Connections to the desktop message server require an authentication token to verify that the connection is coming from a valid desktop agent. The broker agent generates a unique authentication token for each remote desktop and RDS host in a View pod.

After the broker agent generates an authentication token, the token is sent to the remote desktop or RDS host by using the View configuration store. The token is sent to the View adapter along with View inventory information.

When a desktop agent attempts to send data to the View adapter, the adapter uses its local cache to verify the authentication token that the remote desktop or RDS host sends. If the token does not match the adapter's local cache, an authentication failure occurs and the connection is rejected.

If an attacker gains access to an authentication token, you can revoke and reissue the token by using the vRealize Operations View Broker Agent Settings wizard. The wizard removes all existing authentication tokens from the adapter, generates new authentication tokens, and distributes the new tokens to all desktops in the View pod. See Reissue View Desktop Authentication Tokens.