In Horizon Console, you can configure the use of the Blast Secure Gateway to provide secure access to remote desktops and applications, either through HTML Access or through client connections that use the VMware Blast display protocol.
The Blast Secure Gateway includes Blast Extreme Adaptive Transport (BEAT) networking, which dynamically adjusts to network conditions such as varying speeds and packet loss.
- Blast Secure Gateway supports BEAT networking only when running on a Unified Access Gateway appliance.
-
Horizon Clients using IPv4 and Horizon Clients using IPv6 can be handled concurrently on TCP port 8443 and on UDP port 8443 (for BEAT) when connecting to a Unified Access Gateway appliance version 3.3 or later.
- Horizon Clients that use a typical network condition must connect to a Connection Server (BSG disabled) or versions later than 2.8 of an Unified Access Gateway appliance. If Horizon Client uses a typical network condition to connect to a Connection Server (BSG enabled) or versions earlier than 2.8 of an Unified Access Gateway appliance, the client automatically senses the network condition and falls back to TCP networking.
- Horizon Clients that use a poor network condition must connect to version 2.9 or later of an Unified Access Gateway appliance (with UDP Tunnel Server Enabled). If Horizon Client uses a poor network condition to connect to the Connection Server (BSG enabled) or versions earlier than 2.8 of an Unified Access Gateway appliance, the client automatically senses the network condition and falls back to TCP networking.
- Horizon Clients that use a poor network condition to connect to Connection Server (BSG disabled) or version 2.9 or later of Unified Access Gateway appliance (without UDP Tunnel Server Enabled), or version 2.8 of Unified Access Gateway appliance, the client automatically senses the network condition and falls back to the typical network condition.
For more information, see the Horizon Client documentation at https://docs.vmware.com/en/VMware-Horizon-Client/index.html.
When the Blast Secure Gateway is not enabled, client devices and client Web browsers use the VMware Blast Extreme protocol to establish direct connections to remote desktop virtual machines and applications, bypassing the Blast Secure Gateway.
Prerequisites
If users select remote desktops by using VMware Workspace ONE Access, verify that VMware Workspace ONE Access is installed and configured for use with Connection Server and that Connection Server is paired with a SAML 2.0 Authentication server.