In this option, routing is configured so that all connectivity to Horizon Cloud Service desktops is through Direct Connect, and no Internet connection is through the Horizon Cloud Service gateway. This option provides the advantage of enabling full visibility and control over all protocol, user, and desktop activity to ensure the highest levels of security and regulatory compliance. This option is suitable when you require all users to connect to Horizon Cloud Service through your organization's network.

As shown in the diagram below, this option deactivates the Horizon Cloud Service gateway, making it technically impossible for users to connect externally to Horizon Cloud Service through the Internet. All traffic-protocol, in-guest, and Internet-bound desktop traffic-traverses Direct Connect through your company-owned Internet gateway. Users must be on your organization's network or connected remotely through your organization's VPN to connect to Horizon Cloud Service. End users who are connected through your organization's VPN require the ports in the diagram below to be open across your organization's VPN. These ports are considered internal connections to Horizon Cloud Service.

Figure 1. No Internet Connectivity Through Horizon Cloud Service