5.2
Table Of Contents
- VMware Horizon View Security
- Contents
- VMware Horizon View Security
- VMware Horizon View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Services on a View Transfer Server Host
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
Table 1-8. Security-Related Settings in View LDAP
Name-value pair Attribute Description
cs-
allowunencryptedstartsessi
on
pae-NameValuePair
This attribute controls whether a secure channel is required
between a View Connection Server instance and a desktop
when a remote user session is being started.
When View Agent 5.1 or later is installed on a desktop
computer, this attribute has no effect and a secure channel is
always required. When a View Agent older than View 5.1 is
installed, a secure channel cannot be established if the desktop
computer is not a member of a domain with a two-way trust to
the domain of the View Connection Server instance. In this
case, the attribute is important to determine whether a remote
user session can be started without a secure channel.
In all cases, user credentials and authorization tickets are
protected by a static key. A secure channel provides further
assurance of confidentiality by using dynamic keys.
If set to 0, a remote user session will not start if a secure channel
cannot be established. This setting is suitable if all the desktops
are in trusted domains or all desktops have View Agent 5.1 or
later installed.
If set to 1, a remote user session can be started even if a secure
channel cannot be established. This setting is suitable if some
desktops have older View Agents installed and are not in
trusted domains.
The default setting is 1.
pae-OVDIKeyCipher
Specifies the encryption key cipher that View Connection
Server uses to encrypt the virtual disk (.vmdk) file when users
check in and check out a local desktop.
You can set the encryption key cipher value to AES-128,
AES-192 orAES-256.
The default value is AES-128.
pae-
SSOCredentialCacheTi
meout
Sets the single sign-on (SSO) timeout limit in minutes after
which a user's SSO credentials are no longer valid.
The default value is 15.
A value of -1 means that no SSO timeout limit is set.
A value of 0 disables SSO.
View Resources
VMware Horizon View includes several configuration files and similar resources that must be protected.
Table 1-9. View Connection Server and Security Server Resources
Resource Location Protection
LDAP settings Not applicable. LDAP data is protected
automatically as part of role-
based access control.
LDAP backup files
<Drive Letter>
:\Programdata\VMWare\VDM\backups
(Windows Server 2008)
Protected by access control.
locked.properties
(Certificate properties
file)
install_directory
\VMware\VMware
View\Server\sslgateway\conf
Can be protected by access
control. Ensure that this file is
secured against access by any
user other than View
administrators.
Chapter 1 VMware Horizon View Security Reference
VMware, Inc. 17