Security
Table Of Contents
- View Security
- Contents
- View Security
- View Accounts, Resources, and Log Files
- View Security Settings
- Ports and Services
- Configuring Security Protocols and Cipher Suites on a View Connection Server Instance or on a Security Server
- Default Global Policies for Security Protocols and Cipher Suites
- Configuring Global Acceptance and Proposal Policies
- Configure Acceptance Policies on Individual View Servers
- Configure Proposal Policies on View Desktops
- Internet Engineering Task Force Standards
- Older Protocols and Ciphers Disabled in View
- Reducing MIME Type Security Risks
- Mitigating Cross-Site Scripting Attacks
- Content Type Checking
- Origin Checking
- Configuring Security Protocols and Cipher Suites for Blast Secure Gateway
- Deploying USB Devices in a Secure View Environment
- Index
2 Add secureProtocols.n and enabledCipherSuite.n entries, including the associated security protocols
and cipher suites.
3 Save the locked.properties file.
4 Restart the VMware Horizon View Connection Server service or VMware Horizon View Security Server
service to make your changes take effect.
Example: Default Acceptance Policies on an Individual Server
The following example shows the entries in the locked.properties file that are needed to specify the default
policies:
# The following list should be ordered with the latest protocol first:
secureProtocols.1=TLSv1.2
secureProtocols.2=TLSv1.1
secureProtocols.3=TLSv1
# This setting must be the latest protocol given in the list above:
preferredSecureProtocol=TLSv1.2
# The order of the following list is unimportant:
enabledCipherSuite.1=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
enabledCipherSuite.2=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
enabledCipherSuite.3=TLS_RSA_WITH_AES_128_CBC_SHA256
enabledCipherSuite.4=TLS_RSA_WITH_AES_128_CBC_SHA
Configure Proposal Policies on View Desktops
You can control the security of Message Bus connections to View Connection Server by configuring the
proposal policies on View desktops that run Windows.
Make sure that View Connection Server is configured to accept the same policies to avoid a connection
failure.
Procedure
1 Start the Windows Registry Editor on the View desktop.
2 Navigate to the HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Agent\Configuration registry
key.
3 Add a new String (REG_SZ) value, ClientSSLSecureProtocols.
4 Set the value to a list of cipher suites in the format \LIST:protocol_1,protocol_2,....
List the protocols with the latest protocol first. For example:
\LIST:TLSv1.2,TLSv1.1,TLSv1
5 Add a new String (REG_SZ) value, ClientSSLCipherSuites.
6 Set the value to a list of cipher suites in the format \LIST:cipher_suite_1,cipher_suite_2,....
The list should be in order of preference, with the most preferred cipher suite first. For example:
\LIST:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
View Security
26 VMware, Inc.