with the root permission when the agent service starts and the host name has been changed since the agent installation. For example, for the winbind solution, you must join the base virtual machine to Active Directory with winbind, and set this option to a script path. The script must contain the domain rejoin command /usr/bin/net ads join -U <ADUserName>%<ADUserPassword>. After VM Clone, the operating system customization changes the host name. When the agent service starts, the script is run to join the cloned virtual machine to Active Directory. |
||
| RunOnceScriptTimeout | 120 | Use this option to set the timeout time in seconds for the RunOnceScript option. For example, set |
|
| SSLCiphers | A text string | !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES | Use this option to specify the list of ciphers. You must use the format that is defined by the OpenSSL standard. To find information about the OpenSSL-defined format, type these keywords into an Internet search engine: openssl cipher string. |
| SSLProtocols | A text string | TLSv1_1:TLSv1_2 | Use this option to specify the security protocols. The supported protocols are TLSv1.1 and TLSv1.2. |
| SSODesktopType | UseGnomeClassic or UseGnomeFlashback or UseGnomeUbuntu or UseMATE or UseKdePlasma | N/A | This option specifies the desktop environment to use, instead of the default desktop environment, when SSO is enabled. You must first ensure that the selected desktop environment is installed on your desktop before specifying to use it. After this option is set in an Ubuntu 16.04/18.04 desktop, the option takes effect regardless if the SSO feature is enabled or not. If this option is specified in a RHEL/CentOS 7.x desktop, the selected desktop environment is used only if SSO is enabled.
Note: This option is not supported on RHEL/CentOS 8.x desktops. VMware Horizon supports only the Gnome desktop environment on RHEL/CentOS 8.x desktops.
|
| SSOEnable | true or false | true | Set this option to enable/disable single sign-on (SSO). |
| SSOUserFormat | A text string | [username] | Use this option to specify the format of the login name for single sign-on. The default is the user name only. Set this option if the domain name is also required. Typically, the login name is the domain name plus a special character followed by the user name. If the special character is the backslash, you must escape it with another backslash. Examples of login name formats are as follows:
|
| Subnet | A value in CIDR IP address format | [subnet] | Set this option to a subnet which other machines can use to connect to Horizon Agent for Linux. If there is more than one local IP address with different subnets, the local IP address in the configured subnet is used to connect to Horizon Agent for Linux. You must specify the value in the CIDR IP address format. For example, Subnet=123.456.7.8/24. |
| UEMEnable | true or false | false | Set this option to enable or disable Dynamic Environment Manager smart policies. If the option is set to enable, and the condition in the Dynamic Environment Manager smart policy is met, then the policies are enforced. |
| UEMNetworkPath | A text string | This option must be set to the same network path that is set in Dynamic Environment Manager Console. The path must be in the format similar to //10.111.22.333/view/LinuxAgent/UEMConfig. |
Note: The VMwareBlastServer process uses the SSLCiphers, SSLProtocols, and SSLCipherServerPreference security options. When starting the VMwareBlastServer process, the Java Standalone Agent passes these options as parameters. When Blast Secure Gateway (BSG) is enabled, these options affect the connection between BSG and the Linux desktop. When BSG is disabled, these options affect the connection between the client and the Linux desktop.
