This attribute controls whether a secure channel is required between a Connection Server instance and a desktop when a remote user session is being started.

When Horizon Agent is installed on a desktop computer, this attribute has no effect and a secure channel is always required.

In all cases, user credentials and authorization tickets are protected by a static key. A secure channel provides further assurance of confidentiality by using dynamic keys.

If set to 0, a remote user session will not start if a secure channel cannot be established. This setting is suitable if all the desktops are in trusted domains or all desktops have Horizon Agent installed.

If set to 1, a remote user session can be started even if a secure channel cannot be established. This setting is suitable if some desktops have older Horizon Agents installed and are not in trusted domains.

The default setting is 1.

When the message security mode is set to Enhanced, TLS is used to secure JMS connections rather than using per-message encryption. In enhanced message security mode, validation applies to only one message type. For enhanced message mode, VMware recommends increasing the key size to 2048 bits. If you are not using enhanced message security mode, VMware recommends not changing the default from 512 bits because increasing the key size affects performance and scalability. If you want all keys to be 2048 bits, the DSA key size must be changed immediately after the first Connection Server instance is installed and before additional servers and desktops are created.