This software service acts as a broker for client connections. Horizon Connection Server authenticates users through Windows Active Directory and directs the request to the appropriate virtual machine, physical PC, or Microsoft RDS host.
Connection Server provides the following management capabilities:
- Authenticating users
- Entitling users to specific desktops and pools
- Assigning applications packaged with VMware ThinApp to specific desktops and pools
- Managing remote desktop and application sessions
- Establishing secure connections between users and remote desktops and applications
- Enabling single sign-on
- Setting and applying policies
Inside the corporate firewall, you install and configure a group of two or more Connection Server instances. Their configuration data is stored in an embedded LDAP directory and is replicated among members of the group.
Outside the corporate firewall, in the DMZ, you can install and configure Connection Server as a security server, or you can install a Unified Access Gateway appliance. Security servers and Unified Access Gateway appliances in the DMZ communicate with Connection Servers inside the corporate firewall. Security servers and Unified Access Gateway appliances ensure that the only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user. Users can access only the resources that they are authorized to access.
Security servers offer a subset of functionality and are not required to be in an Active Directory domain. You install Connection Server in a Windows Server 2008 R2 or Windows Server 2012 R2 server, preferably on a VMware virtual machine. For more information about Unified Access Gateway appliances, see Deploying and Configuring Unified Access Gateway.