Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Table 1‑13. Security Server Services (Continued)
Service Name
Startup
Type Description
VMware Horizon
View PCoIP Secure
Gateway
Manual Provides PCoIP Secure Gateway services. This service must be running if clients
connect to this security server through the PCoIP Secure Gateway.
VMware Horizon
View Security
Gateway
Component
Manual Provides common gateway services. This service must always be running.
Configuring Security Protocols and Cipher Suites on a View
Connection Server Instance or on a Security Server
You can configure the security protocols and cipher suites that are accepted by View Connection Server
instances. You can define a global acceptance policy that applies to all View Connection Server instances in a
replicated group, or you can define an acceptance policy for individual View Connection Server instances
and security servers
You also can configure the security protocols and cipher suites that View Connection Server instances
propose when connecting to vCenter Server and View Composer. You can define a global proposal policy
that applies to all View Connection Server instances in a replicated group. You cannot define individual
instances to opt out of a global proposal policy.
The default policies and the procedures for configuring policies were changed in View 5.2. For information
about earlier View releases, see VMware Knowledge Base article 1021466 at
http://kb.vmware.com/kb/1021466.
Default Global Policies for Security Protocols and Cipher Suites
Certain security protocols and cipher suites are provided by default in View 5.2 and later releases. By
default, the global acceptance and proposal policies are very similar.
Table 1‑14. Default Global Policies
Default Security Protocols Default Cipher Suites
n
TLS 1.1
n
TLS 1.0
n
SSLv2Hello (acceptance policy only)
n
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
n
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
n
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
n
TLS_RSA_WITH_AES_128_CBC_SHA
n
SSL_RSA_WITH_RC4_128_SHA
You can change the default policies in the following ways:
n
If all connecting clients support TLS 1.1, you can remove TLS 1.0 and SSLv2Hello from the acceptance
policy.
n
You can add TLS 1.2 to the acceptance and proposal policies, which will then be selected if the other
end of the connection supports TLS 1.2.
n
If all connecting clients support AES cipher suites, you can remove SSL_RSA_WITH_RC4_128_SHA from the
acceptance policy.
View Security
22 VMware, Inc.