A Unified Access Gateway appliance is a default gateway for secure access to remote desktops and applications from outside the corporate firewall.

For the latest version of Unified Access Gateway documentation, see the Deploying and Configuring VMware Unified Access Gateway document in https://docs.vmware.com/en/Unified-Access-Gateway/index.html.

A Unified Access Gateway appliance resides within a network demilitarized zone (DMZ) and acts as a proxy host for connections inside a trusted network, providing an additional layer of security by shielding virtual desktops, application hosts, and servers from the public-facing Internet.

Configure a Unified Access Gateway Appliance

Unified Access Gateway and generic VPN solutions are similar as they both ensure that traffic is forwarded to an internal network only on behalf of strongly authenticated users.

Unified Access Gateway advantages over generic VPN include the following.

  • Access Control Manager. Unified Access Gateway applies access rules automatically. Unified Access Gateway recognizes the entitlements of the users and the addressing required to connect internally. A VPN does the same, because most VPNs allow an administrator to configure network connection rules for every user or group of users individually. At first, this works well with a VPN, but requires significant administrative effort to maintain the required rules.

  • User Interface. Unified Access Gateway does not alter the straightforward Horizon Client user interface. With Unified Access Gateway, when the Horizon Client is launched, authenticated users are in their View environment and have controlled access to their desktops and applications. A VPN requires that you must set up the VPN software first and authenticate separately before launching the Horizon Client.

  • Performance. Unified Access Gateway is designed to maximize security and performance. With Unified Access Gateway, PCoIP, HTML access, and WebSocket protocols are secured without requiring additional encapsulation. VPNs are implemented as SSL VPNs. This implementation meets security requirements and, with Transport Layer Security (TLS) enabled, is considered secure, but the underlying protocol with SSL/TLS is just TCP-based. With modern video remoting protocols exploiting connectionless UDP-based transports, the performance benefits can be significantly eroded when forced over a TCP-based transport. This does not apply to all VPN technologies, as those that can also operate with DTLS or IPsec instead of SSL/TLS can work well with View, a component of Horizon 7 desktop protocols.

Enhance Horizon Security with Unified Access Gateway

A Unified Access Gateway appliance enhances security by layering device certification authentication on top of user authentication so access can be restricted only from known good devices and adding another layer of security on virtual desktop infrastructure.

Note:

This feature is supported in Windows Horizon Client only.

  • See Configuring Certificate or Smart Card Authentication on the Unified Access Gateway Appliance in the Deploying and Configuring VMware Unified Access Gateway document in https://docs.vmware.com/en/Unified-Access-Gateway/index.html.

  • The Endpoint Compliance Checks feature provides an extra layer of security for accessing Horizon desktops in addition to the other user authentication services that are available on Unified Access Gateway. See Endpoint Compliance Checks for Horizon in the Deploying and Configuring VMware Unified Access Gateway document in https://docs.vmware.com/en/Unified-Access-Gateway/index.html.