VMware Horizon Community
VaseemMohammed
Enthusiast
Enthusiast
‎04-19-2017 12:05 AM
Jump to solution

Horizon Security Server

Hello everyone,

I have been reading about security server and everywhere it says to put it in DMZ.

In one case, there is no DMZ network as such in place.

Can it be on the same network as Connection servers?

Thank You.

Tags (1)
Reply
0 Kudos
1 Solution

Accepted Solutions
markbenson
VMware Employee
VMware Employee
‎04-19-2017 04:38 AM
Jump to solution

Yes. Installing Security Server on the same network will work.

Alternatively, you can just enable the three gateways on Connection Server so that you don't need to install Security Server. These are:

1. Enable the Secure Tunnel.

2. Enable the PCoIP Secure Gateway

3. Enable the Blast Secure Gateway

This gives you the Security Server functionality but on Connection Server. This can be a good option in cases where there is no specific DMZ network.

For more information on this, refer to http://pubs.vmware.com/horizon-71-view/topic/com.vmware.ICbase/PDF/view-71-administration.pdf - pages 33-35.

View solution in original post

Reply
0 Kudos
6 Replies
markbenson
VMware Employee
VMware Employee
‎04-19-2017 01:37 AM
Jump to solution

If there is no DMZ, there is no real advantage in deploying Horizon Security Server (or Unified Access gateway appliance).

All of the Security Server functionality is also on Connection Server.

Security Server is generally used to support remote access by users on the Internet accessing a data center for their Horizon virtual desktops and RDSH apps. It is usulaly placed in a DMZ network to ensure that the only traffic entering virtual desktops and RDS Hosts is trafic on behalf of an authenticated user. Unauthenticated traffic is discarded in the DMZ.

If your use case is just to support internal users then you don't need Security Server. Users connect direct to Connection Server. If you are supporting remote access users as well, then consider deploying Security Server, but it is best if it is deployed to a DMZ network for added security.

Reply
0 Kudos
VaseemMohammed
Enthusiast
Enthusiast
‎04-19-2017 03:22 AM
Jump to solution

agree to your point.

Users need to access virtual desktops remotely over internet and there is no DMZ network, so if I deploy a security server on the same network as connection server will that work?

Reply
0 Kudos
markbenson
VMware Employee
VMware Employee
‎04-19-2017 04:38 AM
Jump to solution

Yes. Installing Security Server on the same network will work.

Alternatively, you can just enable the three gateways on Connection Server so that you don't need to install Security Server. These are:

1. Enable the Secure Tunnel.

2. Enable the PCoIP Secure Gateway

3. Enable the Blast Secure Gateway

This gives you the Security Server functionality but on Connection Server. This can be a good option in cases where there is no specific DMZ network.

For more information on this, refer to http://pubs.vmware.com/horizon-71-view/topic/com.vmware.ICbase/PDF/view-71-administration.pdf - pages 33-35.

Reply
0 Kudos
VaseemMohammed
Enthusiast
Enthusiast
‎04-19-2017 10:11 AM
Jump to solution

Thank You Mark, you were of great help, will give View Administration guide a thorough read again.

Reply
0 Kudos
markbenson
VMware Employee
VMware Employee
‎04-24-2017 12:43 PM
Jump to solution

VaseemMohammed Is this resolved now?

Reply
0 Kudos
VaseemMohammed
Enthusiast
Enthusiast
‎04-24-2017 11:02 PM
Jump to solution

Hey,

I did try it in lab, and it works, had to simulate by using a firewall to see what ports I will need to be open on firewall from outside network to Security server.

Thank You.

Reply
0 Kudos