This software service acts as a broker for client connections. Horizon Connection Server authenticates users through Windows Active Directory and directs the request to the appropriate virtual machine, physical PC, or Microsoft RDS host.

Connection Server provides the following management capabilities:

  • Authenticating users
  • Entitling users to specific desktops and pools
  • Managing remote desktop and application sessions
  • Establishing secure connections between users and remote desktops and applications
  • Enabling single sign-on
  • Setting and applying policies

Inside the corporate firewall, you install and configure a group of two or more Connection Server instances. Their configuration data is stored in an embedded LDAP directory and is replicated among members of the group.

Outside the corporate firewall, in the DMZ, you can install install a Unified Access Gateway appliance. Unified Access Gateway appliances in the DMZ communicate with Connection Servers inside the corporate firewall. Unified Access Gateway appliances ensure that the only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user. Users can access only the resources that they are authorized to access.

For more information about Unified Access Gateway appliances, see the Unified Access Gateway documentation at https://docs.vmware.com/en/Unified-Access-Gateway/index.html.

Important: It is possible to create a VMware Horizon setup that does not use Connection Server. If you install the View Agent Direct Connect Plugin in a remote virtual machine desktop, the client can connect directly to the virtual machine. All the remote desktop features, including PCoIP, HTML Access, RDP, USB redirection, and session management work in the same way, as if the user had connected through Connection Server. For more information, see the View Agent Direct-Connection Plugin Administration document.