Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Older Protocols and Ciphers Disabled in View
Some older protocols and ciphers that are no longer considered secure are disabled in View by default. If
required, you can enable them manually.
DHE Cipher Suites
For more information, see http://kb.vmware.com/kb/2121183. Cipher suites that are compatible with DSA
certificates use Diffie-Hellman ephemeral keys, and these suites are no longer enabled by default,
starting with Horizon 6 version 6.2.
For Connection Server instances, security servers, and View desktops, you can enable these cipher
suites by editing the View LDAP database, locked.properties file, or registry, as described in this
guide. See Change the Global Acceptance and Proposal Policies, Configure Acceptance Policies on
Individual Servers, and Configure Proposal Policies on Remote Desktops. You can define a list of cipher
suites that includes one or more of the following suites, in this order:
n
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (TLS 1.2 only, not FIPS)
n
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (TLS 1.2 only, not FIPS)
n
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (TLS 1.2 only)
n
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
n
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (TLS 1.2 only)
n
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
For View Composer and View Agent Direct-Connection (VADC) machines, you can enable DHE cipher
suites by adding the following to the list of ciphers when you follow the procedure "Disable Weak Ciphers
in SSL/TLS for View Composer and Horizon Agent Machines" in the View Installation document.
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
Note It is not possible to enable support for ECDSA certificates. These certificates have never been
supported.
SSLv3
In Horizon 7, SSL version 3.0 has been removed.
For more information, see http://tools.ietf.org/html/rfc7568.
RC4
For more information, see http://tools.ietf.org/html/rfc7465.
View Security
VMware, Inc. 25