When you upgrade, the existing JMS message security mode setting used for the previous version is retained. After the upgrade is complete, you must change this setting to Enhanced.
This procedure shows how to use Horizon Administrator to change the message security mode to Enhanced and monitor the progress of the change on all Horizon components. You can alternatively use the vdmutil command-line utility to change the mode and monitor progress. See the Horizon 7 Administration document.
To use Access Point appliances instead of Horizon security servers, you must upgrade the Connection Server instances to version 6.2 or later before installing and configuring the Access Point appliances to point to the Connection Server instances or the load balancer that fronts the instances. For more information, see Deploying and Configuring Unified Access Gateway.
Verify that you have upgraded all Horizon Connection Server instances, security servers, and Horizon desktops to Horizon 6 version 6.1 or a later release. View components that predate Horizon 6 version 6.1 cannot communicate with a Connection Server 6.1 instance that uses Enhanced mode.
- Configure back-end firewall rules to allow security servers to send JMS traffic on port 4002 to Connection Server instances.
- In Horizon Administrator, go to , and on the Security tab, set Message security mode to Enhanced.
- Manually restart the VMware Horizon Message Bus Component service on all Connection Server hosts in the pod, or restart the Connection Server instances.
After the services are restarted, the Connection Server instances reconfigure the message security mode on all desktops and security servers, changing the mode to Enhanced.
- To monitor the progress in Horizon Administrator, go to .
On the Security tab, the Enhanced Security Status item will show Enhanced when all components have made the transition to Enhanced mode.
When servers communicate with clients, servers will configure clients to use enhanced message security mode.