Horizon Client must use HTTPS to connect to Horizon 7. If your Horizon clients connect to load balancers or other intermediate servers that pass on the connections to Connection Server instances or security servers, you can off-load TLS to the intermediate servers.
Import TLS Off-loading Servers' Certificates to Horizon 7 Servers If you off-load TLS connections to an intermediate server, you must import the intermediate server's certificate onto the Connection Server instances or security servers that connect to the intermediate server. The same TLS server certificate must reside on both the off-loading intermediate server and each off-loaded Horizon 7 server that connects to the intermediate server.
Set Horizon 7 Server External URLs to Point Clients to TLS Off-loading Servers If TLS is off-loaded to an intermediate server and Horizon Client devices use the secure tunnel to connect to Horizon 7, you must set the secure tunnel external URL to an address that clients can use to access the intermediate server.
Allow HTTP Connections From Intermediate Servers When TLS is off-loaded to an intermediate server, you can configure Connection Server instances or security servers to allow HTTP connections from the client-facing, intermediate devices. The intermediate devices must accept HTTPS for Horizon Client connections.