Sometimes I really love the #vCommunity – Just kidding: I love them all of the time. I was confronted with a scenario where only certain users of a Horizon environment should be allowed to access their own Desktop via the Internet.
In general you have certain options to do some kind of restrictions:
- Using Tags on the Connection Server and Create Desktop Pools that only allow the usage by Users coming from a tagged Connection Server
- Using VMware vIDM (Identity Manager) and create conditonal access rules. This will work, but will also create some new overhead to implement vIDM in a high-available fashion.