HTTPS connection to load-balanced Connection Servers The table below outlines the features of the Security Server, Access Point, and F5 APM. The APM feature is licensed separately from other F5 features, and there is an additional cost for F5 APM licensing.
F5 APM is configured using a Horizon iApp Rule – a template with all of the F5 rules required for Horizon and a graphical interface for configuring it to your particular environment. The Horizon Proxy can authenticate users to the Horizon environment and handle both PCoIP and Blast connections. One of the feature of APM is a Horizon Proxy. Access Policy Manager provides context-aware secure remote access to applications and other resources. The F5 Access Policy Manager is a feature of the F5 Application Delivery Controller. It does have a REST API that can be used to view configuration details and monitor the number of connections that are connecting through the Access Point. The Access Point also has no management interface.
When the Access Point needs an upgrade, settings change (such as a certificate replacement), or breaks, the appliance is meant to be discarded and a new one deployed in its place. The Access Point is designed to be disposable. In addition to being a Security Server replacement, it can also act as a reverse proxy for VIDM and as endpoint for Airwatch Tunnels to connect on-premises services with a cloud-hosted Airwatch environment. The Horizon Access Point was officially released for Horizon environments with Horizon 6.2.2, and it has received new features and improvements with every major and minor Horizon release since. These two alternatives are the Horizon Access Point, a hardened purpose-built remote access appliance for Horizon and Airwatch, and the F5 Access Policy Manager for Horizon.
#The pcoip protocol requires view security server windows#
There are two alternatives for providing remote access to Horizon environments if you don’t want to place Windows servers into a DMZ environment. This may require putting Windows servers into a DMZ network, and this can present some security and management challenges. Since the Security Server is built on a subset of Connection Server components, it requires a Windows Server-based operating system. This IP address does not need to be configured on the server’s network card as both Static 1:1 NAT and PAT work with Horizon View. If it is externally facing, it will need to have a publicly addressable static IP. Because the Security Server is an optional component, each Connection Server is not required to have one, and a Connection Server cannot be paired to more than one Security Server.Įach Security Server also needs a static IP address. It’s essentially a reverse proxy for your View environment.Įach Security Server that is deployed needs a corresponding Connection Server, and they are paired during the installation process. This component of the Horizon View environment contains a subset of the Connection Server components, and it is designed to sit in a DMZ and act as a gateway for Horizon View Clients. The View Security Server is VMware’s original method of addressing remote access. Now that a desktop pool has been set up and desktops are provisioned, it’s time to set up that remote access. Horizon View provides a secure method for granting users access to their desktops from anywhere with an Internet connection on any device without needing a VPN connection. If you can provide secure remote access to their desktop, they are no longer tied to their VPN connection or corporate laptop. When you decouple the user from the physical hardware that sits on their desk, you provide new opportunities to change the way they work because they are no longer tethered to their desk.