Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Configure Acceptance Policies on Individual Servers
To specify a local acceptance policy on an individual Connection Server instance or security server, you
must add properties to the locked.properties file. If the locked.properties file does not yet exist on
the server, you must create it.
You add a secureProtocols.n entry for each security protocol that you want to configure. Use the
following syntax: secureProtocols.n=security protocol.
You add an enabledCipherSuite.n entry for each cipher suite that you want to configure. Use the
following syntax: enabledCipherSuite.n=cipher suite.
The variable n is an integer that you add sequentially (1, 2, 3) to each type of entry.
You add an honorClientOrder entry to control the precedence of cipher suites. Normally, the server's
ordering of cipher suites is unimportant and the client's ordering is used. To use the server's ordering of
cipher suites instead, use the following syntax:
honorClientOrder=false
Make sure that the entries in the locked.properties file have the correct syntax and the names of the
cipher suites and security protocols are spelled correctly. Any errors in the file can cause the negotiation
between the client and server to fail.
Procedure
1 Create or edit the locked.properties file in the SSL gateway configuration folder on the
Connection Server or security server computer.
For example: install_directory\VMware\VMware View\Server\sslgateway\conf\
2 Add secureProtocols.n and enabledCipherSuite.n entries, including the associated security
protocols and cipher suites.
3 Save the locked.properties file.
4 Restart the VMware Horizon View Connection Server service or VMware Horizon View Security
Server service to make your changes take effect.
Example: Default Acceptance Policies on an Individual Server
The following example shows the entries in the locked.properties file that are needed to specify the
default policies:
# The following list should be ordered with the latest protocol first:
secureProtocols.1=TLSv1.2
secureProtocols.2=TLSv1.1
# This setting must be the latest protocol given in the list above:
View Security
VMware, Inc. 23