6.0
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
Security-Related Settings in View LDAP
Security-related settings are provided in View LDAP under the object path
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility to change
the value of these settings on a View Connection Server instance. The change propagates automatically to all
other View Connection Server instances in a group.
Table 1‑8. Security-Related Settings in View LDAP
Name-value
pair Attribute Description
cs-
allowunencryp
tedstartsession
pae-
NameValuePa
ir
This attribute controls whether a secure channel is required between a View
Connection Server instance and a desktop when a remote user session is being
started.
When View Agent 5.1 or later is installed on a desktop computer, this attribute has no
effect and a secure channel is always required. When a View Agent older than View
5.1 is installed, a secure channel cannot be established if the desktop computer is not
a member of a domain with a two-way trust to the domain of the View Connection
Server instance. In this case, the attribute is important to determine whether a remote
user session can be started without a secure channel.
In all cases, user credentials and authorization tickets are protected by a static key. A
secure channel provides further assurance of confidentiality by using dynamic keys.
If set to 0, a remote user session will not start if a secure channel cannot be
established. This setting is suitable if all the desktops are in trusted domains or all
desktops have View Agent 5.1 or later installed.
If set to 1, a remote user session can be started even if a secure channel cannot be
established. This setting is suitable if some desktops have older View Agents
installed and are not in trusted domains.
The default setting is 1.
View Resources
View includes several configuration files and similar resources that must be protected.
Table 1‑9. View Connection Server and Security Server Resources
Resource Location Protection
LDAP settings Not applicable. LDAP data is protected automatically
as part of role-based access control.
LDAP backup files
<Drive
Letter>:\Programdata\VMWare\VDM\backups
(Windows Server 2008)
Protected by access control.
locked.properties
(Certificate
properties file)
install_directory\VMware\VMware
View\Server\sslgateway\conf
Can be protected by access control.
Ensure that this file is secured against
access by any user other than View
administrators.
Log files See “View Log Files,” on page 17 Protected by access control.
web.xml
(Tomcat
configuration file)
install_directory\VMware
View\Server\broker\web apps\ROOT\Web INF
Protected by access control.
View Security
16 VMware, Inc.