7.0
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- HTTP Protection Measures on Connection Servers and Security Servers
- Index
HTTP Redirection in View
Connection attempts over HTTP are silently redirected to HTTPS, except for connection attempts to View
Administrator. HTTP redirection is not needed with more recent Horizon clients because they default to
HTTPS, but it is useful when your users connect with a Web browser, for example to download Horizon
Client.
The problem with HTTP redirection is that it is a non-secure protocol. If a user does not form the habit of
entering https:// in the address bar, an attacker can compromise the Web browser, install malware, or steal
credentials, even when the expected page is correctly displayed.
NOTE HTTP redirection for external connections can take place only if you configure your external firewall
to allow inbound traffic to TCP port 80.
Connection attempts over HTTP to View Administrator are not redirected. Instead, an error message is
returned indicating that you must use HTTPS.
To prevent redirection for all HTTP connection attempts, see "Prevent HTTP Redirection for Client
Connections to Connection Server" in the View Installation document.
Connections to port 80 of a View Connection Server instance or security server can also take place if you off-
load SSL client connections to an intermediate device. See "Off-load SSL Connections to Intermediate
Servers" in the View Administration document.
To allow HTTP redirection when the SSL port number was changed, see "Change the Port Number for
HTTP Redirection to Connection Server" in the View Installation document.
Services on a View Connection Server Host
The operation of View depends on several services that run on a View Connection Server host.
Table 3‑2. View Connection Server Host Services
Service Name
Startup
Type Description
VMware Horizon
View Blast Secure
Gateway
Automatic Provides secure HTML Access and Blast Extreme services. This service must be
running if clients connect to View Connection Server through the Blast Secure
Gateway.
VMware Horizon
View Connection
Server
Automatic Provides connection broker services. This service must always be running. If you
start or stop this service, it also starts or stops the Framework, Message Bus,
Security Gateway, and Web services. This service does not start or stop the
VMwareVDMDS service or the VMware Horizon View Script Host service.
VMware Horizon
View Framework
Component
Manual Provides event logging, security, and COM+ framework services. This service must
always be running.
VMware Horizon
View Message Bus
Component
Manual Provides messaging services between the View components. This service must
always be running.
VMware Horizon
View PCoIP Secure
Gateway
Manual Provides PCoIP Secure Gateway services. This service must be running if clients
connect to View Connection Server through the PCoIP Secure Gateway.
VMware Horizon
View Script Host
Disabled Provides support for third-party scripts that run when you delete virtual machines.
This service is disabled by default. You should enable this service if you want to
run scripts.
VMware Horizon
View Security
Gateway
Component
Manual Provides common gateway services. This service must always be running.
Chapter 3 Ports and Services
VMware, Inc. 21