Creating and optimizing the end user experience of a VMware Horizon View Connection in NoTouch
Stratodesk makes sure NoTouch has latest versions of the VMware Horizon View client (formerly known as VMware View client) for Linux integrated. Our VMware Horizon View client implementation supports both PCoIP and RDP protocol with USB forwarding, making a perfect VMware Horizon View endpoint solution, without any need for installing software, cryptic configuration files or command line options! NoTouch provides a complete configuration environment for the View client, so you don't have to work with command-line options or config files - everything can be configured and managed via the local NoTouch configuration menu as well as centrally with NoTouch Center.
This article gives an overview of the different configuration scenarios and later describes VMware specific configuration steps. We assume that you basically understand how NoTouch OS is configured and especially how server connections are created and configured.
Basic connection setup
- Create a connection and set the connection mode to "VMware Horizon View" (or "VMware View" in older software versions)
- Type in your View connection broker URL into the connection target parameter. Typically this is something like https://myviewserver.mycompany.com/
This is enough to connect to a Horizon VDI server - it's really that easy. From there you can of course change many different options. For instance, you can configure the client to come up automatically after boot time; and you can modify all VMware View client options (submenu VMware Horizon View) under the Connection options. See below for the configuration possibilities.
Your NoTouch endpoint can be configured equally well from both the local configuration and NoTouch Center.
FAQ/Common configuration scenarios
Before describing all available options, we want to shine a light on a few "FAQ"-type scenarios:
- I use a private certificate and don't want the warning to appear. Either add your private root CA certificate to the client, or disable the certificate check (less secure). For the latter, set the "Certificate Check" parameter to "Allow unverifiable connection".
- I want the system to connect automatically to a specific desktop. Simply type in the name of your desktop (pool) into the "Desktop name" parameter. There is another parameter called "Connect automatically if enough values are given" that needs to be set to "on", which is the default value, but please double-check.
- I don't want the View client to stay open after the users disconnect from their desktops. Set the parameter "Exit on disconnect or error" to "on".
- I don't want to see this menu bar on top of the screen, it confuses my users. Set the parameter "Disable fullscreen dropdown menu bar" to "on".
If you experience enlarged and distorted icons with the Blast protocol, On the VMware Horizon View tab
- Set Blast - H.264 Decoding and Blast h.264 High Color Accuracy to On
To make the View client automatically connect to a specific desktop, two things need to be set:
- The "Desktop name" parameter must contain the name of the desktop or pool to connect to - please make sure you spell it exactly as configured on the server
- The "Connect automatically if enough information present" parameter must be set to "on". This is the default, so usually you don't have to do anything here.
You might also want to have the connection automatically starting at boot time, for this to happen set the "Autostart at boot" parameter to on (in the Connection options, not the VMware Horizon View options).
If you don't want the View client to stay open after the users disconnect from their desktops, set the parameter "Exit on disconnect or error" to "on". This prevents your users to have to logoff twice, once from the desktop and a second time from the View client.
If you like the idea of everything being fully automated, you may have a look at the Action after exit parameter. This would allow you control the behavior of when the View client exits (the View client, not the VDI desktop; these may be separate events, depending on the "Exit on disconnect" setting above) and make NoTouch to restart the connection, or reboot or shutdown the machine.
The VMware View client will take advantage of multiple monitors automatically and it will report screen geometry to the server with PCoIP and FreeRDP. Please make sure Multimonitor support works, more information can be found here: Multimonitor operation with NoTouch
Two parameters influence the dualmonitor/multimonitor behavior - the effects of these parameters are entirely up to VMware and may change with different versions of the View client:
- Desktop size
- All. This is the default. All monitors are available to the View client.
- Full. Only one monitor will be used, and the full monitor can be used.
- No setting. NoTouch will not set this parameter at all when launching the View client.
- Custom size WxH.
- Large. The View client will occupy a large portion of the screen.
- Small. The View client will occupy a small portion of the screen.
- Fullscreen mode
- No setting. This is the default.
- Enable fullscreen mode across all monitors.
- Enable fullscreen mode in single monitor mode.
To fully understand these options one has to consider that the VMware View client itself is a window that can occupy space - mostly displaying available desktop choices - (desktop size), versus the way the server side desktops are launched (fullscreen mode).
NoTouch 2.35+ sets "Desktop size" to "All" as default which means that all monitors are made available to the View client and does not set the fullscreen mode (launched desktops will be still be fullscreen unless overriden in the server-side View configuration).
If you use RDP, you can chose between rdesktop and FreeRDP as available RDP clients. Please note that rdesktop can not report screen geometry to the server, wheres FreeRDP does (as does PCoIP).
HTTPS/SSL and certificates
If you use private certificates, you may have to add your own certificate - please refer to the documentation on certificates.
Furthermore, there is the parameter "Certificate check behavior" with three options:
- Warn if connection may be insecure. This is the default setting. The View client will warn the user if it can not verify the certificate by displaying a dialog box.
- Reject unverifiable connection. The View client will not allow connecting to a server with a certificate that can not be verified. Connections to servers with private or self-signed certificate won't work unless these certificates are added to the system.
- Allow unverifiable connection. This will basically turn the certificate verification off.
Please note that for certificate timestamp checks the VMware Horizon View client might try to contact machines on the Internet.
The VMware Horizon View implementation in NoTouch supports Blast Extreme, PCoIP and RDP; the latter with rdesktop and FreeRDP; both are open-source implementations of the RDP protocol, FreeRDP being more modern, rdesktop having a longer history and thus more installed base.
The "Preferred protocol" parameter controls the protocol choice:
- No setting. This is the default. Let the View server and/or user decide.
- Blast. Force the use of Blast Extreme, if the server allows it.
- PCoIP. Force the use of PCoIP, if the server allows it.
- RDP. Force the use of RDP, if the server allows it.
Blast Extreme operation
Blast Extreme works without deeper configuration.
PCoIP works without deeper configuration.
If you use RDP, the parameter "RDP client to use" gives you control over which RDP client software is to be used:
- No setting. Let the VMware View client decide. As of NoTouch 2.35, this will lead to rdesktop.
- rdesktop. Force using rdesktop.
- FreeRDP. Force using FreeRDP.
By default, USB forwarding switched to on and USB devices will be forwarded to the server automatically. So called HIDs (human interface devices, such as keyboards, mice, but also mouse-emulating devices like digital dictation foot pedals) will not be forwarded, but rather handled locally and brought to the VDI desktop as keystrokes and mouse movements - you can change that if you need, please see here: VMware Horizon View USB forwarding
If you experience problems with USB forwarding, you can change the version of the USB forwarding component. As of NoTouch 2.35, VMware allows to use the most recent USB forwarder component as well as version 1.5.0 which was based on a different technology. The parameter "USB forwarder version" allows to choose between those two. If you change this, please make sure the devices is rebooted for changes to take effect.
The VMware USB forwarder is a system service, thus it can be configured from the "Services" parameters, not the VMware View connection parameters. The startup behavior is controlled by the parameter named "VMware USB forwarder" parameter. It has these options:
- "with VMware View connection". This is the default. Start the VMware View USB forwarder only if there is a VMware View connection configured.
- "off". Do not start the VMware View USB forwarder.
- "on". Start the VMware View USB forwarder after system boot.
VMware Horizon View can forward smartcard readers and use these for login purposes. U.S. Federal customers will enjoy the CAC card support. In that case, do not forward the smartcard reader with generic USB forwarding. Configure smartcard support according to these instructions:
- Verify your Horizon View agent has been installed with smartcard components. By default, they will not be installed, so you have to take action here. Refer to this guide
- Switch on the "Smartcard service (PCSCD)" in the "Services" options
- In most cases the default settings for the Smartcard driver parameter will be fine. Some readers need the Omnikey setting, not only Omnikey readers. You may have to experiment with that or contact support.
- Set the "Smartcard driver PKCS#11" parameter in the VMware Horizon View parameters to match your cards
- Make sure you have added your root certificates to the NoTouch system according to Certificates
- The certificate must be in PEM form and have the extension .crt