The VMware Horizon Client provides end-users with access to both desktops and applications in a Horizon 7 environment, and is available on desktop PC’s, Thin Clients, and mobile devices on multiple operating systems (Windows, Mac, iOS, Linux, and Android).

The connection flow of the Horizon Client is the same with Horizon 7, Horizon Air or Horizon DaaS. External access to Horizon 7 is either facilitated using VMware Access Point™ virtual appliances in the DMZ, or Security Server which runs on Windows Server.

For the purposes of this document, Access Point will be used as the preferred security gateway since it has many advantages for service providers. Unlike Security Server which must be “paired” with a Connection Server, Access Point can be independently scaled, with multiple instances residing behind a load-balancer without the need for pairing. In addition, Access Point handles up to 2,000 active sessions per appliance, and it is recommended at least two are deployed for availability and load distribution.

When the user launches the chosen desktop or application pool, Access Point will communicate on HTTPS (TCP 443) to receive the desktop VM IP from the Connection Server. The role of the PCoIP Gateway on the Access Point appliance is to then forward the PCoIP connection to the IP address of the Horizon Agent. When the Blast Extreme protocol is used, it uses a secure WebSocket on HTTPS.