How it Works
VMware
Loading...
V
Loading...
Loading...
View - 5.0
User Manual
80 pgs1.21 Mb0
Administrator’s Guide [fr]
434 pgs4.4 Mb0
Architecture Planning
74 pgs1.04 Mb0
Administrator’s Guide
378 pgs4.16 Mb0
Security Guide
26 pgs477.02 Kb0
Installation Manual
108 pgs1.48 Mb0
Installation Manual [fr]
128 pgs1.53 Mb0
Upgrades
62 pgs840.92 Kb0
Table of contents
Loading...

VMware View - 5.0 Security Guide

VMware View Security
View 5.0
View Manager 5.0
View Composer 2.7
This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document, see http://www.vmware.com/support/pubs.
VMware View Security
You can find the most up-to-date technical documentation on the VMware Web site at:
http://www.vmware.com/support/
The VMware Web site also provides the latest product updates.
If you have comments about this documentation, submit your feedback to:
docfeedback@vmware.com
Copyright © 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
VMware, Inc.
3401 Hillview Ave. Palo Alto, CA 94304 www.vmware.com
2 VMware, Inc.

Contents

VMware View Security 5
VMware View Security Reference 7
VMware View Accounts 8
VMware View Security Settings 9
VMware View Resources 17
VMware View Log Files 17
VMware View TCP and UDP Ports 19
Services on a View Connection Server Host 23
Services on a Security Server 24
Services on a View Transfer Server Host 24
Index 25
VMware, Inc. 3
VMware View Security
4 VMware, Inc.

VMware View Security

VMware View Security provides a concise reference to the security features of VMware View™.
n
Required system and database login accounts.
n
Configuration options and settings that have security implications.
n
Resources that must be protected, such as security-relevant configuration files and passwords, and the recommended access controls for secure operation.
n
Location of log files and their purpose.
n
External interfaces, ports, and services that must be open or enabled for the correct operation of VMware View.
Intended Audience
This information is intended for IT decision makers, architects, administrators, and others who must familiarize themselves with the security components of VMware View. This reference guide should be used in conjunction with the VMware View Hardening Guide and other VMware View documentation.
VMware, Inc.
5
VMware View Security
6 VMware, Inc.

VMware View Security Reference

When you are configuring a secure View environment, you can change settings and make adjustments in several areas to protect your systems.
n
VMware View Accounts on page 8
You must set up system and database accounts to administer VMware View components.
n
VMware View Security Settings on page 9
VMware View includes several settings that you can use to adjust the security of the configuration. You can access the settings by using View Administrator, by editing group profiles, or by using the ADSI Edit utility, as appropriate.
n
VMware View Resources on page 17
VMware View includes several configuration files and similar resources that must be protected.
n
VMware View Log Files on page 17
VMware View software creates log files that record the installation and operation of its components.
n
VMware View TCP and UDP Ports on page 19
View uses TCP and UDP ports for network access between its components. You might have to reconfigure a firewall to allow access on the appropriate ports.
VMware, Inc.
n
Services on a View Connection Server Host on page 23
The operation of View Manager depends on several services that run on a View Connection Server host. If you want to adjust the operation of these services, you must first familiarize yourself with them.
n
Services on a Security Server on page 24
The operation of View Manager depends on several services that run on a security server. If you want to adjust the operation of these services, you must first familiarize yourself with them.
n
Services on a View Transfer Server Host on page 24
Transfer operations for local desktops depend on services that run on a View Transfer Server host. If you want to adjust the operation of these services, you must first familiarize yourself with them.
7
VMware View Security

VMware View Accounts

You must set up system and database accounts to administer VMware View components.
Table 1. VMware View System Accounts
VMware View Component Required Accounts
View Client Configure user accounts in Active Directory for the users who have access to View
View Client with Local Mode Configure user accounts in Active Directory for the users who have access to View
vCenter Server Configure a user account in Active Directory with permission to perform the
View Composer Create a user account in Active Directory to use with View Composer. View Composer
View Connection Server, Security Server, or View Transfer Server
desktops. The user accounts must be members of the Remote Desktop Users group, but the accounts do not require View administrator privileges.
desktops in local mode. The user accounts do not require View administrator privileges.
As a standard best practice for desktops, make sure that a unique password is created for the local Administrator account on each View desktop that you plan to use in local mode.
operations in vCenter Server that are necessary to support View Manager.
For information about the required privileges, see the VMware View Installation document.
requires this account to join linked-clone desktops to your Active Directory domain.
The user account should not be a View administrative account. Give the account the minimum privileges that it requires to create and remove computer objects in a specified Active Directory container. For example, the account does not require domain administrator privileges.
For information about the required privileges, see the VMware View Installation document.
Initially, all users who are members of the local Administrators group (BUILTIN\Administrators) on the View Connection Server computer are allowed to log in to View Administrator.
In View Administrator, you can use View Configuration > Administrators to change the list of View administrators.
See the VMware View Administration document for information about the privileges that are required.
Table 2. VMware View Database Accounts
VMware View Component Required Accounts
View Composer database An SQL Server or Oracle database stores View Composer data. You create an
administrative account for the database that you can associate with the View Composer user account.
For information about setting up a View Composer database, see the VMware View Installation document.
Event database used by View Connection Server
An SQL Server or Oracle database stores View event data. You create an administrative account for the database that View Administrator can use to access the event data.
For information about setting up a View Composer database, see the VMware View Installation document.
To reduce the risk of security vulnerabilities, take the following actions:
n
Configure View databases on servers that are separate from other database servers that your organization uses.
n
Do not allow a single user account to access multiple databases.
n
Configure separate accounts for access to the View Composer and event databases.
8 VMware, Inc.
Loading...
+ 18 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use