Horizon Security Server overview
The Horizon Security Server is a type of Horizon Connection Server that is designed to add an additional layer of security between remote Horizon Clients and Horizon resources that are located on a private network. Rather than provide remote Horizon clients with direct access to the Horizon Connection Server, organizations can deploy a Horizon Security Server within a DMZ or other secure network to provide secure remote access to Horizon-managed resources. Some of the functions and features of the Horizon Security Server include:
- Provides remote Horizon Clients with their own dedicated Horizon connection broker, ensuring an optimal user experience
- Brokers connections between remote Horizon Clients and internal Horizon-managed resources
- Authenticates user connection requests
- Supports RSA SecurID and RADIUS for enabling optional two-factor user authentication
- Can be placed in a DMZ to further isolate the Security Server from the private network
- Does not need to be a member of an Active Directory domain
The following diagram shows the placement of a Horizon Security Server in a simple Horizon environment. The Horizon Security Server brokers access to a number of different components of the private Horizon infrastructure, each of which is shown in the diagram:
The Horizon Security Server authenticates the clients by contacting the Horizon Connection Server, and then provides them with access to the entitled resources including Horizon Desktops or Applications.
Tip
Horizon Access Point is a hardened, Linux-based virtual appliance that provides similar capabilities to a Horizon Security Server. Chapter 5, Implementing VMware Horizon Access Point, provides details about the installation and configuration of this newer Horizon component, which is an alternative to the Horizon Security Server.