Considerations for Deploying Unified Access Gateway with Multiple Services

Note the following important considerations before you deploy the edge services together.

• Understand and meet the networking requirements - See Firewall Rules for DMZ-Based Unified Access Gateway Appliances.
• Follow sizing guidelines - See the sizing options section in the Deploy Unified Access Gateway Using the OVF Template Wizard topic.
• Horizon Connection Server does not work with an enabled web reverse proxy when there is an overlap in the proxy pattern. Therefore, if both Horizon and a web reverse proxy instance are configured and enabled with proxy patterns on the same Unified Access Gateway instance, remove the proxy pattern '/' from Horizon settings and retain the pattern in the web reverse proxy to prevent the overlap. Retaining the '/' proxy pattern in the web reverse proxy instance ensures that when a user clicks the URL of Unified Access Gateway, the correct web reverse proxy page is displayed. If only Horizon settings are configured, the above change is not required.
• When deploying Unified Access Gateway with the combined services of VMware Tunnel, Content Gateway, Secure Email Gateway, and Web Reverse Proxy, if you use the same port 443 for all the services, every service should have a unique external hostname. See About TLS Port Sharing.
• The different edge services can be configured independently using the Admin UI and you can import any previous settings if you want. When deploying with PowerShell, the INI file makes the deployment production-ready.
• If Horizon Blast and VMware Tunnel are enabled on the same Unified Access Gateway appliance, then VMware Tunnel must be configured to use a different port number other than 443 or 8443. If you want to use port 443 or 8443 for VMware Tunnel, you must deploy the Horizon Blast service on a separate Unified Access Gateway appliance.