Security
Table Of Contents
- View Security
- Contents
- View Security
- View Security Reference
- View Accounts
- View Security Settings
- View Resources
- View Log Files
- View TCP and UDP Ports
- Services on a View Connection Server Host
- Services on a Security Server
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Updating JCE Policy Files to Support High-Strength Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Internet Engineering Task Force Standards
- Perfect Forward Secrecy
- SSLv3 Is Disabled in View
- Deploying USB Devices in a Secure View Environment
- Index
Change the Global Acceptance and Proposal Policies
To change the global acceptance and proposal policies for security protocols and cipher suites, you use the
ADSI Edit utility to edit View LDAP attributes.
Prerequisites
n
Familiarize yourself with the View LDAP attributes that define the acceptance and proposal policies.
See “Global Acceptance and Proposal Policies Defined in View LDAP,” on page 23.
n
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your
Windows Server operating system version.
Procedure
1 Start the ADSI Edit utility on your View Connection Server computer.
2 In the console tree, select Connect to.
3 In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name
DC=vdi, DC=vmware, DC=int.
4 In the Select or type a domain or server text box, select or type localhost:389 or the fully qualified
domain name (FQDN) of the View Connection Server computer followed by port 389.
For example: localhost:389 or mycomputer.mydomain.com:389
5 Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and select OU=Common in the
right pane.
6 On the object CN=Common, OU=Global, OU=Properties, select each attribute that you want to change
and type the new list of security protocols or cipher suites.
7 Restart the VMware Horizon View Connection Server service.
Configure Acceptance Policies on Individual View Servers
To specify a local acceptance policy on an individual View Connection Server instance or security server,
you must add properties to the locked.properties file. If the locked.properties file does not yet exist on
the View server, you must create it.
You add a secureProtocols.n entry for each security protocol that you want to configure. Use the following
syntax: secureProtocols.n=security protocol.
You add an enabledCipherSuite.n entry for each cipher suite that you want to configure. Use the following
syntax: enabledCipherSuite.n=cipher suite.
The variable n is an integer that you add sequentially (1, 2, 3) to each type of entry.
Make sure that the entries in the locked.properties file have the correct syntax and the names of the cipher
suites and security protocols are spelled correctly. Any errors in the file can cause the negotiation between
the client and server to fail.
Procedure
1 Create or edit the locked.properties file in the SSL gateway configuration folder on the View
Connection Server or security server computer.
For example: install_directory\VMware\VMware View\Server\sslgateway\conf\
2 Add secureProtocols.n and enabledCipherSuite.n entries, including the associated security protocols
and cipher suites.
3 Save the locked.properties file.
View Security
24 VMware, Inc.