VMware Horizon allows IT to deliver virtual or RDSH-published desktops and applications through a single platform to end users. These desktop and application services — including RDS-hosted apps, packaged apps with VMware ThinApp®, SaaS apps, and even virtualized apps from Citrix—can all be accessed from one unified workspace to provide end users with all of the resources they want, at the speed they expect, with the efficiency business demands.
Connection Servers broker client connections, authenticate users, and direct incoming requests to the correct endpoint. Although the Connection Server helps form the connection, it typically does not act as part of the data path after the connection is established.
Security Servers are installed in the DMZ and add an additional layer of security between the Internet and the internal network for external users. Each Security Server must be paired with a Connection Server and forwards all traffic to that instance. This pairing requires the Connection Server to be in tunnel mode, which means it is not suitable for internal client connections, so two sets of Connection Servers are needed – one to handle connections from the paired Security Servers, the other to handle internal clients.
Access Point is a hardened SUSE Linux based appliance introduced in v6.2 as an alternatively to Security Server. Access Point was renamed Unified Access Gateway (UAG) in Horizon v7.0. UAG is now the preferred option over Security Server. Access Point / UAG is not paired, so only one set of Connection Servers is needed for both external and internal clients.
For high availability and scalability, VMware recommends that multiple Connection Servers and multiple Unified Access Gateways are deployed in a load-balanced cluster.
The load balancers can be configured in various ways to support internal and external clients as detailed in the deployment guides referenced below.
VMware Horizon Protocol Table
|TCP||443||Various HTTPS traffic|