You do not need isolated pools, just 2 connection brokers that are part of the same View instance, and then configure the authentication on each.

sky_zhangjun wrote:

But there is no way two connection servers can work together. I have to build two isolated pools on each connection servers for the same users.

My question is, is this the only solution?

No. As Linjo correctly states, much better to install the second Connection Server (as a replica). It's the same View environment so users can get to the same pool from the internal network and external network. The replica Connection Server is automatically set up and configuration data is replicated and synchronized between the two so there is no separate management.

There are at least 5 advantage of have a dedicated Connection Server for Internal and External:

1. You can configure different authentication differently for each. e.g. 2FA for external users.

2. PCoIP gatewaying can be configured differently allowing external users to gateway PCoIP and for internal users to connect direct. It's more efficient this way. Same for tunnelled TCP traffic.

3. You can set up entitlements differently. Some customers need to ensure that certain pools are only accessible for internal users. Using tags addresses this.

4. You can set policies on the virtual desktops from a Session Start script and this can take account of whether the user is coming in locally or remotely. e.g. USB policies and other lockdown settings.

5. You can block certain protocols for external users (e.g. USB redirection etc.).

Mark