The following describes how the PCoIP connection process works when an end user logs in and requests a virtual desktop machine:

1. The Horizon Client sends the end user's credentials for authentication via HTTPS to the external URL of the PCoIP External URL that you configured on the security server or Unified Access Gateway. To do this, it uses the XML-API.
2. HTTPS authentication data is passed through from either the Unified Access Gateway or the security server to the connection server. The security server uses IPsec protected AJP13-forwarded traffic, from the security server to the connection server that it is paired with. The desktop pools and apps that the user is entitled to are read from the connection server and then displayed as available resources displayed in the Horizon Client.
3. The end user launches either a virtual desktop or published app session. This connection is initiated on TCP port 4172 (PCoIP port) to the Unified Access Gateway or the security server. This session initiation process is called the PCoIP session handshake.

4. A bi-directional PCoIP connection is established using UDP port 4172 (ensure that this port is not being blocked) to send the session data from the Horizon client and the configured pcoipExternalUrl to the Unified Access Gateway or the security server. Details of the PCoIP session are then forwarded from the Unified Access Gateway or the security server back to the Horizon Agent running on the virtual desktop machine and then to the client.

This process is shown in the following diagram:

In the next section, we are going to look at the Blast Extreme protocol in more detail.