Hello everyone
Recently, I deployed a horizon environment and it has to be secured both externally and internally. My problem is that when we install an agent on each VM there is a little interaction between each VM and connection server. Meanwhile if that VM has been infected by any malicious software this infection can be speared into connection server or any other important infrastructure. In addition I don't want users to be able to access connection server admin web page internally while by installing agent to VMs they are able to visit admin page.
Another problem is that the recording server which VMs should be able to connect to it through port 9443 is publicly available to VMs and users can access to its web admin interface.
How can I isolate horizon infrastructure from internal users or at least how can I make sure that the only interaction between VMs are from horizon and not from any unwanted app.
this is a serious issue for me and I will be so much appreciated if anyone could help me with that.