5.2
Table Of Contents
- VMware Horizon View Security
- Contents
- VMware Horizon View Security
- VMware Horizon View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Services on a View Transfer Server Host
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
The following attribute lists the cipher suites. This list should be in order of preference. Place the most preferred
cipher suite first, the second-most preferred suite next, and so on. This example shows an abbreviated list:
pae-ClientSSLCipherSuites = "\LIST:TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_
WITH_AES_128_CBC_SHA"
Change the Global Acceptance and Proposal Policies
To change the global acceptance and proposal policies for security protocols and cipher suites, you use the
ADSI Edit utility to edit View LDAP attributes.
Prerequisites
n
Familiarize yourself with the View LDAP attributes that define the acceptance and proposal policies. See
“Global Acceptance and Proposal Policies Defined in View LDAP,” on page 27.
n
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows
Server operating system version.
Procedure
1 Start the ADSI Edit utility on your View Connection Server computer.
2 In the console tree, select Connect to.
3 In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name
DC=vdi, DC=vmware, DC=int.
4 In the Select or type a domain or server text box, select or type localhost:389 or the fully qualified domain
name (FQDN) of the View Connection Server computer followed by port 389.
For example: localhost:389 or mycomputer.mydomain.com:389
5 Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and select OU=Common in the
right pane.
6 On the object CN=Common, OU=Global, OU=Properties, select each attribute that you want to change
and type the new list of security protocols or cipher suites.
7 Restart the VMware View Connection Server service.
Configure Acceptance Policies on Individual View Servers
To specify a local acceptance policy on an individual View Connection Server instance or security server, you
must add properties to the locked.properties file. If the locked.properties file does not yet exist on the View
server, you must create it.
You add a secureProtocols.
n
entry for each security protocol that you want to configure. Use the following
syntax: secureProtocols.
n
=
security protocol
.
You add an enabledCipherSuite.
n
entry for each cipher suite that you want to configure. Use the following
syntax: enabledCipherSuite.
n
=
cipher suite
.
The variable
n
is an integer that you add sequentially (1, 2, 3) to each type of entry.
Make sure that the entries in the locked.properties file have the correct syntax and the names of the cipher
suites and security protocols are spelled correctly. Any errors in the file can cause the negotiation between the
client and server to fail.
Procedure
1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection
Server or security server computer.
For example:
install_directory\VMware\VMware View\Server\sslgateway\conf\
VMware Horizon View Security
28 VMware, Inc.