The time in milliseconds to keep inactive sessions active.

Each HTTP request resets the timer.

The default value is 30 minutes.

The maximum session length in milliseconds.

Even if the session is kept alive, after the time specified in this property, the session is terminated.

This property prevents attacks based on stolen session cookies.

The default value is 24 hours.

Corresponds to sslEnabledProtocols in Apache Tomcat.

For more information, see Apache Tomcat Configuration Reference in the Apache Tomcat documentation.

HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!kRSA:!DH

Corresponds to ciphers from SSLHostConfig in Apache Tomcat.

For information about SSLHostConfig, see Apache Tomcat Configuration Reference in the Apache Tomcat documentation.

When set to true, skips the verification of the host name of VMware Cloud Director when establishing a TLS session.

Used to prevent an SSL error when the VMware Cloud Director certificate subject or its list of SANs does not contain the provided VMware Cloud Director address.

Applies only to the Cloud Service.

A list of origins (Cross-Origin Resource Sharing (CORS)) that are allowed to access the web resources.

Applicable when operating a custom web server serving the plug-in with an iframe.

The default value does not allow any origins, but due to the integrated user interface plug-in, the Cloud Service implicitly allows requests from VMware Cloud Director.

Controls the source IP addresses that are allowed to establish server sessions. In a production environment, deactivate the root access authentication from the Tunnel Service, as requests come from the Internet.

The default value states: if the service has tunneling configuration set, reject tunnel requests, otherwise allow all.