View clients communicate with a View Connection Server or security server host over secure connections.

The initial View Client connection, which is used for user authentication and View desktop selection, is created over HTTPS when a user provides a domain name to View Client. If firewall and load balancing software are configured correctly in your network environment, this request reaches the View Connection Server or security server host. With this connection, users are authenticated and a desktop is selected, but users have not yet connected to View desktops.

When users connect to View desktops, by default View Client makes a second connection to the View Connection Server or security server host. This connection is called the tunnel connection because it provides a secure tunnel for carrying RDP and other data over HTTPS.

When users connect to View desktops with the PCoIP display protocol, View Client can make a further connection to the PCoIP Secure Gateway on the View Connection Server or security server host. The PCoIP Secure Gateway ensures that only authenticated users can communicate with View desktops over PCoIP.

When the secure tunnel or PCoIP Secure Gateway is disabled, View desktop sessions are established directly between the client system and the View desktop virtual machine, bypassing the View Connection Server or security server host. This type of connection is called a direct connection.

Desktop sessions that use direct connections remain connected even if View Connection Server is no longer running.

Typically, to provide secure connections for external clients that connect to a security server or View Connection Server host over a WAN, you enable both the secure tunnel and the PCoIP Secure Gateway. You can disable the secure tunnel and the PCoIP Secure Gateway to allow internal, LAN-connected clients to establish direct connections to View desktops.

Certain View Client endpoints, such as thin clients, do not support the tunnel connection and use direct connections for RDP data, but do support the PCoIP Secure Gateway for PCoIP data.

You can also provide secure connections to external users who use HTML Access to connect to View desktops. The Blast Secure Gateway, enabled by default on View Connection Server and security server hosts, ensures that only authenticated users can communicate with View desktops. With HTML Access, View Client software does not have to be installed on the users' endpoint devices.

SSL is required for all client connections to View Connection Server and security server hosts.