Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Table 2‑1. Security-Related Global Settings (Continued)
Setting Description
Reauthenticate secure
tunnel connections after
network interruption
Determines if user credentials must be reauthenticated after a network interruption when
Horizon Clients use secure tunnel connections to View desktops and applications.
This setting offers increased security. For example, if a laptop is stolen and moved to a different
network, the user cannot automatically gain access to the View desktops and applications because
the network connection was temporarily interrupted.
This setting is disabled by default.
Forcibly disconnect users Disconnects all desktops and applications after the specified number of minutes has passed since
the user logged in to View. All desktops and applications will be disconnected at the same time
regardless of when the user opened them.
The default is 600 minutes.
For clients that support
applications.
If the user stops using the
keyboard and mouse,
disconnect their
applications and discard
SSO credentials
Protects application sessions when there is no keyboard or mouse activity on the client device. If
set to After ... minutes, View disconnects all applications and discards SSO credentials after the
specified number of minutes without user activity. Desktop sessions are disconnected. Users must
log in again to reconnect to the applications that were disconnected or launch a new desktop or
application.
If set to Never, View never disconnects applications or discards SSO credentials due to user
inactivity.
The default is Never.
Other clients.
Discard SSO credentials
Discards the SSO credentials after a certain time period. This setting is for clients that do not
support application remoting. If set to After ... minutes, users must log in again to connect to a
desktop after the specified number of minutes has passed since the user logged in to View,
regardless of any user activity on the client device.
The default is After 15 minutes.
Enable IPSec for Security
Server pairing
Determines whether to use Internet Protocol Security (IPSec) for connections between security
servers and View Connection Server instances. This setting must be disabled before installing a
security server in FIPS mode; otherwise pairing will fail.
By default, IPSec for security server connections is enabled.
View Administrator session
timeout
Determines how long an idle View Administrator session continues before the session times out.
Important Setting the View Administrator session timeout to a high number of minutes increases
the risk of unauthorized use of View Administrator. Use caution when you allow an idle session to
persist a long time.
By default, the View Administrator session timeout is 30 minutes. You can set a session timeout
from 1 to 4320 minutes.
For more information about these settings and their security implications, see the View Administration
document.
Note SSL is required for all Horizon Client connections and View Administrator connections to View. If
your View deployment uses load balancers or other client-facing, intermediate servers, you can off-load
SSL to them and then configure non-SSL connections on individual View Connection Server instances
and security servers. See "Off-load SSL Connections to Intermediate Servers" in the View Administration
document.
View Security
VMware, Inc. 10