VMware Tunnel enables secure access for mobile workers and devices. Users have a simple experience and need not enable or interact with VMware Tunnel, and IT organizations may take a least-privilege approach to enterprise access, ensuring only defines apps and domains have access to the network. VMware Tunnel provides industry-best security and builds on TLS 1.2+ libraries, implements SSL Pinning to ensure no MITM attacks, and includes client certificates on the allowlist to ensure identity integrity. Combined with explicit definitions of managed applications and integration with Workspace ONE compliance engine, Tunnel can help customers attain Zero Trust goals for their workforce.

Preparing for your installation ensures a smooth installation process. Installation includes performing preliminary steps in the Workspace ONE UEM console, and setting up a server that meets the listed hardware, software, and network requirements.

Prerequisites

Before you can perform the steps in this tutorial, you must install and configure the following components:

  • VMware Unified Access Gateway with VMware Tunnel edge service configured
  • Workspace ONE UEM 1909 and later
  • A device for the platform you plan to use (Windows 10, macOS, Android, or iOS)

Ensure the following settings are enabled in the Workspace ONE UEM Console:

  • Organization Group created and set as Customer Type
  • Device Root Certificate issued
  • VMware Tunnel configured

Before deploying the VMware Tunnel, you must complete the following pre-deployment configurations:

  1. Before you begin installing VMware Tunnel, you have to ensure that the API and AWCM are installed correctly, running, and communicating with the Workspace ONE UEM without any errors.
  2. After completing AWCM Server configuration, you can configure VMware Tunnel settings per your deployment's configuration and functionality needs in the Workspace ONE UEM console.
  3. After you complete the VMware Tunnel configuration, you also must configure various settings to enable the VMware Web and Per-App Tunnel-enabled apps to use VMware Tunnel. Doing so ensures all HTTP(S) and TCP/ UDP traffic for the specified applications is routed through the VMware Tunnel.
  4. You can configure more settings that are optional for the VMware Tunnel deployment. Except where noted, you can configure these settings before or after installation.