A security server is a special instance of Horizon Connection Server that runs a subset of Connection Server functions. You can use a security server to provide an additional layer of security between the Internet and your internal network.
A security server resides within a DMZ and acts as a proxy host for connections inside your trusted network. Each security server is paired with an instance of Connection Server and forwards all traffic to that instance. You can pair multiple security servers to a single connection server. This design provides an additional layer of security by shielding the Connection Server instance from the public-facing Internet and by forcing all unprotected session requests through the security server.
A DMZ-based security server deployment requires a few ports to be opened on the firewall to allow clients to connect with security servers inside the DMZ. You must also configure ports for communication between security servers and the Connection Server instances in the internal network. See Firewall Rules for DMZ-Based Security Servers for information on specific ports.
Because users can connect directly with any Connection Server instance from within their internal network, you do not need to implement a security server in a LAN-based deployment.
Security servers include a PCoIP Secure Gateway component and a Blast Secure Gateway component so that clients that use the PCoIP or Blast Extreme display protocol can use a security server rather than a VPN.
For information about setting up VPNs for using PCoIP, see the VPN solution overviews, available in the Technology Partner Resources section of the Technical Resource Center at http://www.vmware.com/products/view/resources.html.