You must set up system and database accounts to administer VMware Horizon components.
| Horizon Component | Required Accounts |
|---|---|
| Horizon Client | Configure user accounts in Active Directory for the users who have access to remote desktops and applications. The user accounts must be members of the Remote Desktop Users group, but the accounts do not require Horizon administrator privileges. |
| vCenter Server | Configure a user account in Active Directory with permission to perform the operations in vCenter Server that are necessary to support VMware Horizon. For information about the required privileges, see the Horizon Installation and Upgrade document. |
| Connection broker | When you install VMware Horizon, you can specify a specific domain user, the local Administrators group, or a specific domain user group as Horizon administrators. We recommend creating a dedicated domain user group of Horizon administrators. The default is the currently logged in domain user. In the Horizon console, you can use to change the list of Horizon administrators. See the Horizon Administration document for information about the privileges that are required. |
| Horizon Component | Required Accounts |
|---|---|
| Event database used by the connection broker | A Microsoft SQL Server, Oracle, or PostgreSQL database stores Horizon event data. You create an administrative account for the database that the Horizon consoler can use to access the event data. |
To reduce the risk of security vulnerabilities, take the following actions:
- Configure VMware Horizon databases on servers that are separate from other database servers that your organization uses.
- Do not allow a single user account to access multiple databases.
- Configure a separate account for access to the event database.
