Follow these best practice security policies and procedures when operating a security server in a DMZ.

The DMZ Virtualization with VMware Infrastructure white paper includes examples of best practices for a virtualized DMZ. Many of the recommendations in this white paper also apply to a physical DMZ.

To limit the scope of frame broadcasts, the Horizon Connection Server instances that are paired with security servers should be deployed on an isolated network. This topology can help prevent a malicious user on the internal network from monitoring communication between the security servers and Connection Server instances.

Alternatively, you might be able to use advanced security features on your network switch to prevent malicious monitoring of security server and Connection Server communication and to guard against monitoring attacks such as ARP Cache Poisoning. See the administration documentation for your networking equipment for more information.