To provide maximum security, configure IaaS to use pooling and disable TLS 1.0.

About this task

For more information, see the Microsoft knowledge base article https://support.microsoft.com/en-us/kb/245030.

Procedure

  1. Configure IaaS to use pooling instead of web sockets.
    1. Update the Manager Services configuration file C:\Program Files (x86)\VMware\vCAC\Server\ManagerService.exe.config by adding the following values in the <appSettings> section
      <add key="Extensibility.Client.RetrievalMethod" value="Polling"/>
      <add key="Extensibility.Client.PollingInterval" value="2000"/>
      <add key="Extensibility.Client.PollingMaxEvents" value="128"/>
    2. Restart the Manager Service (VMware vCloud Automation Center Service).
  2. Verify that TLS 1.0 is disabled on the IaaS server.
    1. Run the registry editor as an administrator.
    2. In the registry window, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols\
    3. Right-click on Protocols and select New > Key and then enter TLS 1.0.
    4. In the navigation tree, right-click on the TLS 1.0 key that you just created, and in the pop-up menu select New > Key and enter Client.
    5. In the navigation tree, right-click on the TLS 1.0 key that you just created and in the pop up menu select New > Key and enter Server.
    6. In the navigation tree, under TLS 1.0, right-click on Client, and then click New > DWORD (32-bit) Valueand enter DisabledByDefault.
    7. In the navigation tree, under TLS 1.0, select Client, and in the right pane, double-click DisabledByDefault DWORD and enter 1.
    8. In the navigation tree, under TLS 1.0, right-click Server, and select New > DWORD (32-bit) Value and enter Enabled.
    9. In the navigation tree, under TLS 1.0, select Server, and in the right pane, double-click Enabled DWORD and enter 0.
    10. Restart the Windows Server.