5.2
Table Of Contents
- VMware Horizon View Security
- Contents
- VMware Horizon View Security
- VMware Horizon View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Services on a View Transfer Server Host
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
Table 1-6. Security Settings in the View Client Configuration Template (Continued)
Setting Registry Value Name Description
Certificate verification mode CertCheckMode
Configures the level of certificate checking that is
performed by View Client. You can select one of these
modes:
n
No Security. View does not perform certificate
checking.
n
Warn But Allow. When the following server
certificate issues occur, a warning is displayed, but
the user can continue to connect to View Connection
Server:
n
A self-signed certificate is provided by View. In
this case, it is acceptable if the certificate name
does not match the View Connection Server
name provided by the user in View Client.
n
A verifiable certificate that was configured in
your deployment has expired or is not yet valid.
If any other certificate error condition occurs, View
displays an error dialog and prevents the user from
connecting to View Connection Server.
Warn But Allow is the default value.
n
Full Security. If any type of certificate error
occurs, the user cannot connect to View Connection
Server. View displays certificate errors to the user.
When this group policy setting is configured, users can
view the selected certificate verification mode in View
Client but cannot configure the setting. The SSL
configuration dialog box informs users that the
administrator has locked the setting.
When this setting is not configured or disabled, View
Client users can configure SSL and select a certificate
verification mode.
To allow a View server to perform checking of certificates
provided by a View Client, the View Client must make
HTTPS connections to the View Connection Server or
security server host. Certificate checking is not
supported if you off-load SSL to an intermediate device
that makes HTTP connections to the View Connection
Server or security server host.
For Windows clients, if you do not want to configure this
setting as a group policy, you can also enable certificate
verification by adding the CertCheckMode value name
to the following registry key on the client computer:
HKEY_LOCAL_MACHINE\Software\VMware,
Inc.\VMware VDM\Client\Security
Use the following values in the registry key:
n
0 implements No Security.
n
1 implements Warn But Allow.
n
2 implements Full Security.
If you configure both the group policy setting and the
CertCheckMode setting in the registry key, the group
policy setting takes precedence over the registry key
value.
Chapter 1 VMware Horizon View Security Reference
VMware, Inc. 13