When clients connect to a remote desktop or application with the PCoIP or Blast Extreme display protocol from VMware, Horizon Client can make a second connection to the applicable Secure Gateway component on a connection broker instance or Unified Access Gateway appliance. This connection provides the required level of security and connectivity when accessing remote desktops and applications from the Internet.
Unified Access Gateway appliances include a PCoIP Secure Gateway component and a Blast Secure Gateway component, which offers the following advantages:
- The only remote desktop and application traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.
- Users can access only the resources that they are authorized to access.
- The PCoIP Secure Gateway connection supports PCoIP, and the Blast Secure Gateway connection supports Blast Extreme. Both are advanced remote display protocols that make more efficient use of the network by encapsulating video display packets in UDP instead of TCP.
- PCoIP and Blast Extreme are secured by AES-128 encryption by default. You can, however, change the encryption cipher to AES-256.
- No VPN is required if the display protocol is not blocked by any networking component. For example, someone trying to access their remote desktop or application from inside a hotel room might find that the proxy the hotel uses is not configured to pass UDP packets.
For more information about Unified Access Gateway virtual appliances, see Deploying and Configuring VMware Unified Access Gateway.