When SSL is off-loaded to an intermediate server, you can configure View Connection Server instances or security servers to allow HTTP connections from the client-facing, intermediate devices. The intermediate devices must accept HTTPS for Horizon Client connections.

About this task

To allow HTTP connections between View servers and intermediate devices, you must configure the locked.properties file on each View Connection Server instance and security server on which HTTP connections are allowed.

Even when HTTP connections between View servers and intermediate devices are allowed, you cannot disable SSL in View. View servers continue to accept HTTPS connections as well as HTTP connections.

Note:

If your Horizon clients use smart card authentication, the clients must make HTTPS connections directly to View Connection Server or security server. SSL off-loading is not supported with smart card authentication.

Procedure

  1. Create or edit the locked.properties file in the SSL gateway configuration folder on the View Connection Server or security server host.

    For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties

  2. To configure the View server's protocol, add the serverProtocol property and set it to http.

    The value http must be typed in lower case.

  3. (Optional) : Add properties to configure a non-default HTTP listening port and a network interface on the View server.
    • To change the HTTP listening port from 80, set serverPortNonSSL to another port number to which the intermediate device is configured to connect.

    • If the View server has more than one network interface, and you intend the server to listen for HTTP connections on only one interface, set serverHostNonSSL to the IP address of that network interface.

  4. Save the locked.properties file.
  5. Restart the View Connection Server service or security server service to make your changes take effect.

locked.properties file

This file allows non-SSL HTTP connections to a View server. The IP address of the View server's client-facing network interface is 10.20.30.40. The server uses the default port 80 to listen for HTTP connections. The value http must be lower case.

serverProtocol=http
serverHostNonSSL=10.20.30.40