Security servers in the DMZ communicate with the external View Connection Servers on the internal network. Security servers ensure that the only traffic that can enter the internal network is traffic on behalf of a strongly authenticated user. Users can access only the desktop resources that they are authorized to access.
The Security server is not on the domain and it is placed inside the DMZ in a workgroup.
The following ports are opened externally to this server.
- TCP/80 (Web Access and Authentication port if SSL is not used)
- TCP/443 (Secure Web Access and Secure Authentication)
- TCP/4172 ( PCoIP protocol – Display protocol VMware View users)
- TCP/8443 (HTML 5 Protocol – aka Blast Protocol used for access via a HTML 5 supported browser to access a VDI desktop without the need to install any client software)
The security servers establishes an IPSEC VPN to an connection server on the internal network which it is permanently paired too and has a 1:1 relationship with.