Security-related settings are provided in View LDAP under the object path cn=common,ou=global,ou=properties,dc=vdi,dc=vmware,dc=int. You can use the ADSI Edit utility to change the value of these settings on a View Connection Server instance. The change propagates automatically to all other View Connection Server instances in a group.

Table 1. Security-Related Settings in View LDAP

Name-value pair

Description

cs-allowunencryptedstartsession

The attribute is pae-NameValuePair.

This attribute controls whether a secure channel is required between a View Connection Server instance and a desktop when a remote user session is being started.

When View Agent 5.1 or later, or Horizon Agent 7.0 or later, is installed on a desktop computer, this attribute has no effect and a secure channel is always required. When a View Agent older than View 5.1 is installed, a secure channel cannot be established if the desktop computer is not a member of a domain with a two-way trust to the domain of the View Connection Server instance. In this case, the attribute is important to determine whether a remote user session can be started without a secure channel.

In all cases, user credentials and authorization tickets are protected by a static key. A secure channel provides further assurance of confidentiality by using dynamic keys.

If set to 0, a remote user session will not start if a secure channel cannot be established. This setting is suitable if all the desktops are in trusted domains or all desktops have View Agent 5.1 or later installed.

If set to 1, a remote user session can be started even if a secure channel cannot be established. This setting is suitable if some desktops have older View Agents installed and are not in trusted domains.

The default setting is 1.