6.0
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Index
Global Acceptance and Proposal Policies Defined in View LDAP
You can edit the View LDAP attributes that define global acceptance and proposal policies.
Global Acceptance Polices
The following attribute lists security protocols. You must order the list by placing the latest protocol first:
pae-ServerSSLSecureProtocols = "\LIST:TLSv1.1,TLSv1"
The following attribute lists the cipher suites. The order of the cipher suites is unimportant. This example
shows an abbreviated list:
pae-ServerSSLCipherSuites = "\LIST:TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_
WITH_AES_128_CBC_SHA"
Global Proposal Policies
The following attribute lists security protocols. You must order the list by placing the latest protocol first:
pae-ClientSSLSecureProtocols = "\LIST:TLSv1.1,TLSv1"
The following attribute lists the cipher suites. This list should be in order of preference. Place the most
preferred cipher suite first, the second-most preferred suite next, and so on. This example shows an
abbreviated list:
pae-ClientSSLCipherSuites = "\LIST:TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_
WITH_AES_128_CBC_SHA"
Change the Global Acceptance and Proposal Policies
To change the global acceptance and proposal policies for security protocols and cipher suites, you use the
ADSI Edit utility to edit View LDAP attributes.
Prerequisites
n
Familiarize yourself with the View LDAP attributes that define the acceptance and proposal policies.
See “Global Acceptance and Proposal Policies Defined in View LDAP,” on page 23.
n
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your
Windows Server operating system version.
Procedure
1 Start the ADSI Edit utility on your View Connection Server computer.
2 In the console tree, select Connect to.
3 In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name
DC=vdi, DC=vmware, DC=int.
4 In the Select or type a domain or server text box, select or type localhost:389 or the fully qualified
domain name (FQDN) of the View Connection Server computer followed by port 389.
For example: localhost:389 or mycomputer.mydomain.com:389
5 Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and select OU=Common in the
right pane.
6 On the object CN=Common, OU=Global, OU=Properties, select each attribute that you want to change
and type the new list of security protocols or cipher suites.
7 Restart the VMware Horizon View Connection Server service.
Chapter 1 View Security Reference
VMware, Inc. 23