When the secure tunnel is enabled, Horizon Client makes a second HTTPS connection to the Connection Server when users connect to a remote desktop.

When the PCoIP Secure Gateway is enabled, Horizon Client makes a further secure connection to the Connection Server host when users connect to a remote desktop with the PCoIP display protocol.

Note: If you use Unified Access Gateway appliances, you must disable the secure gateways on Connection Server instances and enable these gateways on the Unified Access Gateway appliances. For more information, see the Deploying and Configuring VMware Unified Access Gateway document available at https://docs.vmware.com/en/Unified-Access-Gateway/index.html.

When the secure tunnel or PCoIP Secure Gateway is not enabled, a session is established directly between the client system and the remote desktop virtual machine, bypassing the Connection Server. This type of connection is called a direct connection.

Important: In a network configuration in which external clients connect directly to a Connection Server host, you enable or disable the secure tunnel and PCoIP Secure Gateway by editing that Connection Server instance in Horizon Console.

Procedure

  1. In Horizon Console, select Settings > Servers.
  2. On the Connection Servers tab, select a Connection Server instance and click Edit.
  3. On the General tab, configure use of the secure tunnel.
    Option Description
    Enable the secure tunnel Select Use Secure Tunnel connection to machine.
    Disable the secure tunnel Deselect Use Secure Tunnel connection to machine.
    The secure tunnel is enabled by default.
  4. Configure use of the PCoIP Secure Gateway.
    Option Description
    Enable the PCoIP Secure Gateway Select Use PCoIP Secure Gateway for PCoIP connections to machine
    Disable the PCoIP secure Gateway Deselect Use PCoIP Secure Gateway for PCoIP connections to machine
    The PCoIP Secure Gateway is disabled by default.
  5. Click OK to save your changes.