Connection Manager and Security Gateway¶
The Connection Manager and the Security Gateway are components of HP Anyware, and can be deployed together as a set or individually. Multiple instances of the Connection Manager and/or the Security Gateway can be deployed to handle mixed LAN and WAN access points, enable security gateway failover, or for scaling large systems.
Components in this release
The Connection Manager and Security Gateway 25.03 is a combined release containing:
- Connection Manager 25.03
- Security Gateway 23.04
About the Connection Manager¶
The Connection Manager enables connections between Anyware clients and Anyware agents installed on remote desktops. It uses a required third-party connection broker to authenticate users, query available desktops and applications, and then establish a PCoIP connection between the client and the selected desktop.
About the Security Gateway¶
The Security Gateway enables WAN users to securely access their remote desktops via the Internet without a VPN connection. You can optionally deploy multiple Security Gateways so that if the gateway being used by a PCoIP session becomes unavailable, the session is automatically transferred to the next available gateway. To use this feature, configure the Connection Manager using the --external-sg-ip
flag with the addresses of the failover security brokers.
Note
The Security Gateway is not required for LAN access.
Establishing a PCoIP Connection With the Connection Manager and Security Gateway¶
The diagram shown next illustrates a brokered connection to the Anyware host machine using the Connection Manager and the Security Gateway.
Caution: A dedicated server is strongly recommended
Since the Connection Manager is a component that handles authentication data for users connecting to virtual desktops, we strongly recommend installing the Connection Manager and Security Gateway on a dedicated server that is accessible only by authorized system administrators according to your organization's security policy.
Deployment Scenarios¶
Depending on your deployment scenario, you can install the Connection Manager with the Security Gateway disabled.
-
All your desktops are on a LAN (internal access only): you may only need to install one Connection Manager. Since a Security Gateway isn't required for LAN connections, you can optionally disable it.
-
All your desktops are on a WAN: Install one Connection Manager, and enabling one or more Security Gateways. The Connection Manager handles PCoIP Connection establishment and the Security Gateway(s) secures the PCoIP session across the public internet.
-
Your desktops are on both a LAN and WAN: We recommend installing at least two groups of connection managers; one for internal access with the Security Gateway disabled, and one for external access with one or more Security Gateway(s) enabled. You can set up the DNS so that internal and external users are routed to the appropriate connection manager.
-
If you are exceeding the system specifications or have high availability requirements: If you serve a large number of desktops, or require high availability, install additional connection managers and implement load balancing.