Install the Workspace ONE Access OVA FileYou deploy the VMware Workspace ONE Access OVA file using the vSphere Web Client. You can download and deploy the OVA file from a local location that is accessible to the vSphere Web Client, or deploy it from a Web URL. Deploying the Workspace ONE Access Appliance Behind a Load Balancer In an enterprise environment, the recommended Workspace ONE Access appliance configuration is to deploy a three-node cluster of the Workspace ONE Access service for high availability. After the first Workspace ONE Access node is installed, configured, and tested behind the load balancer, the first node is cloned to create the other nodes in the cluster. Using a Load Balancer or Reverse Proxy to Enable External Access to Workspace ONE AccessDuring deployment, the Workspace ONE Access instance is set up inside the internal network. If you want to provide access to the service for users connecting from outside networks, you must install a load balancer or a reverse proxy, such as VMware NSX® Advanced Load Balancer™, Apache, Nginx, or F5, in the DMZ. Apply Workspace ONE Access Root Certificate to the Load BalancerWhen the Workspace ONE Access virtual appliance is configured behind a load balancer, you must establish SSL trust between the load balancer and Workspace ONE Access. The Workspace ONE Access root certificate must be copied to the load balancer. Apply Load Balancer Root Certificate to Workspace ONE AccessWhen the Workspace ONE Access virtual appliance is configured behind a load balancer, you must establish trust between the load balancer and Workspace ONE Access . In addition to copying the Workspace ONE Access root certificate to the load balancer, you must copy the load balancer root certificate to Workspace ONE Access . Configuring Failover and Redundancy for Workspace ONE Access in a Single DatacenterTo achieve failover and redundancy, you can add multiple Workspace ONE Access virtual appliances in a cluster. If one of the appliances shuts down for any reason, Workspace ONE Access is still available. Deploying Workspace ONE Access in a Secondary Data Center for Failover and Redundancy To provide failover capabilities if the primary Workspace ONE Access data center becomes unavailable, you must deploy Workspace ONE Access in a secondary data center. Performing Disaster Recovery for Workspace ONE Access Using Site Recovery ManagerThe information that follows describes how to use VMware Site Recovery Manager™ with other VMware products to configure a disaster-recovery solution for Workspace ONE Access in an on-premises environment. Adding Allowlist IP Addresses to Your External Firewall for Workspace ONE Access ServicesWhen you configure Workspace ONE Access with an external firewall, allow-list the IP address ranges or URLs for the following Workspace ONE Access services to provide access to that service. Enabling Proxy Server Settings After Installation of Workspace ONE AccessThe Workspace ONE Access virtual appliance accesses the cloud application catalog and other Web services on the Internet. If your network configuration provides Internet access through an HTTP proxy, you must adjust your proxy settings on the Workspace ONE Access appliance. Enter the Workspace ONE Access License KeyAfter you deploy the VMware Workspace ONE Access appliance, enter your license key. Entering a license key is optional.