6.2
Table Of Contents
- VMware vRealize Operations for Horizon Security
- Contents
- VMware vRealize Operations for Horizon Security
- Managing RMI Communication in vRealize Operations for Horizon
- Changing the Default TLS Configuration in vRealize Operations for Horizon
- Managing Authentication in vRealize Operations for Horizon
- Index
Certificate Pairing
Before broker agents can communicate with the View adapter, the adapter certificate must be shared with
the agents, and the broker agent certificate must be shared with the adapter. The process of sharing these
certificates if referred to as certificate pairing.
The following actions occur during the certificate pairing process:
1 The broker agent's certificate is encrypted with the adapter's server key.
2 A connection is opened to the certificate management server and the encrypted certificate is passed to
the adapter instance. The adapter decrypts the broker agent's certificate by using the server key. If
decryption fails, an error is returned to the broker agent.
3 The broker agent's certificate is placed in the adapter's trust store.
4 The adapter's certificate is encrypted with the adapter's server key.
5 The encrypted certificate is returned to the broker agent. The broker agent decrypts the adapter's
certificate by using the server key. If decryption fails, an error is returned to the user.
6 The adapter's certificate is placed in the broker agent's trust store.
7 The adapter's certificate is sent to all remote desktops and RDS hosts in the Horizon pod by using the
Horizon configuration store.
8 When the agent on the remote desktop or RDS host reads the Horizon configuration, it places the
adapter's certificate in the agent's trust store.
After the certificates are successfully paired, they are cached in the trust stores for each individual
component. If a new remote desktop is provisioned, the adapter's certificate is sent to the desktop by using
the Horizon configuration store, and you do not need to pair the certificates again. However, if either the
adapter or broker agent certificate changes, you must pair the certificates again.
You use the vRealize Operations View Broker Agent Settings wizard to pair certificates. See
GUID-9CD18429-59EE-48DA-AAFE-C9357942E0ED#GUID-9CD18429-59EE-48DA-AAFE-C9357942E0ED.
You use the vRealize Operations View Broker Agent Settings wizard to pair certificates. For more
information, see the VMware vRealize Operations for Horizon Administration document.
Reissue Horizon Desktop Authentication Tokens
If you believe that the security of your Horizon environment might be compromised, you can issue a new
authentication token for each desktop virtual machine and RDS host in your Horizon environment.
Procedure
1 Log in to the Horizon Connection Server host where you installed the broker agent with a domain user
account.
Local accounts do not have the necessary privileges to configure broker agent settings.
2 From the Start menu, select VMware > vRealize Operations Horizon Broker Agent Settings.
3 In the Security section of the vRealize Operations Horizon Broker Agent Settings dialog box, click Re-
issue Desktop Tokens.
4 When the operation is finished, click Close.
5 Click Close again to exit the vRealize Operations Horizon Broker Agent Settings dialog box.
The configuration change might take several minutes to propagate to the Horizon adapter and all of the
desktop agents in your Horizon environment.
Chapter 4 Managing Authentication in vRealize Operations for Horizon
VMware, Inc. 21