Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Security-Related Settings in View LDAP
Security-related settings are provided in View LDAP under the object path
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility
to change the value of these settings on a View Connection Server instance. The change propagates
automatically to all other View Connection Server instances in a group.
Table 2‑3. Security-Related Settings in View LDAP
Name-value pair Description
cs-
allowunencryptedstartsession
The attribute is pae-NameValuePair.
This attribute controls whether a secure channel is required between a View Connection
Server instance and a desktop when a remote user session is being started.
When View Agent 5.1 or later, or Horizon Agent 7.0 or later, is installed on a desktop computer,
this attribute has no effect and a secure channel is always required. When a View Agent older
than View 5.1 is installed, a secure channel cannot be established if the desktop computer is
not a member of a domain with a two-way trust to the domain of the View Connection Server
instance. In this case, the attribute is important to determine whether a remote user session
can be started without a secure channel.
In all cases, user credentials and authorization tickets are protected by a static key. A secure
channel provides further assurance of confidentiality by using dynamic keys.
If set to 0, a remote user session will not start if a secure channel cannot be established. This
setting is suitable if all the desktops are in trusted domains or all desktops have View Agent 5.1
or later installed.
If set to 1, a remote user session can be started even if a secure channel cannot be
established. This setting is suitable if some desktops have older View Agents installed and are
not in trusted domains.
The default setting is 1.
View Security
VMware, Inc. 12