Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
- Index
Security-Related Global Settings in View Administrator
Security-related global seings for client sessions and connections are accessible under View
> Global in View Administrator.
Table 2‑1. Security-Related Global Settings
Setting Description
Change data recovery
password
The password is required when you restore the View LDAP conguration from an
encrypted backup.
When you install View Connection Server version 5.1 or later, you provide a data recovery
password. After installation, you can change this password in View Administrator.
When you back up View Connection Server, the View LDAP conguration is exported as
encrypted LDIF data. To restore the encrypted backup with the vdmimport utility, you must
provide the data recovery password. The password must contain between 1 and 128
characters. Follow your organization's best practices for generating secure passwords.
Message security mode Determines the security mechanism used when JMS messages are passed between View
components.
n
If set to Disabled, message security mode is disabled.
n
If set to Enabled, legacy message signing and verication of JMS messages takes place.
View components reject unsigned messages. This mode supports a mix of SSL and
plain JMS connections.
n
If set to Enhanced, SSL is used for all JMS connections, to encrypt all messages. Access
control is also enabled to restrict the JMS topics that View components can send
messages to and receive messages from.
n
If set to Mixed, message security mode is enabled, but not enforced for View
components that predate View Manager 3.0.
The default seing is Enhanced for new installations. If you upgrade from a previous
version, the seing used in the previous version is retained.
I VMware strongly recommends seing the message security mode to
Enhanced after you upgrade all View Connection Server instances, security servers, and
View desktops to this release. The Enhanced seing provides many important security
improvements and MQ (message queue) updates.
Enhanced Security Status
(Read-only)
Read-only eld that appears when Message security mode is changed from Enabled to
Enhanced. Because the change is made in phases, this eld shows the progress through the
phases:
n
Waiting for Message Bus restart is the rst phase. This state is displayed until you
manually restart either all Connection Server instances in the pod or the VMware
Horizon View Message Bus Component service on all Connection Server hosts in the
pod.
n
Pending Enhanced is the next state. After all View Message Bus Component services
have been restarted, the system begins changing the message security mode to
Enhanced for all desktops and security servers.
n
Enhanced is the nal state, indicating that all components are now using Enhanced
message security mode.
Reauthenticate secure
tunnel connections after
network interruption
Determines if user credentials must be reauthenticated after a network interruption when
Horizon Clients use secure tunnel connections to View desktops and applications.
This seing oers increased security. For example, if a laptop is stolen and moved to a
dierent network, the user cannot automatically gain access to the View desktops and
applications because the network connection was temporarily interrupted.
This seing is disabled by default.
Forcibly disconnect users Disconnects all desktops and applications after the specied number of minutes has passed
since the user logged in to View. All desktops and applications will be disconnected at the
same time regardless of when the user opened them.
The default is 600 minutes.
View Security
12 VMware, Inc.