When clients connect to a remote desktop or application with the PCoIP or Blast Extreme display protocol from VMware, Horizon Client can make a second connection to the applicable Secure Gateway component on a Horizon Connection Server instance, security server, or Unified Access Gateway appliance. This connection provides the required level of security and connectivity when accessing remote desktops and applications from the Internet.

Security servers and Unified Access Gateway appliances include a PCoIP Secure Gateway component and a Blast Secure Gateway component, which offers the following advantages:

• The only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.
• Users can access only the resources that they are authorized to access.
• The PCoIP Secure Gateway connection supports PCoIP, and the Blast Secure Gateway connection supports Blast Extreme. Both are advanced remote display protocols that make more efficient use of the network by encapsulating video display packets in UDP instead of TCP.
• PCoIP and Blast Extreme are secured by AES-128 encryption by default. You can, however, change the encryption cipher to AES-256.
• No VPN is required, as long as the display protocol is not blocked by any networking component. For example, someone trying to access their remote desktop or application from inside a hotel room might find that the proxy the hotel uses is not configured to pass UDP packets.

  For more information, see Firewall Rules for DMZ-Based Security Servers.

Security servers run on Windows Server 2008 R2 and Windows Server 2012 R2 operating systems and take full advantage of the 64-bit architecture. This security server can also take advantage of Intel processors that support AES New Instructions (AESNI) for highly optimized encryption and decryption performance.

For more information about Unified Access Gateway virtual appliances, see Deploying and Configuring Unified Access Gateway.