When you deploy Horizon Client and Horizon Agent with client drive redirection, folders and files are sent across the network with encryption.
Client drive redirection connections between clients and the View Secure Gateway and connections from the View Secure Gateway to desktop machines are secure. If VMware Blast is enabled, files and folders are transferred across a virtual channel with encryption.
TCP connections on port 9427 are required to support client drive redirection. If your Horizon 7 deployment includes a back-end firewall between your DMZ-based security servers and your internal network, the back-end firewall must allow traffic to port 9427 on your remote desktops. If VMware Blast is enabled, TCP port 9427 is not required to be open because client drive redirection transfers data through the virtual channel.
The Client Drive Redirection custom setup option in the Horizon Agent installer is selected by default. As a best practice, enable the Client Drive Redirection custom setup option only in remote desktops where users require this feature.
With Horizon Client releases that are earlier than version 3.5, or Horizon Agent releases that are earlier than version 6.2, client drive redirection folders and files are sent across the network without encryption and might contain sensitive data, depending on the content being redirected. If the secure tunnel is enabled, client drive redirection connections between Horizon Client and the View Secure Gateway are secure, but connections from the View Secure Gateway to desktop machines are not encrypted. If the secure tunnel is disabled, client drive redirection connections from Horizon Client to the desktop machines are not encrypted. To ensure that this data cannot be monitored on the network, use client drive redirection only on a secure network with earlier client and agent releases.