Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
- Index
Horizon 7 Accounts, Resources, and
Log Files 1
Having dierent accounts for specic components protects against giving individuals more access and
permissions than they need. Knowing the locations of conguration les and other les with sensitive data
aids in seing up security for various host systems.
N Starting with Horizon 7.0, View Agent is renamed Horizon Agent.
This chapter includes the following topics:
n
“Horizon 7 Accounts,” on page 7
n
“Horizon 7 Resources,” on page 8
n
“Horizon 7 Log Files,” on page 8
Horizon 7 Accounts
You must set up system and database accounts to administer Horizon 7 components.
Table 1‑1. Horizon 7 System Accounts
Horizon Component Required Accounts
Horizon Client Congure user accounts in Active Directory for the users who have access to remote desktops
and applications. The user accounts must be members of the Remote Desktop Users group, but
the accounts do not require Horizon administrator privileges.
vCenter Server Congure a user account in Active Directory with permission to perform the operations in
vCenter Server that are necessary to support Horizon 7.
For information about the required privileges, see the View Installation document.
View Composer Create a user account in Active Directory to use with View Composer. View Composer requires
this account to join linked-clone desktops to your Active Directory domain.
The user account should not be a Horizon administrative account. Give the account the
minimum privileges that it requires to create and remove computer objects in a specied Active
Directory container. For example, the account does not require domain administrator privileges.
For information about the required privileges, see the View Installation document.
Connection Server When you install Horizon 7, you can specify a specic domain user, the local Administrators
group, or a specic domain user group as Horizon administrators. We recommend creating a
dedicated domain user group of Horizon administrators. The default is the currently logged in
domain user.
In Horizon Administrator, you can use View > Administrators to change the list
of Horizon administrators.
See the View Administration document for information about the privileges that are required.
VMware, Inc. 7