When deployed within a network infrastructure, AirWatch can adhere to strict corporate security policies by storing all data onsite. In addition, AirWatch has been designed to run on virtual environments, which allows for seamless deployments on several different setups.
AirWatch can be deployed in various configurations to suit diverse business requirements. In a standard AirWatch deployment you can use a multiple servers deployment model and deploy any of the AirWatch components on dedicated or shared servers. The primary difference between deployment sizes (by number of devices) is how AirWatch components (Admin Console, Device Services, AWCM, Database Server, Secure Email Gateway, VMware Enterprise Systems Connector, and VMware Tunnel) are grouped, and how they are positioned within the corporate network. The AirWatch solution is highly customizable to meet your specific needs. If necessary, contact AirWatch to discuss the possible server combinations that best suit your needs. For more information on hardware sizing, see Hardware Sizing.
Most typical AirWatch topologies support reverse proxies. A reverse proxy can be used to route incoming traffic from devices and users on the Internet to the AirWatch servers in your corporate network. Supported reverse proxy technologies include: Bluecoat, Microsoft, F5 Networks, IBM, and Cisco. Consult your AirWatch representative for information about support for technologies not listed here, as support is continuously evolving.
For more information about configuring reverse proxies with AirWatch, see the following AirWatch Knowledge Base article: https://support.air-watch.com/articles/115001665868.
Standard Deployment Model
In a standard AirWatch deployment you will use multiple servers for the various components. If desired, you can use a DMZ architecture to segment the administrative console server into the internal network for increased security. This deployment model allows for increased resource capacity by allowing each server to be dedicated to AirWatch components. The following diagrams illustrate how to use VMware Enterprise Systems Connector and VMware Tunnel in an on-premises environment.
While these components are combined in the diagrams for illustrative purposes, they can reside on a dedicated server. Many configuration combinations exist and may apply to your particular network setup. For a detailed look at these configurations based on deployment size, see Hardware Sizing. Contact AirWatch and schedule a consultation to discuss the appropriate server configuration for your on-premises deployment.