Reply to Message

View discussion in a popup

Replying to:
mrstorey303
Enthusiast
Enthusiast

UAG Blast Tunnelling for HTML Connections Only?

I'm working on a True SSO design for our company now that Horizon supports 3rd party IDPs (ie you're not tied into using VIDM for SAML auth anymore).

My understanding is that UAGs are a required component to handle auth, regardless of whether you're inside our outside the company network.

Right now, I've configured internal clients to resolve directly to the connection servers, and I've enabled 'Use Blast Secure Gateway for only HTML Access connections to machine'.  This allows incoming connections from thick / installable clients to connect to brokered desktops directly, providing a more efficient traffic path, while overcoming the annoying cert warnings you'd get when connecting directly with an HTML5 client (I know there are ways around this, but none are desirable - it's just easier to tunnel HTML5 connections and tell users you'd get better performance from the installable client).

So, in a True SSO world, I'll need to deploy UAGs internally and resolve users to them instead.  So my question:

Is it possible to enable selective tunnelling on UAGs, so that only HTML5 clients will tunnel, and installable clients will go direct?

Thanks,

Alex

Reply
0 Kudos