I am in discovery mode on this project. I am using VMWare Horizon Client to allow users to access their virtual desktop from locations outside of the office. I want to enable two factor authentication just for connections coming into the view connection server from the Internet. I do not want two factor for connections made from my internal zeroclients and PC's (very few) that run Horizon client and connect over PCoIP. Is it possible to do this type of separation? I am also curious what authenticator you have had the best luck with. I see Google Authenticator is pretty popular.