You can deploy the Unified Access Gateway appliance by logging in to vCenter Server and using the Deploy OVF Template wizard.
Two versions of the Unified Access Gateway OVA are available, standard OVA and a FIPS version of the OVA.
The FIPS version of the OVA supports the following Edge services:
- Horizon (pass-through auth and certificate auth)
Note: Certificate authentication includes both smart card authentication and device certificate authentication.
- VMware Per-App Tunnel
- Secure Email Gateway
Important: The FIPS 140-2 version runs with the FIPS certified set of ciphers and hashes and has restrictive services enabled that support FIPS certified libraries. When
Unified Access Gateway is deployed in FIPS mode, the appliance cannot be changed to the standard OVA deployment mode. The Horizon edge authentication is not available in the FIPS version.
Unified Access Gateway Sizing Options
To simplify the deployment of the
Unified Access Gateway appliance as the Workspace ONE security gateway, sizing options are added to the deployment configurations in the appliance. The deployment configuration offers a choice between a Standard, Large, and Extra Large virtual machine.
- Standard: This configuration is recommended for Horizon deployment supporting up to 2000 Horizon connections, aligned with the Connection Server capacity. It is also recommended for Workspace ONE UEM Deployments (mobile use cases) up to 10,000 concurrent connections.
- Large: This configuration is recommended for Workspace ONE UEM Deployments, where Unified Access Gateway needs to support over 50,000 concurrent connections. This size allows Content Gateway, Per App Tunnel and Proxy, and Reverse Proxy to use the same Unified Access Gateway appliance.
- Extra Large: This configuration is recommended for Workspace ONE UEM Deployments. This size allows Content Gateway, Per App Tunnel and Proxy, and Reverse Proxy to use the same Unified Access Gateway appliance.
-
Note: VM options for Standard, Large, and Extra Large deployments:
- Standard - 2 core and 4 GB RAM
- Large - 4 core and 16 GB RAM
- Extra Large - 8 core and 32 GB RAM
For more information about the Unified Access Gateway sizing recommendations, you can see VMware Configuration Maximums.
Prerequisites
- Review the deployment options that are available in the wizard. See Unified Access Gateway System and Network Requirements.
- Determine the number of network interfaces and static IP addresses to configure for the Unified Access Gateway appliance. See Networking Configuration Requirements.
- Download the .ova installer file for the Unified Access Gateway appliance from the VMware website at https://my.vmware.com/web/vmware/downloads, or determine the URL to use (example: http://example.com/vapps/euc-access-point-Y.Y.0.0-xxxxxxx_OVF10.ova), where Y.Y is the version number and xxxxxxx is the build number.
- If there is a Hyper-V deployment, and if you are upgrading Unified Access Gateway with static IP, delete the older appliance before deploying the newer instance of Unified Access Gateway.
- To upgrade your older appliance to a new instance of Unified Access Gateway with zero downtime for users, see the Upgrade with Zero Downtime section.
Procedure
Results
The Unified Access Gateway appliance is deployed and starts automatically.
What to do next
- Log in to the Unified Access Gateway admin user interface (UI) and configure the desktop and application resources to allow remote access from the Internet through Unified Access Gateway and the authentication methods to use in the DMZ. The administration console URL is in the format
https://<mycoUnified Access Gatewayappliance.com:9443/admin/index.html
.Important: You must complete the Unified Access Gateway configuration post-deployment using the Admin UI. If you do not provide the Admin UI password, you cannot add an Admin UI user later to enable access to either the Admin UI or the API. You must redeploy your Unified Access Gateway instance with a valid Admin UI password if you want to add an Admin UI user.Note: If you are not able to access the Admin UI login screen, check to see if the virtual machine has the IP address displayed during the installation of the OVA. If the IP address is not configured, use the VAMI command mentioned in the UI to reconfigure the NICs. Run the command as"cd /opt/vmware/share/vami"
then the command"./vami_config_net"
.