When TLS is off-loaded to an intermediate server, you can configure Connection Server instances to allow HTTP connections from the client-facing, intermediate devices. The intermediate devices must accept HTTPS for Horizon Client connections.

To allow HTTP connections between Horizon servers and intermediate devices, you must configure the locked.properties file on each Connection Server instance on which HTTP connections are allowed.

Even when HTTP connections between Horizon servers and intermediate devices are allowed, you cannot disable TLS in Horizon. Horizon servers continue to accept HTTPS connections as well as HTTP connections.

Note: If your Horizon clients use smart card authentication, the clients must make HTTPS connections directly to Connection Server. TLS off-loading is not supported with smart card authentication.

Procedure

  1. Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server host.
    For example: install_directory\VMware\VMware View\Server\SSLgateway\conf\locked.properties
  2. To configure the Horizon server's protocol, add the serverProtocol property and set it to http.
    The value http must be typed in lower case.
  3. (Optional) Add properties to configure a non-default HTTP listening port and a network interface on the Horizon server.
    • To change the HTTP listening port from 80, set serverPortNonTLS to another port number to which the intermediate device is configured to connect.
    • If the Horizon server has more than one network interface, and you intend the server to listen for HTTP connections on only one interface, set serverHostNonTLS to the IP address of that network interface.
  4. Save the locked.properties file.
  5. Restart the Connection Server service to make your changes take effect.

Example: locked.properties file

This file allows non-TLS HTTP connections to a Horizon server. The IP address of the Horizon server's client-facing network interface is 10.20.30.40. The server uses the default port 80 to listen for HTTP connections. The value http must be lower case.

serverProtocol=http
serverHostNonTLS=10.20.30.40