Horizon Client and View Administrator communicate with a View Connection Server host over secure HTTPS connections. Information about the server certificate on View Connection Server is communicated to the client as part of the SSL handshake between client and server.

The initial Horizon Client connection, which is used for user authentication and remote desktop and application selection, is created when a user opens Horizon Client and provides a fully qualified domain name for the View Connection Server, security server, or Access Point host. The View Administrator connection is created when an administrator types the View Administrator URL into a Web browser.

A default SSL server certificate is generated during View Connection Server installation. By default, SSL clients are presented with this certificate when they visit a secure page such as View Administrator.

You can use the default certificate for testing, but you should replace it with your own certificate as soon as possible. The default certificate is not signed by a commercial Certificate Authority (CA). Use of noncertified certificates can allow untrusted parties to intercept traffic by masquerading as your server.

When clients connect to a remote desktop or application with the PCoIP or Blast Extreme display protocol from VMware, Horizon Client can make a second connection to the applicable Secure Gateway component on a View Connection Server instance, security server, or Access Point appliance. This connection provides the required level of security and connectivity when accessing remote desktops and applications from the Internet.

When users connect to a remote desktop with the Microsoft RDP display protocol, Horizon Client can make a second HTTPS connection to the View Connection Server host. This connection is called the tunnel connection because it provides a tunnel for carrying RDP data.

Administrators can configure View Connection Server settings so that remote desktop and application sessions are established directly between the client system and the remote application or desktop virtual machine, bypassing the View Connection Server host. This type of connection is called a direct client connection.