You can set message security mode for View components. This setting determines how sender signatures in JMS messages are treated. By default, JMS messages are rejected if the signature is missing or invalid, or if a message was modified after it was signed.

If any component in your View environment predates View 3.0, when message security was introduced, you can change the mode to log a warning if any of these conditions are found, or to not verify signatures at all. These options are not recommended and it is preferable to upgrade older components.

Some JMS messages are encrypted because they carry sensitive information such as user credentials. Consider using IPSec to encrypt all JMS messages between View Connection Server instances, and between View Connection Server instances and security servers.

1 shows the options you can select to configure the message security mode. To set an option, select it from the Message security mode list in the Global Settings dialog window.

Table 1. Message Security Mode Options

Option

Description

Disabled

Message security mode is disabled.

Mixed

Message security mode is enabled but not enforced.

You can use this mode to detect components in your View environment that predate View 3.0. The log files generated by View Connection Server contain references to these components.

Enabled

Message security mode is enabled. Unsigned messages are rejected by View components.

Message security mode is enabled by default.

Note:

View components that predate View 3.0 are not allowed to communicate with other View components

When you first install View on a system, the message security mode is set to Enabled. If you upgrade View, the message security mode remains unchanged from its existing setting.

Message security mode is supported in View 3.0 and later. If you change the message security mode from Disabled or Mixed to Enabled, you cannot launch a remote desktop with a View Agent from Virtual Desktop Manager version 2.1 or earlier. If you then change the message security mode from Enabled to Mixed or Disabled, the desktop still fails to launch. To launch a remote desktop after you change the message security mode from Enabled to Mixed or Disabled, you must restart the remote desktop.

If you plan to change an active View environment from Disabled to Enabled, or from Enabled to Disabled, change to Mixed mode for a short time before you make the final change. For example, if your current mode is Disabled, change to Mixed mode for one day, then change to Enabled. In Mixed mode, signatures are attached to messages but not verified, which allows the change of message mode to propagate through the environment.