6.2
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑4. Security-Related Server Settings
Setting Description
Use PCoIP Secure Gateway
for PCoIP connections to
machine
Determines whether Horizon Client makes a further secure connection to the View
Connection Server or security server host when users connect to View desktops and
applications with the PCoIP display protocol.
If this setting is disabled, the desktop or application session is established directly
between the client and the View desktop or the Remote Desktop Services (RDS) host,
bypassing the View Connection Server or security server host.
This setting is disabled by default.
Use Secure Tunnel
connection to machine
Determines whether Horizon Client makes a further HTTPS connection to the View
Connection Server or security server host when users connect to a View desktop or an
application.
If this setting is disabled, the desktop or application session is established directly
between the client and the View desktop or the Remote Desktop Services (RDS) host,
bypassing the View Connection Server or security server host.
This setting is enabled by default.
Use Blast Secure Gateway
for HTML Access to
machine
Determines whether clients that use a Web browser to access desktops use Blast Secure
Gateway to establish a secure tunnel to View Connection Server.
If not enabled, Web browsers make direct connections to View desktops, bypassing View
Connection Server.
This setting is disabled by default.
For more information about these settings and their security implications, see the View Administration
document.
Security-Related Settings in the View Agent Configuration Template
Security-related settings are provided in the ADM template file for View Agent (vdm_agent.adm). Unless
noted otherwise, the settings include only a Computer Configuration setting.
Security Settings are stored in the registry on the guest machine under HKLM\Software\VMware, Inc.\VMware
VDM\Agent\Configuration.
Table 1‑5. Security-Related Settings in the View Agent Configuration Template
Setting Description
AllowDirectRDP
Determines whether non-Horizon Clients can connect directly to View desktops
with RDP. When this setting is disabled, View Agent permits only View-managed
connections through Horizon Client.
By default, while a user is logged in to a View desktop session, you can use RDP
to connect to the virtual machine from outside of View. The RDP connection
terminates the View desktop session, and the View user's unsaved data and
settings might be lost. The View user cannot log in to the desktop until the
external RDP connection is closed. To avoid this situation, disable the
AllowDirectRDP setting.
IMPORTANT For View to operate correctly, the Windows Remote Desktop Services
service must be running on the guest operating system of each desktop. You can
use this setting to prevent users from making direct RDP connections to their
desktops.
This setting is enabled by default.
The equivalent Windows Registry value is AllowDirectRDP.
AllowSingleSignon
Determines whether single sign-on (SSO) is used to connect users to desktops and
applications. When this setting is enabled, users are required to enter only their
credentials when connecting with Horizon Client. When it is disabled, users must
reauthenticate when the remote connection is made.
This setting is enabled by default.
The equivalent Windows Registry value is AllowSingleSignon.
Chapter 1 View Security Reference
VMware, Inc. 11