Unified Access Gateway can be used as a Web reverse proxy and can act as either a plain reverse proxy or an authenticating reverse proxy in the DMZ.
Unified Access Gateway provides secure remote access to an on-premises deployment of VMware Identity Manager. Unified Access Gateway appliances are typically deployed in a network demilitarized zone (DMZ). With VMware Identity Manager, the Unified Access Gateway appliance operates as a Web reverse proxy between a user's browser and the VMware Identity Manager service in the data center. Unified Access Gateway also enables remote access to the Workspace ONE catalog to start Horizon applications.
A single instance of Unified Access Gateway can handle up to 15000 simultaneous TCP connections. If the expected load is more than 15000, multiple instances of Unified Access Gateway must be configured behind the load balancer.
See Advanced Edge Service Settings for information about the settings used when configuring reverse proxy.
Understanding Reverse Proxy
Unified Access Gateway provides access to the app portal for remote users to single-sign-on and access their resources. The app portal is a back-end application such as Sharepoint, JIRA, or VIDM, for which Unified Access Gateway is acting as the reverse proxy.
Note the following points when enabling and configuring reverse proxy:
You must enable the authentication of the reverse proxy on an Edge Service manager. Currently, RSA SecurID and RADIUS authentication methods are supported.
You must generate the identity provider metadata before enabling authentication on Web reverse proxy.
Unified Access Gateway provides remote access to VMware Identity Manager and Web applications with or without authentication from browser-based client and then launch Horizon desktop.
You can configure multiple instances of the reverse proxy and each configured instance can be deleted.