6.3
Table Of Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Contents
- VMware vRealize Operations for Published Applications Installation and Administration
- Introducing vRealize Operations for Published Applications
- System Requirements for vRealize Operations for Published Applications
- Installing and Configuring vRealize Operations for Published Applications
- Install and Configure vRealize Operations for Published Applications
- Downloading the vRealize Operations for Published Applications Installation Files
- Install the vRealize Operations for Published Applications Solution
- Open the Ports Used by vRealize Operations for Published Applications
- Adding a vRealize Operations for Published Applications License Key
- Associate XD-XA Objects with Your vRealize Operations for Published Applications License Key
- Create an Instance of the vRealize Operations for Published Applications 6.3 Adapter
- Enabling Firewall Rules for XenDesktop Delivery Controllers and PVS Server
- Install the vRealize Operations for Published Applications Broker Agent
- Configure the vRealize Operations for Published Applications Broker Agent
- Configure Broker Agent to use Non-Admin User for Citrix Desktop Delivery Controller
- Install a vRealize Operations for Published Applications Desktop Agent
- Push the vRealize Operations for Published Applications Desktop Agent Pair Token Using a Group Policy
- Install and Configure vRealize Operations for Published Applications
- Enable PowerShell Remoting on the Server
- Enable HTTP Protocol for PowerShell Remoting
- Enable HTTPS Protocol for PowerShell Remoting
- Configure Firewall
- Update the etc/host file for DNS Resolution
- Install the Certificate on the Client
- Test Connection from Client Machine
- Flow of Commands for SSL cert Using makecert
- Monitoring Your Citrix XenDesktop and Citrix XenApp Environments
- Managing RMI Communication in vRealize Operations for Published Applications
- Changing the Default TLS Configuration in vRealize Operations for Published Applications
- Managing Authentication in vRealize Operations for Published Applications
- Certificate and Trust Store Files
- Replacing the Default Certificates
- Certificate Pairing
- SSL/TLS and Authentication-Related Log Messages
- Upgrade vRealize Operations for Published Applications
- Create a vRealize Operations Manager Support Bundle
- Download vRealize Operations for Published Applications Broker Agent Log Files
- Download vRealize Operations for Published Applications Desktop Agent Log Files
- View Collector and vRealize Operations for Published Applications Adapter Log Files
- Modify the Logging Level for vRealize Operations for Published Applications Adapter Log Files
- Index
Changing the Default TLS
Configuration in
vRealize Operations for Published
Applications 15
The vRealize Operations for Published Applications broker message server uses an TLS channel to
communicate with the broker agents. The vRealize Operations for Published Applications desktop message
server uses an TLS channel to communicate with the desktop agents. You can change the default TLS
configuration for servers and agents by modifying TLS configuration properties.
This chapter includes the following topics:
n
“Default TLS Protocols and Ciphers for vRealize Operations for Published Applications,” on page 61
n
“TLS Configuration Properties,” on page 62
n
“Change the Default TLS Configuration for Servers,” on page 62
n
“Change the Default TLS for Agents,” on page 62
Default TLS Protocols and Ciphers for
vRealize Operations for Published Applications
When an RMI connection is established between an agent and a server, the agent and server negotiate the
protocol and cipher to use
Each agent and server has a list of protocols and ciphers that it supports. The strongest protocol and cipher
that is common to both the agent list and server list is selected for the TLS channel.
By default, RMI agents and servers are configured to accept only TLSv1.2 connections with the following
ciphers.
n
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
n
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
n
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
VMware, Inc.
61