To use the secure tunnel, a client system must have access to an IP address, or a fully qualified domain name (FQDN) that it can resolve to an IP address, that allows the client to reach a Connection Server or security server host.
To use the PCoIP Secure Gateway, a client connects to a Connection Server or security server host using an URL. In an IPv4 environment, the URL must identify a host by its IP address. In an IPv6 environment, the URL can identify a host by either its IP address or its FQDN.
To use the Blast Secure Gateway, a user's endpoint device must have access to an FQDN that it can resolve to an IP address that allows the user's Web browser or computer to reach a Connection Server or security server host.
Using Tunnel Connections from External Locations
By default, a Connection Server or security server host can be contacted only by tunnel clients that reside within the same network and are therefore able to locate the requested host.
Many organizations require that users can connect from an external location by using a specific IP address or client-resolvable domain name, and a specific port. This information might or might not resemble the actual address and port number of the Connection Server or security server host. The information is provided to a client system in the form of a URL. For example:
- https://view-example.com:443
- https://view.example.com:443
- https://example.com:1234
- https://10.20.30.40:443
To use addresses like these in Horizon 7, you must configure the Connection Server or security server host to return an external URL instead of the host's FQDN.
Configuring External URLs
You configure more than one external URL. The first URL allows client systems to make tunnel connections. A second URL allows clients that use PCoIP to make secure connections through the PCoIP Secure Gateway. In an IPv4 environment, the URL must identify a host by its IP address. In an IPv6 environment, the URL can identify a host by either its IP address or its FQDN. The URL allows clients to connect from an external location.
A third URL allows users to make secure connections from their client devices or Web browsers through the Blast Secure Gateway.
If your network configuration includes security servers, provide external URLs for the security servers. External URLs are not required on the Connection Server instances that are paired with the security servers.
The process of configuring the external URLs is different for Connection Server instances and security servers.
- For a Connection Server instance, you set the external URLs by editing Connection Server settings in Horizon Administrator.
- For a security server, you set the external URLs when you run the Connection Server installation program. You can use Horizon Administrator to modify an external URL for a security server.