For Linux desktops, you can configure certain options by modifying entries in the /etc/vmware/config file, /etc/vmware/viewagent-custom.conf file, and /etc/vmware/viewagent-greeter.conf file.

During Horizon Agent installation, the installer copies the following configuration template files to /etc/vmware:

  • config.template
  • viewagent-custom.conf.template
  • viewagent-greeter.conf.template

In addition, if /etc/vmware/config, /etc/vmware/viewagent-custom.conf, and /etc/vmware/viewagent-greeter.conf do not exist, the installer performs the following actions:

  • Copies config.template to config
  • Copies viewagent-custom.conf.template to viewagent-custom.conf
  • Copies viewagent-greeter.conf.template to /etc/vmware/viewagent-greeter.conf

The configuration files list and document all the Horizon Agent for Linux configuration options. To set an option, remove the comment and change the value, as appropriate.

For example, the following line in /etc/vmware/config enables the build to lossless PNG mode.
RemoteDisplay.buildToPNG=TRUE

After you make configuration changes, reboot Linux to make the changes take effect.

Configuration Options in /etc/vmware/config

The VMware BlastServer and BlastProxy processes, along with their related plug-ins and processes, use the /etc/vmware/config configuration file.
Note: The following table includes descriptions of each agent-enforced policy setting for USB devices in the Horizon Agent configuration file. Horizon Agent uses these settings Horizon Agent also passes these settings to Horizon Client for interpretation and enforcement. The enforcement depends on whether you specify the merge ( (m)) modifier to apply the Horizon Agent filter policy setting in addition to the Horizon Client filter policy setting, or override the (o) modifier to use the Horizon Agent filter policy setting instead of the Horizon Client filter policy setting.
Table 1. Configuration Options in /etc/vmware/config
Value/Format Default Description
appScanner.logLevel error, warn, info, or debug info

Use this option to specify the level of detail reported in the appScanner log file, which records activity related to remote application sessions. Valid values range from the least detailed "error" level to the most detailed "debug" level.

You can find the appScanner log at /tmp/vmware-root/vmware-appScanner-<pid>.log, where <pid> is the ID of the appScanner process.

Option error, warn, info, verbose, debug, or trace info

Use this option to specify the level of detail reported in the BlastProxy log file. Valid values range from the least detailed "error" level to the most detailed "trace" level.

You can find the BlastProxy log at /tmp/vmware-root/vmware-BlastProxy-<pid>.log, where <pid> is the ID of the BlastProxy process.

BlastProxy.UdpEnabled true or false true Use this option to specify whether BlastProxy forwards UDP requests through secured port 22443 to Horizon Agent. true enables UDP forwarding. false deactivates UDP forwarding.
cdrserver.cacheEnable true or false true Set this option to enable or deactivate the write caching feature from the agent towards the client side.
cdrserver.customizedSharedFolderPath folder_path /home/ Use this option to change the client drive redirection shared folder location from the default /home/user/tsclient directory to a custom directory.

For example, if the user test wants to place the client drive redirection shared folder at /mnt/test/tsclient instead of /home/test/tsclient, the user can specify cdrserver.customizedSharedFolderPath=/mnt/.

Note: For this option to take effect, the specified folder must exist and be configured with the correct user permissions.
cdrserver.forcedByAdmin true or false false Set this option to control whether the client can share folders that you have not specified with the cdrserver.shareFolders option.
cdrserver.logLevel error, warn, info, debug, trace, or verbose info Use this option to set the log level for the vmware-CDRserver.log file.
cdrserver.permissions R RW Use this option to apply read/write permissions that Horizon Agent has on the folders shared by Horizon Client. For example:
  • If the folder shared by Horizon Client has read and write permissions and you set cdrserver.permissions=R, then Horizon Agent has only read access permissions.
  • If the folder shared by Horizon Client has only read permissions and you set cdrserver.permissions=RW, Horizon Agent still has only read access rights. Horizon Agent cannot change the read only attribute set by Horizon Client. Horizon Agent can only remove the write access rights.
Typical uses are as follows:
  • cdrserver.permissions=R
  • #cdrserver.permissions=R (for example, comment it out or delete the entry)
cdrserver.sharedFolders file_path1,R;file-path2,; file_path3,R; ... undefined Specify one or more file paths to the folders that the client can share with the Linux desktop. For example:
  • For a Windows client: C:\spreadsheets,;D:\ebooks,R
  • For a non-Windows client: /tmp/spreadsheets;/tmp/ebooks,;/home/finance,R
Clipboard.Direction 0, 1, 2, or 3 2 Use this option to specify the clipboard redirection policy. Valid values are as follows:
  • 0 - Deactivate clipboard redirection.
  • 1 - Enable clipboard redirection in both directions.
  • 2 - Enable clipboard redirection from the client to the remote desktop only.
  • 3 - Enable clipboard redirection from the remote desktop to the client only.
collaboration.enableControlPassing true or false true Set this option to permit or restrict collaborators from having control of the Linux desktop. To specify a read-only collaboration session, set this option to false.
collaboration.enableEmail true or false true Set this option to enable or deactivate sending of collaboration invitations by using an installed email application. When this option is deactivated, you cannot use email to invite collaborators, even if you have installed an email application.
collaboration.logLevel error, info, or debug info Use this option to set the log level used for the collaboration session. If the log level is debug, all calls made to collabui functions and the contents of the collabor list are logged.
collaboration.maxCollabors An integer less than or equal to 20 5 Specifies the maximum number of collaborators that you can invite to join a session.
collaboration.serverUrl [URL] undefined Specifies the server URLs to include in the collaboration invitations.
Desktop.displayNumberMax An integer 159

Specifies the upper limit of the range of X Window System display numbers to allocate to user sessions. This feature is not supported on SLED/SLES desktops.

To restrict the allocation to a single display number, set Desktop.displayNumberMax and Desktop.displayNumberMin to the same value.

Note: If you specify a range that includes any of the display numbers 0 through 9, a conflict might occur with X server. Use the workaround described in VMware Knowledge Base (KB) article 81704.
Desktop.displayNumberMin An integer 100

Specifies the lower limit of the range of X Window System display numbers to allocate to user sessions. This feature is not supported on SLED/SLES desktops.

To restrict the allocation to a single display number, set Desktop.displayNumberMax and Desktop.displayNumberMin to the same value.

Note: If you specify a range that includes any of the display numbers 0 through 9, a conflict might occur with X server. Use the workaround described in VMware Knowledge Base (KB) article 81704.
mksVNCServer.useUInputButtonMapping true or false false Set this option to enable the support of a left-handed mouse on Ubuntu or RHEL 7.x. You do not need to set this option on CentOS, which provides native support for a left-handed mouse.
mksvhan.clipboardSize An integer 1024 Use this option to specify the clipboard maximum size to copy and paste.
pcscd.maxReaderContext An integer Uses the value defined by the PC/SC Smart Card Daemon (pcscd) Specifies the maximum number of reader contexts, or slots, allowed for smart card redirection. Use this option to ensure that the maximum number of reader contexts matches the value specified by your custom PC/SC Lite library.
pcscd.readBody true or false Uses the value defined by the PC/SC Smart Card Daemon (pcscd)

Specifies whether or not to read the body of wait_reader_state_change in the CMD_WAIT_READER_STATE_CHANGE or CMD_STOP_WAITING_READER_STATE_CHANGE PC/SC Lite message handler.

Specify true to read the message body. Specify false to skip reading the message body.

Use this option to ensure that the message reading setting of the smart card redirection feature matches the setting specified by your custom PC/SC Lite library. This option only takes effect when the pcscd.maxReaderContext is configured.

printSvc.customizedPpd printer_name_1=ppd_path_1;printer_name_2=ppd_path_2... undefined

Use this option to specify the file paths to custom PPD files for printers redirected through VMware Integrated Printing. You must define the custom PPD file path for every printer that does not use a Native Printer Driver (NPD) or Universal Printer Driver (UPD).

Enter the printer name as defined on the client system and enter the absolute file path to the custom PPD file on the agent machine. Use semicolons between entries in the list.

printSvc.defaultPrintOptions

List of space-separated print settings:

ColorMode= Color or Mono

Duplex= None, DuplexTumble, or DuplexNoTumble

PageSize= string representing the media size

number-up= an integer

number-up-layout= None, lrtb, lrbt, rltb, rlbt, tblr, tbrl, btlr, or btrl

OutputOrder= Normal or Reverse

page-set= all, even, or odd

noCollate or Collate

ColorMode=Color

Duplex=None

PageSize=A4

number-up=1

number-up-layout=None

OutputOrder=Normal

page-set=all

noCollate

Use this option to specify the default print settings used to print output through VMware Integrated Printing if the source application cannot detect print settings. Enter the case-sensitive values and use spaces between entries in the list.

Note: This option is supported only when printing from Horizon Client for Windows, Horizon Client for Linux, or Horizon Client for Mac.
  • ColorMode specifies whether to print in color or grayscale (Mono).
  • Duplex specifies whether to print on one side of the sheet only (None), both sides with short-edge flip (DuplexTumble), or both sides with long-edge flip (DuplexNoTumble.
  • PageSize specifies the page dimensions of the paper sheet. For the allowed values, refer to the registered mediaOption keywords listed in the Adobe PostScript Printer Description File Format Specification.
  • number-up specifies the number of pages to arrange on a sheet in an imposition layout.
  • number-up-layout specifies the arrangement to use in the imposition layout. For example, if number-up=4 and number-up-layout=lrtb, page 1 is placed at the top left, page 2 at the top right, page 3 at the bottom left, and page 4 at the bottom right corner of the sheet.
  • OutputOrder specifies whether to print starting from the first page and ending with the last page (Normal) or starting from the last page and ending with the first page (Reverse).
  • page-set specifies whether to print all pages, only the even-numbered pages, or only the odd-numbered pages.
  • noCollate/Collate specifies whether or not to collate pages in a multiple-copy print job.
printSvc.enable true or false true

Enables or deactivates the VMware Integrated Printing feature, which includes client printer redirection.

Note: To enable VMware Integrated Printing, you must set both of these configuration options to true:
  • printSvc.enable in /etc/vmware/config
  • PrintRedirEnable in /etc/vmware/viewagent-custom.conf

If you set either one of these options to false, even with the other option set to true, VMware Integrated Printing is deactivated.

printSvc.logLevel error, warn, info, or debug info Sets the log level for the VMware Integrated Printing event log.
printSvc.paperListFile File path to a configuration file containing the list of available paper sizes for printing undefined

Use this option to define the list of paper sizes that can be used for printing output through VMware Integrated Printing. When you specify the path to a properly formatted configuration file, only those paper sizes listed in the configuration file are available as options when printing.

Note: This option is supported only when printing from Horizon Client for Windows. This option applies globally to all redirected printers on a Windows client system.

You must follow these formatting rules when creating the configuration file.

  • Each line in the configuration file corresponds to a specific paper size definition and must follow this format: keyword, name, widthMm*10, heightMm*10, widthPts, heightPts
  • keyword: Enter a unique string that identifies the paper size. The keyword has a maximum length of 40 characters and can contain only printable ASCII characters within the range of decimal 33 to decimal 126, inclusive. For guidelines on industry-standard keyword strings, see the registered mediaOption keywords listed in the Adobe PostScript Printer Description File Format Specification.
  • name: Specify the display name of the paper size as you want it to appear in the application print settings.
  • widthMm*10: Enter the width of the paper in millimeters, multiplied by 10.
  • heightMm*10: Enter the height of the paper in millimeters, multiplied by 10.
  • widthPts: Enter the width of the paper in points.
  • heightPts: Enter the height of the paper in points.

Refer to the following example of a properly formatted configuration file:

Letter, Letter, 2159, 2794, 612, 792
A3, A3, 2970, 4200, 842, 1191
A4, A4, 2100, 2970, 595, 842
printSvc.printerFilter Logical combination of one or more search queries undefined

Use this option to define a filter that specifies the client printers to exclude from VMware Integrated Printing redirection. Printers specified in the filter are not redirected and do not appear as available printers on the Linux desktop.

Follow these guidelines when defining the printer filter.

  • You can construct search queries based on the printer name (PrinterName), driver name (DriverName), or driver vendor name (DriverVendorName).
  • Regular expressions and wildcards are supported.
    • To specify a range of characters, use square brackets [ ], for example, [a-z].
    • To specify wildcards, use .* or .?
  • The following logical operators are supported:
    • =
    • AND
    • OR
    • NOT and !=
  • Enclose individual match expressions within single quotation marks.
  • Enclose the entire search query within double quotation marks.
For example, the following filter excludes all printers whose printer name includes the string 'Port' or 'DFCreator' preceded by wildcard characters, and whose driver name includes the string 'Acme'.
printSvc.printerFilter="(PrinterName='Port' OR  PrinterName='.?DFCreator') AND DriverName='Acme'"
printSvc.usePdfFilter true or false true Updates or does not update the PPD files of redirected printers to use PDF as the print format.
Note: This option is supported only when printing from Horizon Client for Linux or Horizon Client for Mac. This option applies globally to all redirected printers on a Linux or Mac client system.
rdeSvc.allowDisplayScaling true or false false Set this option to enable or deactivate display scaling, which changes the size of text, icons, and navigation elements.
rdeSvc.blockedWindows List of semicolon-separated paths to application executables N/A

Use this option to block specific applications from starting as a remote application session.

Specify the path to each application executable and use semicolons to separate entries in the list. For example: rdeSvc.blockedWindows=/usr/libexec/gnome-terminal-server;

rdeSvc.enableOptimizedResize true or false true Set this option to enable or deactivate optimized window resizing for published application sessions in Horizon Client for Windows. When this option is enabled, Windows client users can resize published application windows without encountering screen artifacts.
rdeSvc.enableWatermark true or false false Enables or deactivates the digital watermark feature. For information about the feature, see Features of Linux Desktops in Horizon 8.
rdeSvc.watermark.fit

0: Tile

1: Center

2: Multiple

0 Defines the layout of the digital watermark on the screen, which is divided into nine squares:
  • 0 = Tile: Watermark appears in all nine squares. Application sessions always use this layout.
  • 1 = Center: Watermark appears in the center square.
  • 2 = Multiple: Watermark appears in the center and four corner squares. If the watermark size exceeds the square size, it is scaled to maintain the aspect ratio.
rdeSvc.watermark.font

serif

sans-serif

cursive

fantasy

monospace

serif Defines the font used for the digital watermark.
rdeSvc.watermark.fontSize An integer within the range of values: 8–72 12 Defines the font size (in points) of the digital watermark.
rdeSvc.watermark.margin An integer within the range of values: 0–1024 50 Defines the amount of space (in pixels) around the digital watermark for the Tile layout. As the watermark scales, the margin also scales proportionally.
rdeSvc.watermark.opacity An integer within the range of values: 0–255 50 Defines the transparency level of the digital watermark text.
rdeSvc.watermark.rotation An integer within the range of values: 0–360 45 Defines the display angle of the digital watermark text.
rdeSvc.watermark.template String constructed using any of the available information variables:

$BROKER_USER_NAME

$BROKER_DOMAIN_NAME

$USER_NAME

$USER_DOMAIN

$MACHINE_NAME

$REMOTE_CLIENT_IP

$CLIENT_CONNECT_TIME

$USER_DOMAIN\

$USER_NAME\n

$MACHINE_NAME

On

$CLIENT_CONNECT_TIME

\n$REMOTE_CLIENT_IP

Defines the text that you want to display for the digital watermark. Construct the watermark using any combination and order of the information variables. The character limit is 1024 characters and 4096 characters after expansion. The text is truncated if it exceeds the maximum length.
RemoteDisplay.allowAudio true or false true Set this option to enable or deactivate audio out.
RemoteDisplay.allowH264 true or false true Set this option to enable or deactivate H.264 encoding.
RemoteDisplay.allowH264YUV444 true or false true Set this option to enable or deactivate H.264 YUV 4:4:4 encoding with High Color Accuracy if the client supports it.
RemoteDisplay.allowHEVC true or false true Set this option to enable or deactivate High Efficiency Video Coding (HEVC).
RemoteDisplay.allowHEVCYUV444 true or false true Set this option to enable or deactivate HEVC YUV 4:4:4 with High Color Accuracy if the client supports it.
RemoteDisplay.allowVMWKeyEvent2Unicode true or false true

Set this option to allow or not allow Horizon Agent to process Unicode events representing keyboard input from clients.

When this option is enabled, client systems send Unicode values representing keyboard input to the remote desktop. Since Linux does not support Unicode input natively, Horizon Agent first converts the Unicode values to KeyCodes and then sends the KeyCodes to the operating system to display the appropriate Unicode characters.

When this option is deactivated, Horizon Agent does not handle any Unicode events sent from clients.

RemoteDisplay.buildToPNG true or false false Graphic applications, especially graphic design applications, require pixel-exact rendering of images in the client display of a Linux desktop. You can configure the build to lossless PNG mode for images and video playback that are generated on a Linux desktop and rendered on the client device. This feature uses additional bandwidth between the client and the ESXi host. Enabling this option deactivates the H.264 encoding.
RemoteDisplay.enableNetworkContinuity true or false true Set this option to enable or deactivate the Network Continuity feature in Horizon Agent for Linux.
RemoteDisplay.enableNetworkIntelligence true or false true Set this option to enable or deactivate the Network Intelligence feature in Horizon Agent for Linux.
RemoteDisplay.enableStats true or false false Enables or deactivates the VMware Blast display protocol statistics in mks log, such as bandwidth, FPS, RTT, and so on.
RemoteDisplay.enableUDP true or false true Set this option to enable or deactivate UDP protocol support in Horizon Agent for Linux.
RemoteDisplay.maxBandwidthBurstMsec An integer 1000

Specifies the bandwidth bursting interval for data sent to clients. This option configures the interval of time, in milliseconds, during which the network bandwidth can temporarily exceed the bandwidth cap set by RemoteDisplay.maxBandwidthKbps.

For example, if RemoteDisplay.maxBandwidthKbps = 4000 and RemoteDisplay.maxBandwidthBurstMsec = 1000, then during a one-second interval the output must not exceed 4 Kbits. However, these 4 Kbits of data can be output as a concentrated burst at the start of the one-second interval or distributed throughout the one-second interval, as needed.

RemoteDisplay.maxBandwidthKbps An integer 1000000

Specifies the maximum bandwidth in kilobits per second (Kbps) for a VMware Blast session. The bandwidth includes all imaging, audio, virtual channel, and VMware Blast control traffic. Valid value must be less than 4 Gbps (4096000).

Note: The maximum bandwidth actually allowed is the lesser of the following values:
  • The maximum bandwidth configured explicitly in RemoteDisplay.maxBandwidthKbps
  • The maximum bandwidth cap calculated from RemoteDisplay.maxBandwidthKbpsPerMegaPixelOffset and RemoteDisplay.maxBandwidthKbpsPerMegaPixelSlope
RemoteDisplay.maxBandwidthKbpsPerMegaPixelOffset An integer 0

Specifies the offset and slope values used to determine the maximum bandwidth cap, in kilobits per second (Kbps), for a VMware Blast session, based on the total screen area available for the session. This maximum bandwidth cap is calculated from the equation

MaxBandwidthCap = Offset + (Slope * ScreenArea)

where

  • Offset is the value, in Kbps, defined by RemoteDisplay.maxBandwidthKbpsPerMegaPixelOffset
  • Slope is the value, in Kbps per megapixel, defined by RemoteDisplay.maxBandwidthKbpsPerMegaPixelSlope
  • ScreenArea is the total available screen area, in megapixels, of the monitors used to display the Blast session. This megapixel screen area is detected automatically during the session.
Note: The maximum bandwidth actually allowed is the lesser of the following values:
  • The maximum bandwidth configured explicitly in RemoteDisplay.maxBandwidthKbps
  • The maximum bandwidth cap calculated from RemoteDisplay.maxBandwidthKbpsPerMegaPixelOffset and RemoteDisplay.maxBandwidthKbpsPerMegaPixelSlope
RemoteDisplay.maxBandwidthKbpsPerMegaPixelSlope An integer from 100 through 100000 6200
RemoteDisplay.minBandwidthKbps An integer 256 Specifies the minimum bandwidth in kilobits per second (Kbps) for a VMware Blast session. The bandwidth includes all imaging, audio, virtual channel, and VMware Blast control traffic.
RemoteDisplay.maxFPS An integer 30 Specifies the maximum rate of screen updates. Use this setting to manage the average bandwidth that users consume. Valid value must be from 3 through 60. The default is 30 updates per second.
RemoteDisplay.maxQualityJPEG available range of values: 1–100 90 Specifies the image quality of the desktop display for JPEG/PNG encoding. The high-quality settings are for areas of the screen that are more static, resulting in a better image quality.
RemoteDisplay.midQualityJPEG available range of values: 1–100 35 Specifies the image quality of the desktop display for JPEG/PNG encoding. Use to set the medium-quality settings of the desktop display.
RemoteDisplay.minQualityJPEG available range of values: 1–100 25 Specifies the image quality of the desktop display for JPEG/PNG encoding. The low-quality settings are for areas of the screen that change often, for example, when scrolling occurs.
RemoteDisplay.qpmaxH264 available range of values: 0–51 36 Use this option to set the H264minQP quantization parameter, which specifies the best image quality for the remote display configured to use H.264 or HEVC encoding. Set the value to greater than the value set for RemoteDisplay.qpminH264.
RemoteDisplay.qpminH264 available range of values: 0–51 10 Use this option to set the H264maxQP quantization parameter, which specifies the lowest image quality for the remote display configured to use H.264 or HEVC encoding. Set the value to less than the value set for RemoteDisplay.qpmaxH264.
RemoteDisplay.updateCacheSizeKB An integer 256000 Use this option to set the maximum size, in kilobytes, of the encoder image cache.
  • The final size of the cache is the lesser of the value set here and the associated configuration of the client.
  • The final size of the cache cannot exceed half of the available RAM on the machine running Horizon Agent for Linux.
UsbRedirPlugin.log.logLevel error, warn, info, debug, trace, or verbose info Use this option to set the log level for the USB Redirection plug-in.
UsbRedirServer.log.logLevel error, warn, info, debug, trace, or verbose info Use this option to set the log level for the USB Redirection server.
vdpservice.log.logLevel fatal error, warn, info, debug, or trace info Use this option to set the log level of the vdpservice.
viewusb.AllowAudioIn {m|o}:{true|false} undefined, which equates to true Use this option to allow or disallow audio input devices to be redirected. Example: o:false
viewusb.AllowAudioOut {m|o}:{true|false} undefined, which equates to false Set this option to allow or disallow redirection of audio output devices.
viewusb.AllowAutoDeviceSplitting {m|o}:{true|false} undefined, which equates to false Set this option to allow or disallow the automatic splitting of composite USB devices.

Example: m:true

viewusb.AllowDevDescFailsafe {m|o}:{true|false} undefined, which equates to false Set this option to allow or disallow devices to be redirected even if Horizon Client fails to get the configuration or device descriptors. To allow a device even if it fails to get the configuration or device descriptors, include it in the Include filters, such as IncludeVidPid or IncludePath.
viewusb.AllowHIDBootable {m|o}:{true|false} undefined, which equates to true Use this option to allow or disallow the redirection of input devices other than keyboards or mice that are available at boot time, also known as HID-bootable devices.
viewusb.AllowKeyboardMouse {m|o}:{true|false} undefined, which equates to false Use this option to allow or disallow the redirection of keyboards with integrated pointing devices (such as a mouse, trackball, or touch pad).
viewusb.AllowSmartcard {m|o}:{true|false} undefined, which equates to false Set this option to allow or disallow smart card devices to be redirected.
viewusb.AllowVideo {m|o}:{true|false} undefined, which equates to true Use this option to allow or disallow video devices to be redirected.
viewusb.DisableRemoteConfig {m|o}:{true|false} undefined, which equates to false Set this option to deactivate or enable the use of Horizon Agent settings when performing USB device filtering.
viewusb.ExcludeAllDevices {true|false} undefined, which equates to false Use this option to exclude or include all USB devices from being redirected. If set to true, you can use other policy settings to allow specific devices or families of devices to be redirected. If set to false, you can use other policy settings to prevent specific devices or families of devices from being redirected. If you set the value of ExcludeAllDevices to true on Horizon Agent, and this setting is passed to Horizon Client, the Horizon Agent setting overrides the Horizon Client setting.
viewusb.ExcludeFamily {m|o}:family_name_1[;family_name_2;...] undefined Use this option to exclude families of devices from being redirected. For example: m:bluetooth;smart-card

If you have enabled automatic device splitting, Horizon examines the device family of each interface of a composite USB device to decide which interfaces must be excluded. If you have deactivated automatic device splitting, Horizon examines the device family of the whole composite USB device.

Note: Mice and keyboards are excluded from redirection by default. You do not have configure this setting to exclude mouse and keyboard devices.
viewusb.ExcludePath {m|o}:bus-x1[/y1].../ port-z1[;bus-x2[/y2].../port-z2;...] undefined Use this option to exclude devices at specified hub or port paths from being redirected. You must specify bus and port numbers in hexadecimal. You cannot use the wildcard character in paths.

For example:m:bus-1/2/3_port- 02;bus-1/1/1/4_port-ff

viewusb.ExcludeVidPid {m|o}:vid-xxx1_ pid-yyy1[;vid-xxx2_pid-yyy2;..] undefined Set this option to exclude devices with specified vendor and product IDs from being redirected. You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: o:vid-0781_pid- ****;vid-0561_pid-554c

viewusb.IncludeFamily {m|o}:family_name_1[;family_name_2]... undefined Set this option to include families of devices that can be redirected.

For example: o:storage; smart-card

viewusb.IncludePath {m|o}:bus-x1[/y1].../ port-z1[;bus-x2[/y2].../portz2;...] undefined Use this option to include devices at specified hub or port paths that can be redirected. You must specify bus and port numbers in hexadecimal. You cannot use the wildcard character in paths.

For example: m:bus-1/2_port- 02;bus-1/7/1/4_port-0f

viewusb.IncludeVidPid {m|o}:vid-xxx1_ pid-yyy1[;vid-xxx2_pid-yyy2;...] undefined Set this option to include devices with specified Vendor and Product IDs that can be redirected. You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

For example: o:vid-***_pid-0001;vid-0561_pid-554c

viewusb.SplitExcludeVidPid {m|o}:vid-xxx1_pid-yyy1[;vid-xxx2_pid-yyy2;...] undefined Use this option to exclude or include a specified composite USB device from splitting by Vendor and Product IDs. The format of the setting is vid-xxx1_pid-yyy1[;vid-xxx2_pid-yyy2;...]. You must specify ID numbers in hexadecimal. You can use the wildcard character (*) in place of individual digits in an ID.

Example: m:vid-0f0f_pid-55**

viewusb.SplitVidPid {m|o}: vid-xxxx_pid-yyyy([exintf:zz[;exintf:ww]])[;...] undefined Set this option to treat the components of a composite USB device specified by Vendor and Product IDs as separate devices. The format of the setting is vid-xxxx_pid-yyyy(exintf:zz[;exintf:ww]).

You can use the exintf keyword to exclude components from redirection by specifying their interface number. You must specify ID numbers in hexadecimal, and interface numbers in decimal including any leading zero. You can use the wildcard character (*) in place of individual digits in an ID.

Example: o:vid-0f0f_pid-***(exintf-01);vid-0781_pid-554c(exintf:01;exintf:02)

Note: VMware Horizon does not include the components that you have not explicitly excluded automatically. You must specify a filter policy such as Include VidPid Device to include those components.
VMWPkcs11Plugin.log.enable true or false false Set this option to enable or deactivate the logging mode for the True SSO feature.
VMWPkcs11Plugin.log.logLevel error, warn, info, debug, trace, or verbose info Use this option to set the log level for the True SSO feature.
VVC.logLevel fatal error, warn, info, debug, or trace info Use this option to set the log level of the VVC proxy node.
VVC.RTAV.Enable true or false true Set this option to enable/deactivate Real-Time Audio-Video redirection.
VVC.RTAV.WebcamDefaultResHeight available range of values: 32–2160 undefined Use this option to set the default image height, in pixels, used for Real-Time Audio-Video redirection.
VVC.RTAV.WebcamDefaultResWidth available range of values: 32–4096 undefined Use this option to set the default image width, in pixels, used for Real-Time Audio-Video redirection.
VVC.RTAV.WebcamMaxFrameRate available range of values: 1–30 undefined, which equates to no limit on the maximum frame rate Use this option to set the maximum frame rate, in frames per second (fps), allowed for Real-Time Audio-Video redirection.
VVC.RTAV.WebcamMaxResHeight available range of values: 32–2160 undefined, which equates to no limit on the maximum image height Use this option to set the maximum image height, in pixels, allowed for Real-Time Audio-Video redirection.
VVC.RTAV.WebcamMaxResWidth available range of values: 32–4096 undefined, which equates to no limit on the maximum image width Use this option to set the maximum image width, in pixels, allowed for Real-Time Audio-Video redirection.
VVC.ScRedir.Enable true or false true Set this option to enable/deactivate smart card redirection.

Configuration Options in /etc/vmware/viewagent-custom.conf

Java Standalone Agent uses the configuration file /etc/vmware/viewagent-custom.conf.

Table 2. Configuration Options in /etc/vmware/viewagent-custom.conf
Option Value Default Description
CDREnable true or false true Use this option to enable or deactivate the client drive redirection feature.
AppEnable true or false true Use this option to enable or deactivate support for single-session application pools.
BlockScreenCaptureEnable true or false false Use this option to prevent users from taking screenshots of their virtual desktop or published application from their end point using Windows or macOS devices.
CollaborationEnable true or false true Use this option to enable or deactivate the Session Collaboration feature on Linux desktops.
DPISyncEnable true or false true Set this option to enable or deactivate the DPI Synchronization feature, which ensures that the DPI setting in the remote desktop matches the client system's DPI setting.
EndpointVPNEnable true or false false Set this option to specify if the client's physical network card IP address or the VPN IP address is to be used when evaluating the endpoint IP address against the range of endpoint IP addresses used in the Dynamic Environment Manager Console. If you set the option to false, the client's physical network card IP address is used. Otherwise, the VPN IP address is used.
HelpDeskEnable true or false true Set this option to enable or deactivate the Help Desk Tool feature.
KeyboardLayoutSync true or false true Use this option to specify whether to synchronize a client's system locale list and current keyboard layout with Horizon Agent for Linux desktops.

When this setting is enabled or not configured, synchronization is allowed. When this setting is deactivated, synchronization is not allowed.

This feature is supported only for Horizon Client for Windows, and only for the English, French, German, Japanese, Korean, Spanish, Simplified Chinese, and Traditional Chinese locales.

LogCnt An integer -1 Use this option to set the reserved log file count in /tmp/vmware-root.
  • -1 - keep all
  • 0 - delete all
  • > 0 - reserved log count.
MaxSessionsBuffer

An integer between 1 and the value specified for Max Sessions Per RDS Host in the farm configuration wizard.

5 or 1

When configuring farms, use this option to specify the number of pre-launched sessions per host machine. When properly configured, this option can help speed the launch of desktop and application sessions.

The default value is 5 for non-vGPU farms, 1 for vGPU farms. A higher value means that more resources are pre-consumed in a vGPU or non-vGPU environment.

Configuring a high value is not recommended in a load-balanced vGPU environment that uses a lower vGPU profile because the high ratio of pre-consumed vGPU resources affects the behavior of the load balancer. For example, with a profile of 2Q in a load-balanced environment, using a high MaxSessionBuffer value can prevent the load balancer from assigning desktops and applications from that farm.

See Considerations for Linux Farms, Published Desktops, and Published Applications.

NetbiosDomain A text string, in all caps undefined When configuring True SSO, use this option to set the NetBIOS name of your organization's domain.
OfflineJoinDomain pbis or samba pbis Use this option to set the instant-clone offline domain join. The available methods to perform an offline domain join are the PowerBroker Identity Services Open (PBISO) authentication and the Samba offline domain join. If this property has a value other than pbis or samba, the offline domain join is ignored.
PrintRedirEnable true or false true

Enables or deactivates the VMware Integrated Printing feature, which includes client printer redirection.

Note: To enable VMware Integrated Printing, you must set both of these configuration options to true:
  • printSvc.enable in /etc/vmware/config
  • PrintRedirEnable in /etc/vmware/viewagent-custom.conf

If you set either one of these options to false, even with the other option set to true, VMware Integrated Printing is deactivated.

RunOnceScript Script for joining the virtual machine to Active Directory undefined

Use this option to rejoin the cloned virtual machine to Active Directory.

Set the RunOnceScript option after the host name has changed. The specified script is run only once after the first host name change. The script runs with the root permission when the agent service starts and the host name has been changed since the agent installation.

For example, for the winbind solution, you must join the base virtual machine to Active Directory with Winbind, and set this option to a script path. The script must contain the domain rejoin command /usr/bin/net ads join -U <ADUserName>%<ADUserPassword>. After VM Clone, the operating system customization changes the host name. When the agent service starts, the script executes to join the cloned virtual machine to Active Directory.

RunOnceScriptTimeout 120 Use this option to set the timeout time in seconds for the RunOnceScript option.

For example, set RunOnceScriptTimeout=120

SSLCertName A text string vmwblast:cert
Note: This option is available only with Horizon Agent 2209.x, versions 2209.1 and later. It is not available with Horizon Agent 2209.0.

When deploying a VMwareBlastServer certificate with the DeployBlastCert.sh script, use this option to specify the certificate name as it will appear in the Linux keyring.

For more information, see Install a CA-signed Certificate for VMwareBlastServer.

SSLKeyName A text string vmwblast:key
Note: This option is available only with Horizon Agent 2209.x, versions 2209.1 and later. It is not available with Horizon Agent 2209.0.

When deploying a VMwareBlastServer certificate with the DeployBlastCert.sh script, use this option to specify the private key name as it will appear in the Linux keyring.

For more information, see Install a CA-signed Certificate for VMwareBlastServer.

SSLCiphers A text string !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES Use this option to specify the list of ciphers. You must use the format defined by the OpenSSL standard. To find information about the OpenSSL-defined format, type these keywords into an Internet search engine: openssl cipher string.
SSLProtocols A text string TLSv1_1:TLSv1_2 Use this option to specify the security protocols. The supported protocols are TLSv1.1 and TLSv1.2.
SSODesktopType UseGnomeClassic or UseGnomeFlashback or UseGnomeUbuntu or UseMATE or UseKdePlasma undefined

This option specifies the desktop environment to use, instead of the default desktop environment, when SSO is enabled.

You must first ensure that the selected desktop environment is installed on your desktop before specifying to use it. If you set this option in an Ubuntu desktop, the option takes effect regardless if the SSO feature is enabled or not. If you set this option in a RHEL/CentOS 7.x desktop, the selected desktop environment is used only if SSO is enabled.

Note: This option is not supported on RHEL 9.x/8.x desktops. VMware Horizon supports only the Gnome desktop environment on RHEL 9.x/8.x desktops.
SSOEnable true or false true Set this option to enable/deactivate single sign-on (SSO).
SSOUserFormat A text string [username] Use this option to specify the format of the login name for single sign-on. The default is the user name only. Set this option if the domain name is also required. Typically, the login name is the domain name plus a special character followed by the user name. If the special character is the backslash, you must escape it with another backslash. Examples of login name formats are as follows:
  • SSOUserFormat=[domain]\\[username]
  • SSOUserFormat=[domain]+[username]
  • SSOUserFormat=[username]@[domain]
Subnet A value in CIDR IP address format [subnet] When IPv4 support is enabled, set this option to an IPv4 subnet which other machines can use to connect to Horizon Agent for Linux. If there is more than one local IP address with different subnets, the local IP address in the configured subnet is used to connect to Horizon Agent for Linux. You must specify the value in CIDR IP address format. For example, Subnet=123.456.7.8/24.
Subnet6 A value in prefix/length IP address format [subnet6] When IPv6 support is enabled, set this option to an IPv6 subnet which other machines can use to connect to Horizon Agent for Linux. If there is more than one local IP address with different subnets, the local IP address in the configured subnet is used to connect to Horizon Agent for Linux. You must specify the value in prefix/length IP address format. For example, Subnet6=2001:db8:abcd:0012::0/64.
DEMEnable true or false false Set this option to enable or deactivate smart policies created in Dynamic Environment Manager. If the option is set to enable, and the condition in a smart policy is met, then the policy is enforced.
DEMNetworkPath A text string undefined

You must set this option to the same network path set in the Dynamic Environment Manager Console. The path must be in the format similar to //10.111.22.333/view/LinuxAgent/DEMConfig.

The network path must correspond to a public, shared folder which does not require user name and password credentials for access.

Note: The VMwareBlastServer process uses the SSLCiphers, SSLProtocols, and SSLCipherServerPreference security options. When starting the VMwareBlastServer process, the Java Standalone Agent passes these options as parameters. When Blast Secure Gateway (BSG) is enabled, these options affect the connection between BSG and the Linux desktop. When BSG is not enabled, these options affect the connection between the client and the Linux desktop.

Configuration Settings in /etc/vmware/viewagent-greeter.conf

The settings in the /etc/vmware/viewagent-greeter.conf file support the True SSO and smart card SSO feature fails. The configuration file includes two sections: [SSOFailed] and [PKCS11].

The defaultUsername setting under [SSOFailed] specifies how the VMware greeter fetches the default user name in the event of a True SSO or smart card SSO failure.

The settings under [PKCS11] are used to fetch the default user name from the smart card certificate if smart card SSO authentication fails.

Note: The [PKCS11] settings only take effect if you set defaultUsername to false.
Table 3. Configuration Settings in /etc/vmware/viewagent-greeter.conf
Section Setting Value/Format Default Description
[SSOFailed] defaultUsername true or false true

Use this setting to specify how to get the user name when the single sign-on process fails. The behavior of this setting differs between True SSO and smart card SSO.

When True SSO fails -

  • With true, the greeter gets the default user name that was used to log in to Horizon Connection Server.
  • With false, the greeter does not attempt to get a default user name. The user must manually enter a user name in the greeter screen.

When smart card SSO fails -

  • With true, the greeter gets the default user name that was used to log in to Horizon Connection Server.
  • With false, the greeter gets the default user name from the certificate on the smart card, provided that the PKCS #11 settings in /etc/vmware/viewagent-greeter.conf are configured correctly. The greeter then prompts the user to enter the smart card PIN.
Note: The PKCS #11 settings only take effect when you set defaultUsername to false.
[SSOFailed] scAuthTimeout An integer 120 Use this setting to specify a timeout period, in seconds, for smart card SSO authentication. The following guidelines apply:
  • If you set the value to 0, smart card SSO authentication is attempted indefinitely, with no timeout.
  • If you leave this setting unconfigured, smart card SSO uses the default timeout of 120 seconds.
[PKCS11] module A file path undefined Use this setting to specify the path to the smart card driver. This setting is required.
[PKCS11] slotDescription A text string undefined

Use this setting to specify the label of the slot used by the smart card reader. Specify "none" to use the first slot with an available authentication token. This setting is optional.

Note: You can specify the slot using either the slotDescription or slotNum setting. The following guidelines apply:
  • If you specify both settings, the slotDescription setting takes priority.
  • If you leave both settings unspecified, the greeter uses the first slot with an available token.
[PKCS11] slotNum An integer -1 (no slot number is defined)

Use this setting to specify the slot number used by the smart card reader. This setting is optional.

For information on how this setting relates to the slotDescription setting, see the previous entry in this table.

Note: Use this setting only if your PKCS #11 implementation can ensure consistent slot numbering.
[PKCS11] service A file path undefined Use this setting to specify the path to the PAM module used for smart card authentication. This setting is required.
[PKCS11] mapper A file path undefined Use this setting to specify the path to the Common Name (CN) mapper file used for smart card authentication. This setting is required.
[PKCS11] waitForToken An integer 10000

Use this setting to specify the period of time, in milliseconds (ms), allotted for detecting an authentication token in the smart card slot. If the greeter fails to detect a token within this time period, the current attempt is canceled and the greeter starts a new detection attempt.

Observe the following:

  • If you set the value to -1, the greeter attempts to detect the token indefinitely, with no timeout.
  • If not configured, this setting uses the default timeout of 10000 ms.