7.0

Table Of Contents

Table 1‑2. Back-End Firewall Rules (Continued)

Source Port

Default

Port Protocol Destination

Destination

Port Notes

Access Point

appliance

TCP or

UDP Any

Blast

Extreme

Remote

desktop or

application

TCP or UDP

22443

Access Point appliances connect to remote desktops

and applications on TCP and UDP port 22443 to

exchange Blast Extreme traffic.

Access Point

appliance

TCP Any HTTPS Remote

desktop

TCP 22443 If you use HTML Access, Access Point appliances

connect to remote desktops on HTTPS port 22443 to

communicate with the VMware Blast agent.

NOTE Access Point optionally listens on TCP port 9443 for the admin REST API traffic and optionally sends

Syslog events on a default UDP port of 514. If there is a firewall in place for this communication, these ports

must not be blocked.

Access Point Topologies

You can implement any of several different topologies.

An Access Point appliance in the DMZ can be configured to point to a Horizon server or a load balancer that

fronts a group of Horizon servers. Access Point appliances work with standard third-party load balancing

solutions that are configured for HTTPS.

If the Access Point appliance points to a load balancer in front of Horizon servers, the selection of the

Horizon server instance is dynamic. For example, the load balancer might make a selection based on

availability and the load balancer's knowledge of the number of current sessions on each Horizon server

instance. The Horizon server instances inside the corporate firewall usually already have a load balancer in

order to support internal access. With Access Point, you can point the Access Point appliance to this same

load balancer that is often already being used.

Deploying and Configuring Access Point

12 VMware, Inc.