Similar to VPN Option 2, this option routes Internet-bound desktop traffic to use the Horizon Cloud Service gateway and in-guest traffic using Direct Connect. This option is a good choice when you have a significant amount of in-guest application traffic using Direct Connect and you want to take advantage of the VMware Internet bandwidth provided with your tenant.

As shown in Figure 7, all in-guest traffic, such as desktop applications, authentication, DHCP, and DNS, traverses Direct Connect to your organization’s network. Desktop and RDSH server traffic destined for the Internet is directed out the Horizon Cloud Service gateway.

Protocol traffic for external users connecting to the desktops and RDSH servers also passes through the Horizon Cloud Service gateway to the Unified Access Gateway. The Unified Access Gateway acts as a secure proxy for your connection into the Horizon Cloud Service environment and proxies Horizon Cloud Service traffic to and from the Security Zone. Protocol traffic for users connecting from your organization’s network can be configured to connect through the Internet or to traverse Direct Connect to reach the desktops and RDSH servers. Internal users also connect through Unified Access Gateways that are located in internal trusted zones.

Figure 1. Connectivity Using the Horizon Cloud Service Internet Connection