7.0
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- HTTP Protection Measures on Connection Servers and Security Servers
- Index
Security-Related Settings in View LDAP
Security-related settings are provided in View LDAP under the object path
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility to change
the value of these settings on a View Connection Server instance. The change propagates automatically to all
other View Connection Server instances in a group.
Table 2‑3. Security-Related Settings in View LDAP
Name-value pair Description
cs-
allowunencryptedstartsession
The attribute is pae-NameValuePair.
This attribute controls whether a secure channel is required between a View
Connection Server instance and a desktop when a remote user session is being started.
When View Agent 5.1 or later, or Horizon Agent 7.0 or later, is installed on a desktop
computer, this attribute has no effect and a secure channel is always required. When a
View Agent older than View 5.1 is installed, a secure channel cannot be established if
the desktop computer is not a member of a domain with a two-way trust to the domain
of the View Connection Server instance. In this case, the attribute is important to
determine whether a remote user session can be started without a secure channel.
In all cases, user credentials and authorization tickets are protected by a static key. A
secure channel provides further assurance of confidentiality by using dynamic keys.
If set to 0, a remote user session will not start if a secure channel cannot be established.
This setting is suitable if all the desktops are in trusted domains or all desktops have
View Agent 5.1 or later installed.
If set to 1, a remote user session can be started even if a secure channel cannot be
established. This setting is suitable if some desktops have older View Agents installed
and are not in trusted domains.
The default setting is 1.
Chapter 2 View Security Settings
VMware, Inc. 15