In Horizon Console, you can configure the use of the Blast Secure Gateway to provide secure access to remote desktops and applications, either through HTML Access or through client connections that use the VMware Blast display protocol.

The Blast Secure Gateway includes Blast Extreme Adaptive Transport (BEAT) networking, which dynamically adjusts to network conditions such as varying speeds and packet loss.

  • Blast Secure Gateway supports BEAT networking only when running on a Unified Access Gateway appliance.

  • Horizon Clients using IPv4 and Horizon Clients using IPv6 can be handled concurrently on TCP port 8443 and on UDP port 8443 (for BEAT) when connecting to a Unified Access Gateway appliance version 3.3 or later.

  • Horizon Clients that use a typical network condition must connect to a Connection Server (BSG disabled) or versions later than 2.8 of an Unified Access Gateway appliance. If Horizon Client uses a typical network condition to connect to a Connection Server (BSG enabled) or versions earlier than 2.8 of an Unified Access Gateway appliance, the client automatically senses the network condition and falls back to TCP networking.
  • Horizon Clients that use a poor network condition must connect to version 2.9 or later of an Unified Access Gateway appliance (with UDP Tunnel Server Enabled). If Horizon Client uses a poor network condition to connect to the Connection Server (BSG enabled) or versions earlier than 2.8 of an Unified Access Gateway appliance, the client automatically senses the network condition and falls back to TCP networking.
  • Horizon Clients that use a poor network condition to connect to Connection Server (BSG disabled) or version 2.9 or later of Unified Access Gateway appliance (without UDP Tunnel Server Enabled), or version 2.8 of Unified Access Gateway appliance, the client automatically senses the network condition and falls back to the typical network condition.

For more information, see the Horizon Client documentation at https://docs.vmware.com/en/VMware-Horizon-Client/index.html.

Note: If you use Unified Access Gateway appliances, you must disable the secure gateways on Connection Server instances and enable these gateways on the Unified Access Gateway appliances. For more information, see the Deploying and Configuring VMware Unified Access Gateway document available at https://docs.vmware.com/en/Unified-Access-Gateway/index.html.

When the Blast Secure Gateway is not enabled, client devices and client Web browsers use the VMware Blast Extreme protocol to establish direct connections to remote desktop virtual machines and applications, bypassing the Blast Secure Gateway.

Prerequisites

If users select remote desktops by using VMware Workspace ONE Access, verify that VMware Workspace ONE Access is installed and configured for use with Connection Server and that Connection Server is paired with a SAML 2.0 Authentication server.

Procedure

  1. In Horizon Console, select Settings > Servers.
  2. On the Connection Servers tab, select a Connection Server instance and click Edit.
  3. Configure use of the Blast Secure Gateway.
    Option Description
    Enable the Blast Secure Gateway Select Use Blast Secure Gateway for Blast connections to machine
    Enable the Blast Secure Gateway for HTML Access Select Use Blast Secure Gateway for only HTML Access Blast connections to machine
    Disable the Blast Secure Gateway Select Do not use Blast Secure Gateway
    The Blast Secure Gateway is enabled by default.
  4. Click OK to save your changes.