When clients connect to a View desktop with the PCoIP display protocol from VMware, View Client can make a second connection to the PCoIP Secure Gateway component on a View Connection Server instance or a security server. This connection provides the required level of security and connectivity when accessing View desktops from the Internet.

With VMware View 4.6 and later releases, security servers include a PCoIP Secure Gateway component. The PCoIP Secure Gateway connection offers the following advantages:

The only remote desktop traffic that can enter the corporate data center is traffic on behalf of a strongly authenticated user.

Users can access only the desktop resources that they are authorized to access.

This connection supports PCoIP, which is an advanced remote desktop protocol that makes more efficient use of the network by encapsulating video display packets in UDP instead of TCP.

PCoIP is secured by AES-128 encryption by default. You can, however, change the encryption key cipher to AES-192 or AES-256.

No VPN is required, as long as PCoIP is not blocked by any networking component. For example, someone trying to access their View desktop from inside a hotel room might find that the proxy the hotel uses is not configured to allow outbound traffic on TCP port 4172 and both inbound and outbound traffic on UDP port 4172.

For more information, see Firewall Rules for DMZ-Based Security Servers.

Security servers with PCoIP support run on Windows Server 2008 R2 and take full advantage of the 64-bit architecture. This security server can also take advantage of Intel processors that support AES New Instructions (AESNI) for highly optimized PCoIP encryption and decryption performance.