In Horizon Administrator, you can configure the use of the Blast Secure Gateway to provide secure access to remote desktops and applications, either through HTML Access or through client connections that use the VMware Blast display protocol.

Before you begin

If users select remote desktops by using VMware Identity Manager, verify that VMware Identity Manager is installed and configured for use with Connection Server and that Connection Server is paired with a SAML 2.0 Authentication server.

About this task

The Blast Secure Gateway includes Blast Extreme Adaptive Transport (BEAT) networking, which dynamically adjusts to network conditions such as varying speeds and packet loss.

  • Horizon Clients can use BEAT networking with an excellent network condition while connecting to the Connection Server, security server, or Unified Access Gateway appliance.

  • Horizon Clients that use a typical network condition must connect to a Connection Server (BSG disabled), security server (BSG disabled), or versions later than 2.8 of an Unified Access Gateway appliance. If Horizon Client uses a typical network condition to connect to a Connection Server (BSG enabled), security server (BSG enabled), or versions earlier than 2.8 of an Unified Access Gateway appliance, the client automatically senses the network condition and falls back to TCP networking.

  • Horizon Clients that use a poor network condition must connect to version 2.9 or later of an Unified Access Gateway appliance (with UDP Tunnel Server Enabled). If Horizon Client uses a poor network condition to connect to the Connection Server (BSG enabled), security server (BSG enabled), or versions earlier than 2.8 of an Unified Access Gateway appliance, the client automatically senses the network condition and falls back to TCP networking.

  • Horizon Clients that use a poor network condition to connect to Connection Server (BSG disabled), security server (BSG disabled), or version 2.9 or later of Unified Access Gateway appliance (without UDP Tunnel Server Enabled), or version 2.8 of Unified Access Gateway appliance, the client automatically senses the network condition and falls back to the typical network condition.

For more information, see the Horizon Client documentation at https://www.vmware.com/support/viewclients/doc/viewclients_pubs.html.

Note:

You can also use Unified Access Gateway appliances, rather than security servers, for secure external access to Horizon 7 servers and desktops. If you use Unified Access Gateway appliances, you must disable the secure gateways on Connection Server instances and enable these gateways on the Unified Access Gateway appliances. For more information, see Deploying and Configuring Unified Access Gateway.

When the Blast Secure Gateway is not enabled, client devices and client Web browsers use the VMware Blast Extreme protocol to establish direct connections to remote desktop virtual machines and applications, bypassing the Blast Secure Gateway.

Important:

A typical network configuration that provides secure connections for external users includes a security server. To enable or disable the Blast Secure Gateway on a security server, you must edit the Connection Server instance that is paired with the security server. If external users connect directly to a Connection Server host, you enable or disable the Blast Secure Gateway by editing that Connection Server instance.

Procedure

  1. In Horizon Administrator, select View Configuration > Servers.
  2. On the Connection Servers tab, select a Connection Server instance and click Edit.
  3. Configure use of the Blast Secure Gateway.

    Option

    Description

    Enable the Blast Secure Gateway

    Select Use Blast Secure Gateway for Blast connections to machine

    Disable the Blast secure Gateway

    Deselect Use Blast Secure Gateway for Blast connections to machine

    The Blast Secure Gateway is enabled by default.

  4. Click OK to save your changes.