Rule ID
SV-246882r879511_rule
Version
V1R2
CCIs
The Horizon Connection Server has the ability to limit the number of simultaneous client connections. This capability is helpful in limiting resource exhaustion risks related to denial of service attacks. By default, in code, the Connection Server allows up to 2000 client connections at one time, over all protocol types. For larger deployments, this limit can be increased to a tested and supported maximum of 4000 by making modifications to the "locked.properties" file. Ensure any changes to the number of allowed simultaneous connections is supported by VMware for the choice of protocols and that this value is documented as part of the SSP. Satisfies: SRG-APP-000001-AS-000001, SRG-APP-000435-AS-000163
On the Horizon Connection Server, navigate to "<install_directory>\VMware\VMware View\Server\sslgateway\conf". If a file named "locked.properties" does not exist in this path, this is NOT a finding. Open "locked.properties" in a text editor. Find the "maxConnections" setting. The "maxConnections" setting may be set higher than the default of "2000" (up to 4000) in certain, large Horizon deployments. If there is no "maxConnections" setting, this is NOT a finding. If "maxConnections" is set to more than "4000", this is a finding.
On the Horizon Connection Server, navigate to "<install_directory>\VMware\VMware View\Server\sslgateway\conf". Open "locked.properties" in a text editor. Add or change the following line: maxConnections=2000 The default value of "2000" may be increased to no more than 4000 if required and properly documented. Otherwise, keep the default value of "2000". Save and close the file. Restart the "VMware Horizon View Connection Server" service for changes to take effect.