When clients connect to a remote desktop or application with the PCoIP display protocol from VMware, Horizon Client can make a second connection to the PCoIP Secure Gateway component on a View Connection Server instance, security server, or Access Point appliance. This connection provides the required level of security and connectivity when accessing remote desktops and applications from the Internet.
Security servers and Access Point appliances include a PCoIP Secure Gateway component, which offers the following advantages:
- The only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.
- Users can access only the resources that they are authorized to access.
- This connection supports PCoIP, which is an advanced remote display protocol that makes more efficient use of the network by encapsulating video display packets in UDP instead of TCP.
- PCoIP is secured by AES-128 encryption by default. You can, however, change the encryption cipher to AES-256.
- No VPN is required, as long as PCoIP is not blocked by any networking component. For example, someone trying to access their remote desktop or application from inside a hotel room might find that the proxy the hotel uses is not configured to pass PCoIP.
For more information, see Firewall Rules for DMZ-Based Security Servers.
Security servers with PCoIP support run on Windows Server 2008 R2 and Windows Server 2012 R2 operating systems and take full advantage of the 64-bit architecture. This security server can also take advantage of Intel processors that support AES New Instructions (AESNI) for highly optimized PCoIP encryption and decryption performance.
For more information about Access Point virtual appliances, see Deploying and Configuring Access Point.