Security
Table Of Contents
- View Security
- Contents
- View Security
- Horizon 7 Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure Horizon 7 Environment
- HTTP Protection Measures on Connection Servers and Security Servers
Global Proposal Policies
The following attribute lists security protocols. You must order the list by placing the latest protocol first:
pae-ClientSSLSecureProtocols = \LIST:TLSv1.2,TLSv1.1,TLSv1
The following attribute lists the cipher suites. This list should be in order of preference. Place the most
preferred cipher suite first, the second-most preferred suite next, and so on. This example shows an
abbreviated list:
pae-ClientSSLCipherSuites = \LIST:TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
Change the Global Acceptance and Proposal Policies
To change the global acceptance and proposal policies for security protocols and cipher suites, you use
the ADSI Edit utility to edit View LDAP attributes.
Prerequisites
n
Familiarize yourself with the View LDAP attributes that define the acceptance and proposal policies.
See Global Acceptance and Proposal Policies Defined in View LDAP.
n
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your
Windows Server operating system version.
Procedure
1 Start the ADSI Edit utility on your View Connection Server computer.
2 In the console tree, select Connect to.
3 In the Select or type a Distinguished Name or Naming Context text box, type the distinguished
name DC=vdi, DC=vmware, DC=int.
4 In the Select or type a domain or server text box, select or type localhost:389 or the fully
qualified domain name (FQDN) of the View Connection Server computer followed by port 389.
For example: localhost:389 or mycomputer.mydomain.com:389
5 Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and select OU=Common in
the right pane.
6 On the object CN=Common, OU=Global, OU=Properties, select each attribute that you want to
change and type the new list of security protocols or cipher suites.
7 Restart the Windows service VMware Horizon View Security Gateway Component on each
Connection Server instance and security server if you modified pae-ServerSSLSecureProtocols.
You do not need to restart any service after modifying pae-ClientSSLSecureProtocols.
View Security
VMware, Inc. 22