The Horizon Unified Access Gateway is a type of Horizon Connection Server that is designed to add an additional layer of security between remote Horizon Clients and Horizon resources that are located on a private network. Rather than providing remote clients with direct access to the Connection Server, organizations can deploy a Unified Access Gateway within a DMZ or other secure network to provide secure remote access to Horizon-managed resources. Some of the functions and features of the Horizon Unified Access Gateway include the following:

• Providing remote Horizon clients with their own dedicated connection broker, ensuring an optimal user experience
• Brokering connections between remote Horizon clients and internal Horizon-managed resources
• Authenticating user connection requests
• Supporting RSA SecurID, RADIUS, Smart Cards, and Security Assertion Markup Language (SAML)-based authentication to enable optional two-factor user authentication
• Ability to be placed in a DMZ to further isolate the Unified Access Gateway from the private network

The following diagram shows the placement of a Horizon Unified Access Gateway in a simple Horizon environment. The Horizon Unified Access Gateway brokers access to a number of different components of the private Horizon infrastructure, each of which is shown in the diagram:

The Horizon Unified Access Gateway authenticates the clients by contacting the Horizon Connection Server, and then provides them with access to the entitled resources, including Horizon desktops or applications.