Hi there, i'm designing the architecture for our new smallish scale Horizon deployment that has the requirement for external access using 2FA and RSA tokens.  I've had a Horizon 6.2 pod running for a while, and we use 2 Security servers and 4 Connection servers to facilitate access.  2 Connection servers have RSA enabled, and are paired with the Security servers, then the 2 others have RSA off for internal users.

Reading the reference architecture, it went into the new(ish) Access Point appliance that doesn't require pairing with connection servers, so how does this work from an RSA perspective.  Does the RSA move to the Access Point in this architecture, or do you still have to tie down to given Connection servers to allow RSA for external connections only?

Hope the Q makes sense