Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
Security-Related Settings in View LDAP
Security-related settings are provided in View LDAP under the object path
cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility to change
the value of these settings on a View Connection Server instance. The change propagates automatically to all
other View Connection Server instances in a group.
Table 2‑3. Security-Related Settings in View LDAP
Name-value pair Description
cs-
allowunencryptedstartsession
The attribute is pae-NameValuePair.
This attribute controls whether a secure channel is required between a View
Connection Server instance and a desktop when a remote user session is being started.
When View Agent 5.1 or later is installed on a desktop computer, this attribute has no
effect and a secure channel is always required. When a View Agent older than View 5.1
is installed, a secure channel cannot be established if the desktop computer is not a
member of a domain with a two-way trust to the domain of the View Connection
Server instance. In this case, the attribute is important to determine whether a remote
user session can be started without a secure channel.
In all cases, user credentials and authorization tickets are protected by a static key. A
secure channel provides further assurance of confidentiality by using dynamic keys.
If set to 0, a remote user session will not start if a secure channel cannot be established.
This setting is suitable if all the desktops are in trusted domains or all desktops have
View Agent 5.1 or later installed.
If set to 1, a remote user session can be started even if a secure channel cannot be
established. This setting is suitable if some desktops have older View Agents installed
and are not in trusted domains.
The default setting is 1.
Chapter 2 View Security Settings
VMware, Inc. 15