Installing App-V Management Server or Streaming Server Securely

Letzte Aktualisierung: Oktober 2009

Betrifft: Application Virtualization

The topics in this section provide information for installing an enhanced security version of the App-V Management Server or the App-V Streaming Server.

Hinweis

Installing or configuring an App-V Management or Streaming Server to use enhanced security (for example, Transport Layer Security, or TLS) requires that an X.509 V3 certificate has been provisioned to the App-V server.

When you prepare to install or configure a secure Management or Streaming Server, consider the following technical requirements:

  • The certificate must be valid. If the certificate is not valid, the client ends the connection.

  • The certificate must contain the correct Enhanced Key Usage (EKU)—Server Authentication (OID 1.3.6.1.5.5.7.3.1). If the certificate does not contain this EKU, the client ends the connection.

  • The certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling RTSPS://Myserver.mycompany.com/content/MyApp.sft and the certificate Issued To field is set to Server1.mycompany.com, the client will not connect to the server and the session ends. The failure is reported to the user.

    Hinweis

    If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see https://go.microsoft.com/fwlink/?LinkId=133228.

  • The client and the server need to trust the root CA—The CA issuing the certificate to the App-V server must by trusted by the client connecting to the server. If not, the client ends the connection.

  • The certificate’s private key must have permissions changed to allow the App-V Service account to access the certificate. By default, App-V uses the Network Service account, and by default, the Network Service account does not have permission to access the private key, which will prevent secure connections.

Inhalt dieses Abschnitts

Fanden Sie diese Informationen hilfreich? Bitte klicken Sie auf den folgenden Link, um Ihre Vorschläge und Kommentare zu der Dokumentation an den Application Virtualization Doc Feedback-Alias appvdocs@microsoft.com zu senden.