You can configure Blast to make an outbound TCP connection (referred to as a "reverse connection") from the Agent system to a Blast Secure Gateway running on UAG. By adding a gateway certificate, you can verify that messages are authorized by UAG and have not been tampered with.

Procedure

  1. Enable the feature in UAG.
    1. In the UAG appliance, go to General Settings and select Edge Service Settings > Horizon Settings.
    2. Click the Settings (gear) icon, then select Enable Horizon.
    3. In the Horizon Settings pane, turn Enable XML Signing to ON and click More to expand the pane.
    4. Select the following options: Enable Blast and Blast Reverse Connection Enabled.
    5. Select Blast Reverse Connection URL Inside and change the port numbert to 8444.
    6. Click Save.
  2. Add the certificate.
    1. Go to VMware Horizon > Settings > Servers.
    2. Select the Gateway Certificate tab.
    3. Click Add.
    4. In the Add Certificate dialog, enter a name you want to use to identify the certificate, and copy the certificate details in PEM format into the Certificate field. Click OK.
  3. Launch the desktop or application pool from the Client.
  4. Check the following:
    • In the registry editor, ReverseConnectionEnabled should be set to 1. This ensures that the reverse connection registry is added to the blast configuration registry.
    • For Reverse Connection Verification, make sure that port 8444 is established from the Agent to UAG, and that the Blast Worker Log shows that the Blast Reverse Connection is enabled and upgraded successfully.