Horizon 7 Installation - VMware Horizon 7 7

Horizon 7 Installation

OCT 2020 VMware Horizon 7 7.13

Horizon 7 Installation

You can find the most up-to-date technical documentation on the VMware website at:

VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304

Copyright ? 2011-2020 VMware, Inc. All rights reserved. Copyright and trademark information.

VMware, Inc.

2

Contents

Horizon 7 Installation 8

1 System Requirements for Server Components 9

Horizon Connection Server Requirements 9 Hardware Requirements for Horizon Connection Server 10 Supported Operating Systems for Horizon Connection Server 10 Virtualization Software Requirements for Horizon Connection Server 11 Network Requirements for Replicated Horizon Connection Server Instances 11

Horizon Administrator Requirements 11 Horizon Console Requirements 12 View Composer Requirements 13

Supported Operating Systems for View Composer 13 Hardware Requirements for Standalone View Composer 14 Database Requirements for View Composer and the Events Database 15

2 System Requirements for Guest Operating Systems 16

Requirements and Considerations for Horizon Agent 16 Supported Operating Systems for Standalone Horizon Persona Management 17 Remote Display Protocol and Software Support 17

PCoIP 18 Microsoft RDP 20 VMware Blast Extreme 21

3 Installing Horizon 7 in an IPv6 Environment 26

Setting Up Horizon 7 in an IPv6 Environment 26 Supported vSphere, Database, and Active Directory Versions in an IPv6 Environment 27 Supported Operating Systems for Horizon 7 Servers in an IPv6 Environment 27 Supported Windows Operating Systems for Desktops and RDS Hosts in an IPv6 Environment

28 Supported Clients in an IPv6 Environment 28 Supported Remoting Protocols in an IPv6 Environment 28 Supported Authentication Types in an IPv6 Environment 29 Other Supported Features in an IPv6 Environment 29

4 Installing Horizon 7 in FIPS Mode 32

Overview of Setting Up Horizon 7 in FIPS Mode 32 System Requirements for FIPS Mode 33

VMware, Inc.

3

Horizon 7 Installation

5 Preparing Active Directory 35

Configuring Domains and Trust Relationships 36 Trust Relationships and Domain Filtering 37

Creating an OU for Remote Desktops 37 Creating OUs and Groups for Kiosk Mode Client Accounts 37 Creating Groups for Users 38 Creating a User Account for vCenter Server 38 Creating a User Account for a Standalone View Composer Server 38 Create a User Account for View Composer AD Operations 39 Create a User Account for Instant-Clone Operations 40 Configure the Restricted Groups Policy 40 Using Horizon 7 Group Policy Administrative Template Files 41 Prepare Active Directory for Smart Card Authentication 42

Add UPNs for Smart Card Users 42 Add the Root Certificate to Trusted Root Certification Authorities 43 Add an Intermediate Certificate to Intermediate Certification Authorities 44 Add the Root Certificate to the Enterprise NTAuth Store 45 Disable Weak Ciphers in SSL/TLS 45

6 Installing View Composer 47

Prepare a View Composer Database 47 Create a SQL Server Database for View Composer 48 Create an Oracle Database for View Composer 52

Configuring an SSL Certificate for View Composer 56 Install the View Composer Service 57 Enable TLSv1.0 on vCenter and ESXi Connections from View Composer 59 Configuring Your Infrastructure for View Composer 60

Configuring the vSphere Environment for View Composer 60 Additional Best Practices for View Composer 61

7 Installing Horizon Connection Server 62

Installing the Horizon Connection Server Software 62 Installation Prerequisites for Horizon Connection Server 63 Install Horizon Connection Server with a New Configuration 64

Install Horizon Connection Server Silently 68 Silent Installation Properties for a Horizon Connection Server Standard Installation 70 Enable TLSv1.0 on vCenter Connections from Connection Server 71 Install a Replicated Instance of Horizon Connection Server 73 Install a Replicated Instance of Horizon Connection Server Silently 76 Silent Installation Properties for a Replicated Instance of Horizon Connection Server 79 Configure a Security Server Pairing Password 80

VMware, Inc.

4

Horizon 7 Installation

Install a Security Server 81 Install a Security Server Silently 85 Silent Installation Properties for a Security Server 87 Remove IPsec Rules for the Security Server 89

Unified Access Gateway Appliance Advantages over VPN 90 Firewall Rules for Horizon Connection Server 92

Configuring a Back-End Firewall to Support IPsec 93 Reinstall Horizon Connection Server with a Backup Configuration 94 Microsoft Windows Installer Command-Line Options 96 Uninstalling Horizon 7 Components Silently by Using MSI Command-Line Options 98

8 Configuring TLS Certificates for Horizon 7 Servers 100

Understanding TLS Certificates for Horizon 7 Servers 101 Overview of Tasks for Setting Up TLS Certificates 102 Obtaining a Signed TLS Certificate from a CA 104

Obtain a Signed Certificate from a Windows Domain or Enterprise CA 105 Configure Horizon Connection Server, Security Server, or View Composer to Use a New TLS

Certificate 106 Add the Certificate Snap-In to MMC 107 Import a Signed Server Certificate into a Windows Certificate Store 107 Modify the Certificate Friendly Name 109 Import a Root Certificate and Intermediate Certificates into a Windows Certificate Store

109 Bind a New TLS Certificate to the Port Used by View Composer 111 Configure Client Endpoints to Trust Root and Intermediate Certificates 112 Configure Horizon Client for Mac to Trust Root and Intermediate Certificates 114 Configure Horizon Client for iOS to Trust Root and Intermediate Certificates 114 Configuring Certificate Revocation Checking on Server Certificates 115 Configure the PCoIP Secure Gateway to Use a New TLS Certificate 116 Verify That the Server Name Matches the PSG Certificate Subject Name 117 Configure a PSG Certificate in the Windows Certificate Store 118 Set the PSG Certificate Friendly Name in the Windows Registry 120 Force a CA-Signed Certificate to Be Used for Connections to the PSG 120 Setting Horizon Administrator to Trust a vCenter Server or View Composer Certificate 121 Benefits of Using TLS Certificates Signed by a CA 121 Troubleshooting Certificate Issues on Horizon Connection Server and Security Server 122

9 Configuring Horizon 7 for the First Time 124

Configuring User Accounts for vCenter Server, View Composer, and Instant Clones 124 Where to Use the vCenter Server User and View Composer Users 125 Configure a vCenter Server User for Horizon 7 and View Composer 125 Privileges Required for the vCenter Server User 127

VMware, Inc.

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download