When TLS is off-loaded to an intermediate server, you can configure Connection Server instances to allow HTTP connections from the client-facing, intermediate devices. The intermediate devices must accept HTTPS for Horizon Client connections.
To allow HTTP connections between Horizon 8 servers and intermediate devices, you must configure the locked.properties file on each Connection Server instance on which HTTP connections are allowed.
Even when HTTP connections between Horizon 8 servers and intermediate devices are allowed, you cannot deactivate TLS in Horizon 8. Horizon 8 servers continue to accept HTTPS connections as well as HTTP connections.
Note: If your
Horizon 8 clients use smart card authentication, the clients must make HTTPS connections directly to Connection Server. TLS off-loading is not supported with smart card authentication.
Procedure
- Create or edit the locked.properties file in the TLS/SSL gateway configuration folder on the Connection Server host.
For example:
install_directory\VMware\VMware View\Server\SSLgateway\conf\locked.properties
- To configure the Horizon 8 server's protocol, add the serverProtocol property and set it to http.
The value
http must be typed in lower case.
- (Optional) Add properties to configure a non-default HTTP listening port and a network interface on the Horizon 8 server.
- To change the HTTP listening port from 80, set serverPortNonTLS to another port number to which the intermediate device is configured to connect.
- If the Horizon 8 server has more than one network interface, and you intend the server to listen for HTTP connections on only one interface, set serverHostNonTLS to the IP address of that network interface.
- Save the locked.properties file.
- Restart the Connection Server service to make your changes take effect.
Example: locked.properties file
This file allows non-TLS HTTP connections to a Horizon 8 server. The IP address of the Horizon 8 server's client-facing network interface is 10.20.30.40. The server uses the default port 80 to listen for HTTP connections. The value http must be lower case.
serverProtocol=http
serverHostNonTLS=10.20.30.40