Security-related global settings for client sessions and connections are accessible under
or under in Horizon Console.Setting | Description |
---|---|
Change data recovery password | The password is required when you restore the Horizon LDAP configuration from an encrypted backup. When you install Connection Server, you provide a data recovery password. After installation, you can change this password in Horizon Console. When you back up Connection Server, the Horizon LDAP configuration is exported as encrypted LDIF data. To restore the encrypted backup with the vdmimport utility, you must provide the data recovery password. The password must contain between 1 and 128 characters. Follow your organization's best practices for generating secure passwords. |
Message security mode | Determines the security mechanism used when JMS messages are passed between VMware Horizon components.
The default setting is Enhanced for new installations. If you upgrade from a previous version, the setting used in the previous version is retained.
Important: VMware strongly recommends setting the message security mode to
Enhanced after you upgrade all Connection Server instances and
VMware Horizon desktops to this release. The
Enhanced setting provides many important security improvements and MQ (message queue) updates.
|
Enhanced Security Status (Read-only) | Read-only field that appears when Message security mode is changed from Enabled to Enhanced. Because the change is made in phases, this field shows the progress through the phases:
|
Reauthenticate secure tunnel connections after network interruption | Determines if user credentials must be reauthenticated after a network interruption when Horizon Clients use secure tunnel connections to VMware Horizon desktops and applications. This setting offers increased security. For example, if a laptop is stolen and moved to a different network, the user cannot automatically gain access to the VMware Horizon desktops and applications because the network connection was temporarily interrupted. This setting is disabled by default. |
Forcibly disconnect users | Disconnects all desktops and applications after the specified number of minutes has passed since the user logged in to VMware Horizon. All desktops and applications will be disconnected at the same time regardless of when the user opened them. The default is 600 minutes. |
For clients that support applications. If the user stops using the keyboard and mouse, disconnect their applications and discard SSO credentials |
Protects application sessions when there is no keyboard or mouse activity on the client device. If set to After ... minutes, VMware Horizon disconnects all applications and discards SSO credentials after the specified number of minutes without user activity. Desktop sessions are disconnected. Users must log in again to reconnect to the applications that were disconnected or launch a new desktop or application. If set to Never, VMware Horizon never disconnects applications or discards SSO credentials due to user inactivity. The default is Never. |
Other clients. Discard SSO credentials |
Discards the SSO credentials after a certain time period. This setting is for clients that do not support application remoting. If set to After ... minutes, users must log in again to connect to a desktop after the specified number of minutes has passed since the user logged in to VMware Horizon, regardless of any user activity on the client device. The default is After 15 minutes. |
View Administrator session timeout | Determines how long an idle Horizon Console session continues before the session times out.
Important: Setting the
Horizon Console session timeout to a high number of minutes increases the risk of unauthorized use of
Horizon Console. Use caution when you allow an idle session to persist a long time.
By default, the Horizon Console session timeout is 30 minutes. You can set a session timeout from 1 to 4320 minutes. |