Understanding traffic flows associated with Horizon Cloud Service is key when choosing the type of network to implement, and it is an important step before deploying Horizon Cloud Service. Consider the protocol traffic generated by Horizon Clients and network traffic generated by applications and other services on Horizon Cloud Service desktops and RDSH servers.

Note: At a minimum, site-to-site VPN, Dedicated Connection, MPLS, or Network Exchange is needed for Active Directory, DNS, DHCP, and NTP, except with island accounts. An island account has no connectivity to the tenant site, so all access into the system is from the public Internet. An island account is an implementation in which Horizon Cloud Service hosts basic Active Directory, DNS, DHCP, and NTP. When implementing an island account, see the license considerations in the Horizon Cloud Service Level Agreement Terms of Service Documents.

Protocol Traffic

Protocol traffic is the network traffic exchange between the virtual desktop and the endpoint using PCoIP, Blast Extreme, or Blast HTML5 access protocols. Screen images, keyboard and mouse movements, and USB and other device traffic travel between the endpoint and virtual desktop using the desired Horizon protocol. It is important to account for the protocol traffic to properly size your network connection to Horizon Cloud Service. Protocol traffic could be using the same network connection for other in-guest traffic, potentially impacting the end-user experience.

In-Guest Traffic

In-guest traffic is created when an application makes a network call to another application or IT service from within the virtual desktop or RDSH session. An example is when the browser launches from the desktop and reaches out to an internally hosted corporate website. In-guest traffic bound for internal IT resources is routed to the network connection back to the customer’s data center or network. Proper planning for the network connection back to the customer data center is important. In addition to ensuring ample bandwidth, you can specify alternate routes and connections back to data center resources to separate the protocol traffic and in-guest traffic.

Internet-Bound Traffic

A key step in the process is choosing how Internet traffic is routed from Horizon Cloud Service desktops and applications. You can leverage the Internet connection provided by Horizon Cloud Service or route all Internet-bound traffic through your own organization’s network. Determining how Internet-bound traffic is routed within the VMware data center depends on the routing option you choose for the default route (