The Horizon Unified Access Gateway is a type of Horizon Connection Server that is designed to add an additional layer of security between remote Horizon Clients and Horizon resources that are located on a private network. Rather than providing remote clients with direct access to the Connection Server, organizations can deploy a Unified Access Gateway within a DMZ or other secure network to provide secure remote access to Horizon-managed resources. Some of the functions and features of the Horizon Unified Access Gateway include the following:
- Providing remote Horizon clients with their own dedicated connection broker, ensuring an optimal user experience
- Brokering connections between remote Horizon clients and internal Horizon-managed resources
- Authenticating user connection requests
- Supporting RSA SecurID, RADIUS, Smart Cards, and Security Assertion Markup Language (SAML)-based authentication to enable optional two-factor user authentication
- Ability to be placed in a DMZ to further isolate the Unified Access Gateway from the private network
The following diagram shows the placement of a Horizon Unified Access Gateway in a simple Horizon environment. The Horizon Unified Access Gateway brokers access to a number of different components of the private Horizon infrastructure, each of which is shown in the diagram:
The Horizon Unified Access Gateway authenticates the clients by contacting the Horizon Connection Server, and then provides them with access to the entitled resources, including Horizon desktops or applications.