VMware Horizon Community
DanReynolds
Enthusiast
Enthusiast

How do I remove the VMware Horizon Web Portal Page

The company that we have our cyber insurance through uses a security evaluating company called Coalition Control. They have identified the 'web panel' as a weakness and suggest we remove it. I believe they mean the VMware Horizon Web Portal Page. 

How do you remove that page? I assume it's not necessary for operation as the users download Horizon clients on their own they have never even SEEN that page. I do not have an HTML access to VDI. 

This is what Coalition told me:
- Remove the web panel and utilize the VMware Horizon client
- If web access is needed utilize a reverse proxy or consider use of a third party zero trust access solution for best overall protection when exposing logins to anyone on the internet.

I have searched documentation - I can find out how to modify web portal page but not how to disable or remove it. Please advise...

Reply
0 Kudos
18 Replies
sjesse
Leadership
Leadership

DanReynolds
Enthusiast
Enthusiast

Not not HTML access to the VM's. The portal page that shows up and the View Server's URL:

DanReynolds_0-1655758758697.png

 

Reply
0 Kudos
RandallZirkle
Contributor
Contributor

Did you ever find a solution for this? We are in the same boat with our cyber insurance using Coalition. They are making the same demands to us.

Reply
0 Kudos
Jubish-Jose
Hot Shot
Hot Shot

I think if you uninstall HTML Access, this page won't be shown. 


-- If you find this reply helpful, please consider accepting it as a solution.
Reply
0 Kudos
fabio1975
Commander
Commander

Ciao 

 if I understand correctly you want that there is no download page and the user is sent directly to the login page. Right?
If so, you can proceed to enable the flag below:

fabio1975_1-1664181345311.png

 

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

Reply
0 Kudos
Matt10
Contributor
Contributor

Same boat. Did you ever find a solution?

Reply
0 Kudos
DanReynolds
Enthusiast
Enthusiast

Not exactly. I ended up having to turn HTML off totally. 

That's the only way my cyber insurance portal would accept.

 

DanReynolds
Enthusiast
Enthusiast

BTW, VMware never had an answer...

Reply
0 Kudos
Matt10
Contributor
Contributor

When you say turn off HTML access, did uninstalling the portal page from the connection servers and blocking 8443 at the firewall suffice? Or did you have to do something extra?

In my insurance portal, I'm seeing that they're identifying the risk over 443. So, I'm curious if they're going to want to block traffic over 443 as well.

I reached out to VMware asking exactly what ports need to be open for just the client to operate as intended. Have yet to hear back. Spoke to another individual and they're saying port 443 is still used by the Horizon client to auth.

Reply
0 Kudos
DanReynolds
Enthusiast
Enthusiast

Sorry I should've been more clear. From View itself I removed the HTML access... 

There is an option to connect to View from just a web browser. That's what I removed. That's all I ended up having to do. I didn't modify any of the ports on the firewall (I'm an army of one so I do it all anyway). 

You can only connect using the Horizon View client. I never ever used HTML access anyway. 

I just checked - it is on the connection server: https://docs.vmware.com/en/VMware-Horizon-HTML-Access/2303/html-access-installation/GUID-34D918D1-AD...

Screenshot 2023-06-06 094155.jpg

Screenshot 2023-06-06 094012.jpg

What is really ironic is that there is still a web page. The one that offers to download a client...

 

Matt10
Contributor
Contributor

Weird, I thought the page itself was the problem. I'll try that out and see if that makes them happy. In my insurance portal, it only identifies the risk as "VMware Horizon Panel Exposed". I'll follow up with my results.

Reply
0 Kudos
DanReynolds
Enthusiast
Enthusiast

That's exactly what my "portal" told me. I'm not sure they even knew what Horizon View was or how it worked. 

They still complain because I don't have an SSL cert but that's not a big issue with them. 

Reply
0 Kudos
MP-CAE
Enthusiast
Enthusiast

FYI ... the English link for the above would be:

https://docs.vmware.com/en/VMware-Horizon-HTML-Access/2111/html-access-installation/GUID-10FAB7F4-D1...

I have no idea how well it works as a solution to be clear - just wanted to share an equivalent link for folks not fluent in Chinese 😎

Eric-Champagne
Contributor
Contributor

Fabio,

I'm looking the skip the first choice webclient page for all the users and fall direcly on the webclient login page. Do you have a workaround ?

Reply
0 Kudos
DanReynolds
Enthusiast
Enthusiast

No, I completely removed the web client option in Horizon.

Reply
0 Kudos
Matt10
Contributor
Contributor

In case anyone was curious...

I disabled HTML access which still did not make the insurance company happy. They REALLY wanted that page to be proxied (I.E. something like CloudFlare). Sounds like VMware could accommodate what they wanted with their WorkSpaceOne solution, be warned, it's a pretty heavy lift if you're not super familiar with WSO (which I am not). 

In short, we ended up dropping their coverage and went with another provider (ended up saving a significant amount of $$$ in the process).

Tags (1)
Reply
0 Kudos
lttdvs
Contributor
Contributor

You can disable HTML Access from UAG by removing entries from the proxy pattern

lttdvs_0-1702319878505.png

 

__________
https://vdihub.fr
Reply
0 Kudos