Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑11. TCP and UDP Ports Used by View (Continued)
Source Port Target Port Protocol Description
View Connection
Server
* View desktop 3389 TCP Microsoft RDP traffic to View desktops if tunnel
connections via the View Connection Server are
used.
View Connection
Server
* View desktop 4172 TCP PCoIP (HTTPS) if PCoIP Secure Gateway via the
View Connection Server is used.
View Connection
Server
* View desktop 9427 TCP Wyse MMR redirection if tunnel connections via
the View Connection Server are used.
View Connection
Server
* View desktop 32111 TCP USB redirection if tunnel connections via the View
Connection Server are used.
View Connection
Server
* View Connection
Server
8472 TCP For interpod communication in Cloud Pod
Architecture.
View Connection
Server
* View Connection
Server
22389 TCP For global LDAP replication in Cloud Pod
Architecture.
View Connection
Server
* View Connection
Server
22636 TCP For secure global LDAP replication in Cloud Pod
Architecture.
View desktop * View Connection
Server instances
4001 TCP JMS traffic.
View desktop * View Connection
Server instances
4002 TCP JMS SSL traffic.
View Composer
service
* ESXi host 902 TCP Used when View Composer customizes linked-
clone disks, including View Composer internal
disks and, if they are specified, persistent disks
and system disposable disks.
Notes and Caveats for TCP and UDP Ports Used by View
Connection attempts over HTTP are silently redirected to HTTPS, except for connection attempts to View
Administrator. HTTP redirection is not needed with more recent View clients because they default to
HTTPS, but it is useful when your users connect with a Web browser, for example to download View Client.
The problem with HTTP redirection is that it is a non-secure protocol. If a user does not form the habit of
entering https:// in the address bar, an attacker can compromise the Web browser, install malware, or steal
credentials, even when the expected page is correctly displayed.
NOTE HTTP redirection for external connections can take place only if you configure your external firewall
to allow inbound traffic to TCP port 80.
Connection attempts over HTTP to View Administrator are not redirected. Instead, an error message is
returned indicating that you must use HTTPS.
To prevent redirection for all HTTP connection attempts, see "Prevent HTTP Redirection for Client
Connections to Connection Server" in the View Installation document.
Connections to port 80 of a View Connection Server instance or security server can also take place if you off-
load SSL client connections to an intermediate device. See "Off-load SSL Connections to Intermediate
Servers" in the View Administration document.
To allow HTTP redirection when the SSL port number was changed, see "Change the Port Number for
HTTP Redirection to Connection Server" in the View Installation document.
NOTE The UDP port number that clients use for PCoIP may change. If port 50001 is in use, the client will
pick 50002. If port 50002 is in use, the client will pick port 50003, and so on. You must configure firewall
with ANY where 50001 is listed in the table.
View Security
20 VMware, Inc.