View Security VMware Horizon 6 Version 6.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
View Security You can find the most up-to-date technical documentation on the VMware Web site at: http://www.vmware.com/support/ The VMware Web site also provides the latest product updates. If you have comments about this documentation, submit your feedback to: docfeedback@vmware.com Copyright © 2015 VMware, Inc. All rights reserved. Copyright and trademark information. VMware, Inc. 3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com 2 VMware, Inc.
Contents View Security 5 1 View Security Reference 7 View Accounts 7 View Security Settings 8 View Resources 17 View Log Files 17 View TCP and UDP Ports 18 Services on a View Connection Server Host 21 Services on a Security Server 21 Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server 22 Deploying USB Devices in a Secure View Environment 26 Index VMware, Inc.
View Security 4 VMware, Inc.
View Security View Security provides a concise reference to the security features of VMware Horizon 6™. n Required system and database login accounts. n Configuration options and settings that have security implications. n Resources that must be protected, such as security-relevant configuration files and passwords, and the recommended access controls for secure operation. n Location of log files and their purpose.
View Security 6 VMware, Inc.
View Security Reference 1 When you are configuring a secure View environment, you can change settings and make adjustments in several areas to protect your systems.
View Security Table 1‑1. View System Accounts (Continued) View Component Required Accounts View Composer Create a user account in Active Directory to use with View Composer. View Composer requires this account to join linked-clone desktops to your Active Directory domain. The user account should not be a View administrative account. Give the account the minimum privileges that it requires to create and remove computer objects in a specified Active Directory container.
Chapter 1 View Security Reference Table 1‑3. Security-Related Global Settings Setting Description Change data recovery password The password is required when you restore the View LDAP configuration from an encrypted backup. When you install View Connection Server version 5.1 or later, you provide a data recovery password. After installation, you can change this password in View Administrator. When you back up View Connection Server, the View LDAP configuration is exported as encrypted LDIF data.
View Security Table 1‑3. Security-Related Global Settings (Continued) Setting Description Other clients. Discard SSO credentials Discards the SSO credentials after a certain time period. This setting is for clients that do not support application remoting. If set to After ... minutes, users must log in again to connect to a desktop after the specified number of minutes has passed since the user logged in to View, regardless of any user activity on the client device. The default is After 15 minutes.
Chapter 1 View Security Reference Security-Related Settings in the View Agent Configuration Template Security-related settings are provided in the ADM template file for View Agent (vdm_agent.adm). Unless noted otherwise, the settings include only a Computer Configuration setting. Security Settings are stored in the registry on the guest machine under HKLM\Software\VMware, Inc.\VMware VDM\Agent\Configuration. Table 1‑5.
View Security Security Settings in the Horizon Client Configuration Template Security-related settings are provided in the ADM template file for Horizon Client (vdm_client.adm). Except where noted, the settings include only a Computer Configuration setting. If a User Configuration setting is available and you define a value for it, it overrides the equivalent Computer Configuration setting.
Chapter 1 View Security Reference Table 1‑6. Horizon Client Configuration Template: Security Settings (Continued) Setting Description Certificate verification mode (Computer Configuration setting) Configures the level of certificate checking that is performed by Horizon Client. You can select one of these modes: n No Security. View does not perform certificate checking. n Warn But Allow.
View Security Table 1‑6. Horizon Client Configuration Template: Security Settings (Continued) Setting Description Display option to Log in as current user (Computer and User Configuration setting) Determines whether the Log in as current user check box is visible on the Horizon Client connection dialog box. When the check box is visible, users can select or deselect it and override its default value.
Chapter 1 View Security Reference Table 1‑6. Horizon Client Configuration Template: Security Settings (Continued) Setting Description Ignore certificate revocation problems (Computer Configuration setting) (View 4.6 and earlier releases only) Determines whether errors that are associated with a revoked server certificate are ignored. These errors occur when the server sends a certificate that has been revoked and when the client cannot verify a certificate's revocation status.
View Security Table 1‑7. Security-Related Settings in the Scripting Definitions Section Setting Description Connect all USB devices to the desktop on launch Determines whether all of the available USB devices on the client system are connected to the desktop when the desktop is launched. This setting is disabled by default. The equivalent Windows Registry value is connectUSBOnStartup.
Chapter 1 View Security Reference View Resources View includes several configuration files and similar resources that must be protected. Table 1‑9. View Connection Server and Security Server Resources Resource Location Protection LDAP settings Not applicable. LDAP data is protected automatically as part of role-based access control. LDAP backup files :\Programdata\VMWare\VDM\backups (Windows Server 2008) Protected by access control. locked.
View Security Table 1‑10. View Log Files (Continued) View Component File Path and Other Information View Connection Server or Security Server :\ProgramData\VMware\VDM\logs. The log directory is configurable in the log configuration settings of the View Common Configuration ADM template file (vdm_common.adm). PCoIP Secure Gateway logs are written to files named SecurityGateway_*.log in the PCoIP Secure Gateway subdirectory of the log directory on a security server.
Chapter 1 View Security Reference Table 1‑11. TCP and UDP Ports Used by View (Continued) Source Port Target Port Protocol Description Horizon Client * View security server 443 TCP HTTPS access. Port 443 is enabled by default for client connections. Port 443 can be changed. Connection attempts over HTTP to port 80 are redirected to port 443 by default, but port 80 can service client connections if SSL is off-loaded to an intermediate device.
View Security Table 1‑11. TCP and UDP Ports Used by View (Continued) Source Port Target Port Protocol Description View Connection Server * View desktop 3389 TCP Microsoft RDP traffic to View desktops if tunnel connections via the View Connection Server are used. View Connection Server * View desktop 4172 TCP PCoIP (HTTPS) if PCoIP Secure Gateway via the View Connection Server is used.
Chapter 1 View Security Reference Services on a View Connection Server Host The operation of View depends on several services that run on a View Connection Server host. Table 1‑12. View Connection Server Host Services Service Name Startup Type Description VMware Horizon View Blast Secure Gateway Automatic Provides secure HTML Access services. This service must be running if clients connect to View Connection Server through the HTML Access Secure Gateway.
View Security Table 1‑13. Security Server Services (Continued) Service Name Startup Type Description VMware Horizon View PCoIP Secure Gateway Manual Provides PCoIP Secure Gateway services. This service must be running if clients connect to this security server through the PCoIP Secure Gateway. VMware Horizon View Security Gateway Component Manual Provides common gateway services. This service must always be running.
Chapter 1 View Security Reference Updating JCE Policy Files to Support High-Strength Cipher Suites You can add high-strength cipher suites for greater assurance, but first you must update the local_policy.jar and US_export_policy.jar policy files for JRE 7 on each View Connection Server instance and security server. You update these policy files by downloading the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 from the Oracle Java SE Download site.
View Security Change the Global Acceptance and Proposal Policies To change the global acceptance and proposal policies for security protocols and cipher suites, you use the ADSI Edit utility to edit View LDAP attributes. Prerequisites n Familiarize yourself with the View LDAP attributes that define the acceptance and proposal policies. See “Global Acceptance and Proposal Policies Defined in View LDAP,” on page 23.
Chapter 1 View Security Reference 4 Restart the VMware Horizon View Connection Server service or VMware Horizon View Security Server service to make your changes take effect. Example: Default Acceptance Policies on an Individual Server The following example shows the entries in the locked.properties file that are needed to specify the default policies: # The following list should be ordered with the latest protocol first: secureProtocols.1=TLSv1.1 secureProtocols.2=TLSv1 secureProtocols.
View Security Perfect Forward Secrecy Perfect Forward Secrecy (PFS) assures that compromise of an SSL session does not mean compromise of other SSL sessions that use the same server certificate. It is a property of cipher suites with DHE in their names. Of the five cipher suites we enable by default, three have this property. The downside of PFS is performance, so a balance needs to be struck. View supports DHE-DSS, DHE-RSA, and ECDHE-RSA cipher suites.
Chapter 1 View Security Reference n In View Administrator, edit the USB access policy for a specific pool to either deny or allow access. With this approach, you do not have to change the desktop image and can control access to USB devices in specific desktop and application pools. Only the global USB access policy is available for RDS desktop and application pools. You cannot set this policy for individual RDS desktop or application pools.
View Security For example, you can prevent all devices except a known device vendor and product ID, vid/pid=0123/abcd, from being redirected to the remote desktop or application: ExcludeAllDevices Enabled IncludeVidPid o:vid-0123_pid-abcd NOTE This example configuration provides protection, but a compromised device can report any vid/pid, so a possible attack could still occur. By default, View blocks certain device families from being redirected to the remote desktop or application.
Index A acceptance policies, configuring globally 23 accounts 7 ADM template files, security-related settings 8 B Blast Secure Gateway service 21 C cipher suites adding high-strength 23 configuring for View Connection Server 22 default global policies 22 editing in View LDAP 24 Connection Server service 21 F firewall settings 18 Framework Component service 21 H HTTP, redirection 20 I Internet Engineering Task Force (IETF) Standards 25 L locked.
View Security 30 VMware, Inc.