Security

Table Of Contents

Security-Related Settings in View LDAP

Security-related seings are provided in View LDAP under the object path

cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility to change

the value of these seings on a View Connection Server instance. The change propagates automatically to all

other View Connection Server instances in a group.

Table 2‑3. Security-Related Settings in View LDAP

Name-value pair Description

cs-

allowunencryptedstartsession

The aribute is pae-NameValuePair.

This aribute controls whether a secure channel is required between a View

Connection Server instance and a desktop when a remote user session is being started.

When View Agent 5.1 or later, or Horizon Agent 7.0 or later, is installed on a desktop

computer, this aribute has no eect and a secure channel is always required. When a

View Agent older than View 5.1 is installed, a secure channel cannot be established if

the desktop computer is not a member of a domain with a two-way trust to the domain

of the View Connection Server instance. In this case, the aribute is important to

determine whether a remote user session can be started without a secure channel.

In all cases, user credentials and authorization tickets are protected by a static key. A

secure channel provides further assurance of condentiality by using dynamic keys.

If set to 0, a remote user session will not start if a secure channel cannot be established.

This seing is suitable if all the desktops are in trusted domains or all desktops have

View Agent 5.1 or later installed.

If set to 1, a remote user session can be started even if a secure channel cannot be

established. This seing is suitable if some desktops have older View Agents installed

and are not in trusted domains.

The default seing is 1.

Chapter 2 View Security Settings

VMware, Inc. 15