5.2
Table Of Contents
- VMware Horizon View Security
- Contents
- VMware Horizon View Security
- VMware Horizon View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Services on a View Transfer Server Host
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
View Accounts
You must set up system and database accounts to administer View components.
Table 1-1. View System Accounts
View Component Required Accounts
View Client Configure user accounts in Active Directory for the users who have access to View
desktops. The user accounts must be members of the Remote Desktop Users group,
but the accounts do not require View administrator privileges.
View Client with Local Mode Configure user accounts in Active Directory for the users who have access to View
desktops in local mode. The user accounts do not require View administrator
privileges.
As a standard best practice for desktops, make sure that a unique password is created
for the local Administrator account on each View desktop that you plan to use in local
mode.
vCenter Server Configure a user account in Active Directory with permission to perform the
operations in vCenter Server that are necessary to support View Manager.
For information about the required privileges, see the VMware Horizon View
Installation document.
View Composer Create a user account in Active Directory to use with View Composer. View Composer
requires this account to join linked-clone desktops to your Active Directory domain.
The user account should not be a View administrative account. Give the account the
minimum privileges that it requires to create and remove computer objects in a
specified Active Directory container. For example, the account does not require
domain administrator privileges.
For information about the required privileges, see the VMware Horizon View
Installation document.
View Connection Server, Security
Server, or View Transfer Server
When you install View, you can choose which members of the local Administrators
group (BUILTIN\Administrators) are allowed to log in to View Administrator.
In View Administrator, you can use View Configuration > Administrators to change
the list of View administrators.
See the VMware Horizon View Administration document for information about the
privileges that are required.
Table 1-2. View Database Accounts
View Component Required Accounts
View Composer database An SQL Server or Oracle database stores View Composer data. You create an
administrative account for the database that you can associate with the View
Composer user account.
For information about setting up a View Composer database, see the VMware Horizon
View Installation document.
Event database used by View
Connection Server
An SQL Server or Oracle database stores View event data. You create an
administrative account for the database that View Administrator can use to access the
event data.
For information about setting up a View Composer database, see the VMware Horizon
View Installation document.
To reduce the risk of security vulnerabilities, take the following actions:
n
Configure View databases on servers that are separate from other database servers that your organization
uses.
n
Do not allow a single user account to access multiple databases.
n
Configure separate accounts for access to the View Composer and event databases.
VMware Horizon View Security
8 VMware, Inc.