5.2
Table Of Contents
- VMware Horizon View Security
- Contents
- VMware Horizon View Security
- VMware Horizon View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Services on a View Transfer Server Host
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
Table 1-4. Security-Related Server Settings (Continued)
Setting Description
Use SSL for Local Mode operations Determines whether communications and data transfers
between client computers and the datacenter use SSL
encryption. These operations include checking in and
checking out desktops and replicating data from client
computers to the datacenter, but do not include transfers of
View Composer base images. These operations involve
connections between client computers and View Transfer
Server.
This setting is enabled by default.
Use SSL when provisioning desktops in Local Mode Determines whether transfers of View Composer base-image
files from the Transfer Server repository to client computers
use SSL encryption. These operations involve connections
between client computers and View Transfer Server.
This setting is enabled by default.
For more information about these settings and their security implications, see the VMware Horizon View
Administration document.
Security-Related Settings in the View Agent Configuration Template
Security-related settings are provided in the ADM template file for View Agent (vdm_agent.adm). Unless noted
otherwise, the settings include only a Computer Configuration setting.
Security Settings are stored in the registry on the guest machine under HKLM\Software\Policies\VMware,
Inc.\VMware VDM\Agent\Configuration.
Table 1-5. Security-Related Settings in the View Agent Configuration Template
Setting
Registry Value
Name Description
AllowDirectRDP AllowDirectRDP
Determines whether non-View clients can connect directly
to View desktops with RDP. When this setting is disabled,
View Agent permits only View-managed connections
through View Client.
By default, while a user is logged in to a View desktop
session, you can use RDP to connect to the desktop virtual
machine from outside of View. The RDP connection
terminates the View desktop session, and the View user's
unsaved data and settings might be lost. The View user
cannot log in to the desktop until the external RDP
connection is closed. To avoid this situation, disable the
AllowDirectRDP setting.
IMPORTANT For View to operate correctly, the Windows
Terminal Services service must be running on the guest
operating system of each desktop. You can use this setting
to prevent users from making direct RDP connections to
their desktops.
This setting is enabled by default.
AllowSingleSignon AllowSingleSigno
n
Determines whether single sign-on (SSO) is used to
connect users to View desktops. When this setting is
enabled, users are required to enter only their credentials
when connecting with View Client. When it is disabled,
users must reauthenticate when the remote connection is
made.
This setting is enabled by default.
Chapter 1 VMware Horizon View Security Reference
VMware, Inc. 11