Administrators can configure Horizon Connection Server settings so that remote desktop and published application sessions are established directly between the client system and the published application or desktop virtual machine, bypassing the Connection Server host. This type of connection is called a direct client connection.

With direct client connections, an HTTPS connection is still made between the client and the Connection Server host for users to authenticate and select remote desktops and published applications, but the second HTTPS connection (the tunnel connection) is not used.

Direct PCoIP and Blast Extreme connections include the following built-in security features:

• Support for Advanced Encryption Standard (AES) encryption, which is turned on by default, and IP Security (IPsec)
• Support for third-party VPN clients

For clients that use the Microsoft RDP display protocol, direct client connections to remote desktops are appropriate only if your deployment is inside a corporate network. With direct client connections, RDP traffic is sent unencrypted over the connection between the client and the desktop virtual machine.