# What is Amazon DCV Connection Gateway? What is Connection Gateway? **Note** Amazon DCV was previously known as NICE DCV. The Amazon DCV Connection Gateway is an installable software package that enables users to access a fleet of Amazon DCV servers through a single access point to a LAN or VPC. This access point is a secure and efficient platform that enables seamless remote access to virtual desktops and applications. Centralizing access management, the Amazon DCV Connection Gateway streamlines enterprise-wide remote work capabilities while maintaining robust security controls. This guide explains how to install and configure the Amazon DCV Connection Gateway. **Topics** + [ ## How the Amazon DCV Connection Gateway works ](#how-gw-works) + [ ## Limitations ](#limitations) + [ ## Pricing ](#pricing) + [System requirements](system-requirements.md) + [Network Requirements](network-requirements.md) ## How the Amazon DCV Connection Gateway works The following diagram shows the high-level view of how the Amazon DCV Connection Gateway routes traffic to a fleet of Amazon DCV servers. ![\[Amazon DCV Connection Gateway architecture\]](http://docs.aws.amazon.com/dcv/latest/gw-admin/images/connection-gw.png) When using the Amazon DCV Connection Gateway, clients connect to the gateway rather than connecting directly to a Amazon DCV server. Clients specify a *session ID*, which uniquely identifies the server they want to connect to. The Connection Gateway in turn consults a *Session Resolver* to map the session ID received by the client to a specific server and then forwards the connection to the correct destination. Customers can define how session IDs map to their resources by implementing their [Session Resolver](session-resolver.md) API end-point. Customers using the [Amazon DCV Session Manager](https://docs.aws.amazon.com/dcv/latest/sm-admin/what-is-sm.html) can [leverage](sm-integration.md) its built-in session resolver. The Amazon DCV Connection Gateway can also forward HTTP requests to a web server. This feature allows the customer to host the Amazon DCV Web Client or a custom Web application based on the Amazon DCV Web Client SDK on a dedicated web server. When a browser connects to the Connection Gateway, its request to retrieve the web page of the Amazon DCV Web Client is forwarded to the *Web Resources Server* configured in the Connection Gateway; once the browser has retrieved and displayed that page, the Web Client will connect again to the Connection Gateway to connect to the Amazon DCV session and the Connection Gateway will forward that connection to the corresponding Amazon DCV server. ## Limitations The Amazon DCV Connection Gateway requires a Amazon DCV version greater than or equal to [2021.2](https://docs.aws.amazon.com/dcv/latest/adminguide/doc-history-release-notes.html#dcv-2021-2-11048) if you want to enable support for QUIC. The Amazon DCV Connection Gateway requires that Amazon DCV is configured to use the [External Authentication](https://docs.aws.amazon.com/dcv/latest/adminguide/external-authentication.html). ## Pricing The Amazon DCV Gateway is available at no cost for customers who are using Amazon DCV. # System requirements System requirements For Amazon DCV Connection Gateway to run properly, your system must meet the following requirements. | | | | --- |--- | | **Operating system** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/dcv/latest/gw-admin/system-requirements.html) | | **Architecture** | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/dcv/latest/gw-admin/system-requirements.html) | # Amazon DCV Connection Gateway network requirements Network Requirements Amazon DCV Connection Gateway is usually installed on dedicated hosts, separate from Amazon DCV server machines. As depicted in the [high-level overview](what-is-gw.md#how-gw-works), the Connection Gateway must have network connectivity with the other components: the Clients, the Amazon DCV server hosts, the Session Resolver, and the Web Resources Server. **Note** Depending on how the machines and network are configured, the network traffic that flows to and from the different components may be bound to separate network interfaces. Please make sure your firewall rules and security groups allow the following: + The Connection Gateway listens for incoming connection on a TCP port specified in the [configuration](setting-up-configuring.md). This port must be reachable from the clients connecting to the gateway. + If QUIC support is enabled, Connection Gateway listens for incoming QUIC traffic on a UDP port specified in the [configuration](setting-up-configuring.md). This port must be reachable from the clients connecting to the gateway. + The Connection Gateway must be able to connect to Amazon DCV server hosts on the [TCP port](https://docs.aws.amazon.com/dcv/latest/adminguide/manage-port-addr.html) used for DCV connections, 8443 by default. + If QUIC support is enabled, Connection Gateway must be able to connect to Amazon DCV server hosts on the [UDP port](https://docs.aws.amazon.com/dcv/latest/adminguide/enable-quic.html) used for DCV QUIC connections, 8443 by default. + The Connection Gateway must be able to connect to the TCP port of the HTTPS end-point exposed by the Session Resolver. + If a Web Resources Server is present, Connection Gateway must be able to connect to the TCP port of the HTTPS end-point exposed by the Web Resources Server. If you choose to have multiple Amazon DCV Connection Gateway hosts to improve availability, then a network load balancer will be present between the clients and the Connection Gateway hosts. In this case the gateway must be reachable from the load balancer nodes. When using a load balancer you may also want to use a health-check connection; in this case the load balancer need to be able to reach the TCP port of the health-check service exposed by the Amazon DCV Connection Gateway. If using a Network Load Balander, refer to [its documentation](https://docs.aws.amazon.com/elasticloadbalancing/latest/network/target-group-register-targets.html) for more details.