6.2
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑11. TCP and UDP Ports Used by View (Continued)
Source Port Target Port
Protoc
ol Description
View
Connection
Server
* View desktop 32111 TCP USB redirection if tunnel connections via the View
Connection Server are used.
View
Connection
Server
* View
Connection
Server
8472 TCP For interpod communication in Cloud Pod
Architecture.
View
Connection
Server
* View
Connection
Server
22389 TCP For global LDAP replication in Cloud Pod
Architecture.
View
Connection
Server
* View
Connection
Server
22636 TCP For secure global LDAP replication in Cloud Pod
Architecture.
Access Point
appliance
* View
Connection
Server or load
balancer
443 TCP HTTPS access. Access Point appliances connect on
TCP port 443 to communicate with a View
Connection Server instance or load balancer in front
of multiple View Connection Server instances.
Access Point
appliance
* View desktop 3389 TCP Microsoft RDP traffic to View desktops.
Access Point
appliance
* View desktop 9427 TCP Windows Media MMR redirection and client drive
redirection.
Access Point
appliance
* View desktop
or application
4172 TCP
and
UDP
Access Point appliances connect to View desktops
and applications on TCP port 4172 and UDP port
4172 to exchange PCoIP traffic.
Access Point
appliance
* View desktop 32111 TCP USB redirection if direct connections are used
instead of tunnel connections.
Access Point
appliance
* View desktop 22443 TCP HTML Access.
View desktop * View
Connection
Server
instances
4002 TCP JMS SSL traffic.
View Composer
service
* ESXi host 902 TCP Used when View Composer customizes linked-
clone disks, including View Composer internal
disks and, if they are specified, persistent disks and
system disposable disks.
Notes and Caveats for TCP and UDP Ports Used by View
Connection attempts over HTTP are silently redirected to HTTPS, except for connection attempts to View
Administrator. HTTP redirection is not needed with more recent View clients because they default to
HTTPS, but it is useful when your users connect with a Web browser, for example to download View Client.
The problem with HTTP redirection is that it is a non-secure protocol. If a user does not form the habit of
entering https:// in the address bar, an attacker can compromise the Web browser, install malware, or steal
credentials, even when the expected page is correctly displayed.
NOTE HTTP redirection for external connections can take place only if you configure your external firewall
to allow inbound traffic to TCP port 80.
Connection attempts over HTTP to View Administrator are not redirected. Instead, an error message is
returned indicating that you must use HTTPS.
Chapter 1 View Security Reference
VMware, Inc. 21