All external connections are handled by the security gateway.
There are no direct connections from virtual desktops to the clients.
The "security servers" are really just proxy servers.
hope that helps
You're correct that the View Client connects to the View Security Server to authenticate and this authentication traffic is forwarded to View Connection Server which handles the actual authentication (to Active Directory and optionally RSA SecurID or RADIUS etc.). If this authentication is successful, then desktop protocol traffic is permitted through Security Server. Any desktop protocol traffic that is not on behalf of an authenticated user is blocked. As Security Server is normally deployed in a DMZ, then Security Server is providing protection for the virtual desktops and RDS hosts to ensure that they are not exposed directly to the Internet.
It is possible to configure View Security Server so that it doesn't act as the gateway for this desktop protocol traffic, but when used to provide remote access from the Internet, it is recommended that the desktop protocols do go via Security Server in order to gain this protection.
The desktop protocols include PCoIP, Blast, RDP, MMR, USB redirect, remote printing etc.
There's a description of remote access to View environments here https://communities.vmware.com/docs/DOC-14974 which covers traffic flows.
If you've set things up to route desktop protocols via Security Server, you may still see initial attempts from the virtual desktop to try to send PCoIP UDP packets directly to the client, but don't worry about those as they won't succeed. As soon as the PCoIP server component on the virtual desktop sees incoming UDP packets from Security Server, it will send reply UDP datagrams back to the Security Server and everything will work as expected.
Hope this helps.
Thanks Mark that's really clear. I wonder why I'm seeing desktops trying to connect directly with the client after authentication has occurred by the Security server. I'll check the external URL's detailed on the Security server and it's paired Connection server.
Let us know if that is anything other than the PCoIP UDP packets I mentioned. In any case they should fail to reach the client and so you shouldn't worry about those.