The View Composer upgrade process has specific requirements and limitations.
To run the View Composer installer, you must be a domain user with Administrator privileges on the system.
Security-Related Requirements
- View Composer requires a TLS certificate that is signed by a CA (certificate authority). If you intend to replace an existing certificate or the default, self-signed certificate with a new certificate after you install View Composer, you must import the new certificate and run the SviConfig ReplaceCertificate utility to bind your new certificate to the port used by View Composer.
If you install vCenter Server and View Composer on the same Windows Server computer, they can use the same TLS certificate, but you must configure the certificate separately for each component.
For complete information about security certificate requirements, see "Configuring SSL Certificates for View Servers" in the Horizon 7 Installation document.
- Certificates for vCenter Server, View Composer, and Horizon 7 servers must include certificate revocation lists (CRLs). For more information, see "Configuring Certificate Revocation Checking on Server Certificates" in the Horizon 7 Installation guide.
- Verify that no applications that run on the View Composer computer use Windows SSL libraries that require SSLv2 provided through the Microsoft Secure Channel (Schannel) security package. The View Composer installer disables SSLv2 on the Microsoft Schannel. Applications such as Tomcat, which uses Java SSL, or Apache, which uses OpenSSL, are not affected by this constraint. SSLv3, TLSv1.0, and RC4 are also disabled by default. For more information, see "Older Protocols and Ciphers Disabled in View" in the Horizon 7 Security document.
- To enhance the security of View Composer, disable the weak cryptographic cipher suites on the Windows Server computer on which the View Composer service is installed. See "Disable Weak Ciphers in SSL/TLS" in the Horizon 7 Installation document.
- You might need to make security protocol configuration changes to continue to be compatible with vSphere. If possible, apply patches to ESXi and vCenter Server to support TLSv1.1 and TLSv1.2 before upgrading View Composer. If you cannot apply patches, reenable TLSv1.0 on View Composer before upgrading. For more information, see Enable TLSv1.0 on vCenter and ESXi Connections from View Composer.
- Effective in Horizon 7 version 7.0.3, you can enable digest access authentication for View Composer to enhance security. For more information, see Enable Digest Access Authentication for View Composer.