Friday, March 27, 2009

Can VMware View Security Server accept connections without a certificate over port 80?

Yesterday a customer asked me a question: Can we use View Security Server (as a singular IP access point to ther VDI environement) without the need to buy a certificate?

The answer is Yes.

What is their business need?
  • they already have a VPN (so no need to use the Security Server to encrypt the connections)
  • However, they would still need to open ACL's on their VPN to allow the end user access to the virtual desktops
  • View Security Server would work great as they would only need to open ACL's from their clients to one IP address. 
They can do that, and still use http (port 80) only (without the need to buy a cert), with a very simple proxedure: make the following changes to their locked.properties file located under C:\Program Files\VMware\VMware View\Server\sslgateway\conf:
(note the lines starting with client and server)

They need to reboot the server (or restart the View Security Server service) for these changes to take effect.

No comments:

Post a Comment