Remote Access to corporate virtual desktops is becoming standard these days. Because of that, organisations are leveraging their existing VPN infrastructure to provide users with a better remote computing experience.
PCoIP is a remote graphics protocol originally designed by our partner, Teradici, and available today in hardware implementations. VMware has been diligently working with Teradici to create a virtualized implementation of this robust, innovative protocol and deliver the premier remote desktop experience for VMware View.
As today, VMware View Security Server provides support for RDP connection only. So it is necessary to leverage existing SSL VPN solutions to provide users with PCoIP like experience.
PCoIP is a server-centric protocol makes use of UDP datagrams, not TCP. Here you will find some good information about how the UDP protocol works.
The issue here is that most SSL VPN operates with TCP.
TCP is a connection oriented protocol and operates on port 443 just like standard HTTPS traffic, but being a TCP based tunnel, it will suffer from potentially poorer throughput because of the built in error checking. It will perform retransmission if there is an error detected in the 3-way handshake of the communication setup. Real-time traffic like VoIP, video and PCoIP streaming may suffer due to increased lag.
On the other hand we have got PCoIP that uses UDP.
The UDP based SSL VPN provide faster and better user experience but that comes at the cost of reliability. IMHO it should not make much difference for PCoIP, a protocol that was design to work under such constraints, and where datagram’s may not arrive at the destination.
If your SSL VPN appliance already provide the capability to establish UDP based VPN connection you should use it.
The downside to UDP SSL is that it is much easier for someone to detect and block. In some cases where connections are filtered and/or authenticated you may find that TCP encapsulation will remediate the issue. These cases are usual for hotels, public internet hot spots and restrictive governments.
I recommend you to run your own tests to understand how PCoIP work over TCP and UDP SSL VPNs. The performance difference between TCP and UDP tunnels is easily measurable with a simple ping test.
Just as information, UDP transparent tunnelling utilise ports 500, 4500, and 10000 to communicate securely between VPN clients and concentrators.
Vendors such as Juniper and Cisco have already started to publish some documentation on the subject.
VMware View with Juniper SA Series SSL VPN
Cisco Solutions for a VMware View 4.0 Environment Design Guide
If you are looking for a free VPN solution check OpenVPN, a open-source community based appliance that run on your ESX environment.