The “How To” of CAC Configuration with VMware View for Federal Desktops
I used to get questions on a weekly basis on how to configure View to use with federal Common Access Cards (CAC) or Personal Identity Verification (PIV) infrastructure for authentication and single sign. The required information was spread across several VMware publications including product documentation and tech notes. A new white paper is now available, and serves as a single resource with all the information required to implement CAC with a VMware View solution.
I found there was very little about the View implementation that was unique, and that many administrators familiar with CAC integration had no questions at all. It seemed that the people asking for help were new to CAC/PIV and a single, consolidated set of procedures was all they needed because the questions have dropped off completely.
The white paper includes a list of prerequisites and limitations, but I want to point out one in particular. Most organizations implementing new applications will want to replace the default server credentials to improve security. I did not include details on this process in the paper because it was really out of scope, but since the procedures to replace the certs will require changes to the locked.properties file, I recommend you make these changes separately from the CAC implementation. It doesn't matter which you choose to do first, but I hear about a lot of customers that make a small mistake during one of the other of these implementations and doing both at the same time only complicates the troubleshooting process. When the View Connection Servers are installed, replace the certificates and verify that all is working properly with the application before implementation CAC or PIV authentication.
Finally, I am sincere that I solicit your feedback. This paper will remain a living document for some time as changes to Federal PIV policy continue and myriad cards continue to be implemented, potentially requiring changes in the implementation procedures. If you find anything that could be improved, or are left with questions after reviewing the paper, please let me know via the comments below.
Thank you for being a loyal VMware customer.
Federal Desktop Specialist