When TLS is off-loaded to an intermediate server, you can configure Connection Server instances or security servers to allow HTTP connections from the client-facing, intermediate devices. The intermediate devices must accept HTTPS for Horizon Client connections.
To allow HTTP connections between Horizon 7 servers and intermediate devices, you must configure the locked.properties file on each Connection Server instance and security server on which HTTP connections are allowed.
Even when HTTP connections between Horizon 7 servers and intermediate devices are allowed, you cannot disable TLS in Horizon 7. Horizon 7 servers continue to accept HTTPS connections as well as HTTP connections.
- Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server or security server host.
For example: install_directory\VMware\VMware View\Server\SSLgateway\conf\locked.properties
- To configure the Horizon 7 server's protocol, add the serverProtocol property and set it to http.
The value http must be typed in lower case.
- (Optional) Add properties to configure a non-default HTTP listening port and a network interface on the Horizon 7 server.
- To change the HTTP listening port from 80, set serverPortNonTLS to another port number to which the intermediate device is configured to connect.
- If the Horizon 7 server has more than one network interface, and you intend the server to listen for HTTP connections on only one interface, set serverHostNonTLS to the IP address of that network interface.
- Save the locked.properties file.
- Restart the Connection Server service or security server service to make your changes take effect.
This file allows non-TLS HTTP connections to a Horizon 7 server. The IP address of the Horizon 7 server's client-facing network interface is 10.20.30.40. The server uses the default port 80 to listen for HTTP connections. The value http must be lower case.