Unified Access Gateway is packaged as an OVF and is deployed onto a vSphere ESX or ESXi host as a pre-configured virtual appliance.
Two versions of the Unified Access Gateway OVA are available, standard version and a FIPS version.
The FIPS version of the OVA supports the following Edge services:
- Horizon (pass-through auth, certificate auth, and SAML auth)
Note: Certificate authentication includes both smart card authentication and device certificate authentication.
- VMware Per-App Tunnel
- Secure Email Gateway
Important: The FIPS 140-2 version runs with the FIPS certified set of ciphers and hashes and has restrictive services enabled that support FIPS certified libraries. FIPS mode cannot be changed after Unified Access Gateway is deployed.
Two primary methods can be used to install the Unified Access Gateway appliance on a vSphere ESX or ESXi or host. Microsoft Server 2012 and 2016 Hyper-V roles are supported.
- The vSphere Client or vSphere Web Client can be used to deploy the Unified Access Gateway OVF template. You are prompted for basic settings, including the NIC deployment configuration, IP address, and management interface passwords. After the OVF is deployed, log in to the Unified Access Gateway admin user interface to configure Unified Access Gateway system settings, set up secure edge services in multiple use cases, and configure authentication in the DMZ. See Deploy Unified Access Gateway Using the OVF Template Wizard.
- PowerShell scripts can be used to deploy Unified Access Gateway and set up secure edge services in multiple use cases. You download the ZIP file, configure the PowerShell script for your environment, and run the script to deploy Unified Access Gateway. See Using PowerShell to Deploy the Unified Access Gateway Appliance.
Note: For Per-App Tunnel, you can deploy Unified Access Gateway on either ESXi or Microsoft Hyper-V environments.
Note: In both the above methods of deployment, if you do not provide the Admin UI password, you cannot add an Admin UI user later to enable access to either Admin UI or API. If you want to do so, you must redeploy your Unified Access Gateway instance with a valid password.