This guide explains the deployments modes when all the Workspace ONE UEM components or services are deployed on different servers and a separate load balancer VIP is configured for each component.
The Avi Load Balancer is used to load balance the following Workspace ONE UEM components.
Workspace ONE UEM Admin Console
Workspace ONE UEM Admin API
Workspace ONE UEM Device Services
AirWatch Cloud Messaging
VMware Tunnel - (Tunnel Proxy)
VMware Tunnel (Per-App VPN)
For more information on various Workspace ONE UEM application modules, see Workspace ONE UEM.
Recommended Configuration Settings
Workspace ONE UEM Components |
Type (L4 or L7 |
Virtual Service Ports |
Virtual Service Name |
Algorithm |
Persistence and Persistence Timeput |
Back-end Servers Port |
|---|---|---|---|---|---|---|
Workspace ONE UEM Admin Console |
L7 SSL |
443 |
VIP1 |
Least connections |
HTTP Cookie/ 60 minutes |
443 |
Workspace ONE UEM Admin API |
L7 SSL |
443 |
VIP2 |
Least connections |
Source IP |
443 |
Workspace ONE UEM Device Services |
L7 SSL |
443 |
VIP3 |
Least connections |
Source IP Address/ 20 minutes |
443 |
AWCM |
L7 SSL |
443/2001 |
VIP4 |
Consistent Hash with custom string |
DataScript for persistence |
2001 |
Tunnel Proxy |
L4 |
Tunnel proxy – 8443(TCP and UDP), 2020(TCP). |
VIP5 |
Least Connections |
Source IP/30 minutes |
8443/2020 |
Fast-path is recommended. |
||||||
Tunnel Per-App VPN |
L4 |
Tunnel Per app – 443 (TCP and UDP). Fast-path recommended |
VIP6 |
Least Connections |
Source IP |
443 |
All components run on different servers and a separate Load balancer VIP is configured for each component.
The timeout value must be less than policy retrieval interval for some services, for instance,Secure Email Gateway).
Persistence is not required when all the users are coming through the NAT as they have the same source IP address.
Health Monitor Recommendations
Workspace ONE UEM Components |
Method |
Response Code |
Monitoring Interval/Timeout |
|---|---|---|---|
Workspace ONE UEM Admin Console |
GET to https://<host>/airwatch/awhealth/v1 |
200 OK |
Default |
Workspace ONE UEM Admin API |
GET to https://<host>/api/help/#!/apis |
200 OK |
Default |
Workspace ONE UEM Device Services |
GET to https://<host>/deviceservices/awhealth/v1 |
200 Ok |
Deafult |
AWCM |
GET to https://<host>/awcm/status |
200 OK |
Default |
Tunnel (Proxy) |
https://<host>:2020/ and TCP:8443 |
407 |
Default |
Tunnel (Per-App VPN) |
TCP:443 |
NA |
Default |
Change the monitoring interval as per the deployment requirement.
