6.2
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑1. View System Accounts (Continued)
View Component Required Accounts
View Composer Create a user account in Active Directory to use with View Composer. View Composer requires
this account to join linked-clone desktops to your Active Directory domain.
The user account should not be a View administrative account. Give the account the minimum
privileges that it requires to create and remove computer objects in a specified Active Directory
container. For example, the account does not require domain administrator privileges.
For information about the required privileges, see the View Installation document.
View Connection
Server
When you install View, you can specify a specific domain user, the local Administrators group,
or a specific domain user group as View administrators. We recommend creating a dedicated
domain user group of View administrators. The default is the currently logged in domain user.
In View Administrator, you can use View Configuration > Administrators to change the list of
View administrators.
See the View Administration document for information about the privileges that are required.
Table 1‑2. View Database Accounts
View Component Required Accounts
View Composer
database
An SQL Server or Oracle database stores View Composer data. You create an administrative
account for the database that you can associate with the View Composer user account.
For information about setting up a View Composer database, see the View Installation document.
Event database used
by View Connection
Server
An SQL Server or Oracle database stores View event data. You create an administrative account
for the database that View Administrator can use to access the event data.
For information about setting up a View Composer database, see the View Installation document.
To reduce the risk of security vulnerabilities, take the following actions:
n
Configure View databases on servers that are separate from other database servers that your
organization uses.
n
Do not allow a single user account to access multiple databases.
n
Configure separate accounts for access to the View Composer and event databases.
View Security Settings
View includes several settings that you can use to adjust the security of the configuration. You can access the
settings by using View Administrator, by editing group profiles, or by using the ADSI Edit utility, as
appropriate.
Security-Related Global Settings in View Administrator
Security-related global settings for client sessions and connections are accessible under View Configuration
> Global Settings in View Administrator.
View Security
8 VMware, Inc.