You can deploy Unified Access Gateway with Horizon Cloud with On-Premises Infrastructure and Horizon Air cloud infrastructure. For the Horizon deployment, the Unified Access Gateway appliance replaces Horizon security server.
- In the admin UI Configure Manually section, click Select.
- In the Show. , click
- Click the Horizon Settings gearbox icon.
- In the Horizon Settings page, change NO to YES to enable Horizon.
- Configure the following edge service settings resources for Horizon:
Set by default to Horizon. Unified Access Gateway can communicate with servers that use the Horizon XML protocol, such as Horizon Connection Server, Horizon Air, and Horizon Cloud with On-Premises Infrastructure.
Connection Server URL
Enter the address of the Horizon server or load balancer. Enter as https://00.00.00.00.
Connection Server URL Thumbprint
Enter the list of Horizon server thumbprints.
If you do not provide a list of thumbprints, the server certificates must be issued by a trusted CA. Enter the hexadecimal thumbprint digits. For example, sha1= C3 89 A2 19 DC 7A 48 2B 85 1C 81 EC 5E 8F 6A 3C 33 F2 95 C3
- To configure the authentication method rule, and other advanced settings, click More.
Select the authentication methods to use.
The default is to use pass-through authentication of the user name and password. The authentication methods you configured in Unified Access Gateway are listed in the drop-down menus.
To configure authentication that includes applying a second authentication method if the first authentication attempt fails.
Select one authentication method from the first drop-down menu.
Click the + and select either AND or OR.
Select the second authentication method from the third drop-down menu.
To require users to authenticate through two authentication methods, change OR to AND in the drop-down.
Health Check URI Path
The URI path for the connection server that Unified Access Gateway connects to, for health status monitoring.
Change NO to YES to specify whether the PCoIP Secure Gateway is enabled.
PCOIP External URL
Enter the external URL of the Unified Access Gateway appliance. Clients use this URL for secure connections through the PCoIP Secure Gateway. This connection is used for PCoIP traffic. The default is the Unified Access Gateway IP address and port 4172.
To use the Blast Secure Gateway, change NO to YES.
Blast External URL
Enter the FQDN URL of the Unified Access Gateway appliance that end users use to make a secure connection from the Web browsers through the Blast Secure Gateway. Enter as https://exampleappliance:443.
If the Horizon secure tunnel is used, change NO to YES. The Client uses the external URL for tunnel connections through the Horizon Secure Gateway. The tunnel is used for RDP, USB, and multimedia redirection (MMR) traffic.
Tunnel External URL
Enter the external URL of the Unified Access Gateway appliance. The default value is used if not set.
Endpoint Compliance Check Provider
Select the endpoint compliance check provider. Default is OPSWAT.
Enter the regular expression that matches the URIs that are related to the Horizon Server URL (proxyDestinationUrl). For the Horizon Connection server, a forward slash (/) is a typical value to redirect to the HTML Access Web client when using the Unified Access Gateway appliance.
Enter the name of the SAML service provider for the Horizon XMLAPI broker. This name must either match the name of a configured service provider metadata or be the special value DEMO.
Match Windows User Name
Change NO to YES to match RSA SecurID and Windows user name. When set to YES, securID-auth is set to true and the securID and Windows user name matching is enforced.
The location from where the connection request originates. The security server and Unified Access Gateway set the gateway location. The location can be external or internal.
Enter a comma separated list of host entries to be added in /etc/hosts file. Each entry includes an IP, a hostname, and an optional hostname alias in that order, separated by a space. For example, 10.192.168.1 example1.com, 10.192.168.2 example2.com example-alias.
Disable HTML Access
If set to YES, disables web access to Horizon. See Endpoint Compliance Checks for Horizon for details.
- Click Save.