Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Security-Related Global Settings in View Administrator
Security-related global settings for client sessions and connections are accessible under View
Configuration > Global Settings in View Administrator.
Table 2‑1. Security-Related Global Settings
Setting Description
Change data recovery
password
The password is required when you restore the View LDAP configuration from an encrypted
backup.
When you install View Connection Server version 5.1 or later, you provide a data recovery
password. After installation, you can change this password in View Administrator.
When you back up View Connection Server, the View LDAP configuration is exported as encrypted
LDIF data. To restore the encrypted backup with the vdmimport utility, you must provide the data
recovery password. The password must contain between 1 and 128 characters. Follow your
organization's best practices for generating secure passwords.
Message security mode Determines the security mechanism used when JMS messages are passed between View
components.
n
If set to Disabled, message security mode is disabled.
n
If set to Enabled, legacy message signing and verification of JMS messages takes place. View
components reject unsigned messages. This mode supports a mix of SSL and plain JMS
connections.
n
If set to Enhanced, SSL is used for all JMS connections, to encrypt all messages. Access
control is also enabled to restrict the JMS topics that View components can send messages to
and receive messages from.
n
If set to Mixed, message security mode is enabled, but not enforced for View components that
predate View Manager 3.0.
The default setting is Enhanced for new installations. If you upgrade from a previous version, the
setting used in the previous version is retained.
Important VMware strongly recommends setting the message security mode to Enhanced after
you upgrade all View Connection Server instances, security servers, and View desktops to this
release. The Enhanced setting provides many important security improvements and MQ (message
queue) updates.
Enhanced Security Status
(Read-only)
Read-only field that appears when Message security mode is changed from Enabled to
Enhanced. Because the change is made in phases, this field shows the progress through the
phases:
n
Waiting for Message Bus restart is the first phase. This state is displayed until you manually
restart either all Connection Server instances in the pod or the VMware Horizon View Message
Bus Component service on all Connection Server hosts in the pod.
n
Pending Enhanced is the next state. After all View Message Bus Component services have
been restarted, the system begins changing the message security mode to Enhanced for all
desktops and security servers.
n
Enhanced is the final state, indicating that all components are now using Enhanced message
security mode.
View Security
VMware, Inc. 9