Horizon Security Server overview

The Horizon Security Server is a type of Horizon Connection Server that is designed to add an additional layer of security between remote Horizon Clients and Horizon resources that are located on a private network. Rather than provide remote Horizon clients with direct access to the Horizon Connection Server, organizations can deploy a Horizon Security Server within a DMZ or other secure network to provide secure remote access to Horizon-managed resources. Some of the functions and features of the Horizon Security Server include the following:

• Provides remote Horizon Clients with their own dedicated Horizon connection broker, ensuring an optimal user experience
• Brokers connections between remote Horizon Clients and internal Horizon-managed resources
• Authenticates user connection requests
• Supports both RSA SecureID and RADIUS for enabling optional two-factor user authentication; currently supported RADIUS providers include VASCO DIGIPASS, SMS Passcode, SafeNet, and others
• Can be placed in a DMZ to further isolate the Security Server from the private network
• Does not need to be a member of an Active Directory (AD) domain

The following diagram shows the placement of a Horizon Security Server in a simple Horizon environment. The Horizon Security Server brokers access to a number of different components of the private Horizon infrastructure, each of which is shown in the diagram:

The Horizon Security Server authenticates the clients by contacting the Horizon Connection Server, and then provides them with access to the entitled resources including Horizon Desktops or Applications.