The VMware Tunnel provides a secure and effective method for individual applications to access corporate resources. The VMware Tunnel authenticates and encrypts traffic from individual applications on compliant devices to the back-end system they are trying to reach.

Tunnel Basics

The VMware Tunnel serves as a relay between your mobile devices and enterprise systems by authenticating and encrypting traffic from individual applications to back-end systems. To accomplish this authentication and encryption, the VMware tunnel uses unique certificates. For more information, see VMware Tunnel Technologies and Features.

When configuring and deploying the VMware Tunnel, you must learn the VMware Tunnel terminology. Understanding the functionality that these components reference will aid your comprehension of this product. For more information, see VMware Tunnel Terminology.

The VMware Tunnel consists of two major components, the Per-App Tunnel and the Proxy components. You must stand up a Linux server or deploy the virtual appliance to use the Per-App Tunnel component. VMware Tunnel offers two architecture models for deployment: single-tier and multi-tier. Both configurations support load-balancing for high availability. The proxy component supports SSL offloading, while Per-App Tunneling cannot be SSL offloaded. For more information on deployment models and components, see VMware Tunnel Architecture and Security Overview.

Installation Preparation

Before you can install or deploy the VMware Tunnel, you must ensure you meet the requirements. The VMware Tunnel requires specific hardware, software, and network requirements to function properly. For more information, see VMware Tunnel Installation Preparation Overview.


The configuration wizard for the VMware Tunnel provides step-by-step configuration. The settings configured in the wizard are used by the virtual appliance to configure a newly deployed VMware Tunnel. The settings are also packaged into the installer for using the alternate installer method for deploying the VMware Tunnel. For more information, see VMware Tunnel Configuration Overview.

Virtual Appliance Installation (Preferred Method)

After configuring your VMware Tunnel settings, deploy VMware Tunnel as a virtual appliance to simplify the installation process. Workspace ONE UEM supports installation using either VMware vSphere web client or PowerShell scripting. The virtual appliance method uses the VMware Unified Access Gateway appliance to deploy the VMware Tunnel. For more information on this installation method, see Virtual Appliance Installation Overview.

VMware Tunnel Server Installation (Alternate Installer Method)

Instead of using the virtual appliance method, you can use the Linux and Windows installer to install the VMware Tunnel onto the corresponding server. This installer method requires additional work as the installer must be run on each server used in your deployment. Note that the Windows installer does not support the Per-App Tunnel functionality and other features. For more information, see VMware Tunnel Linux Installer Overview.

VMware Tunnel Management

Consider configuring additional functionality to enhance your VMware Tunnel deployment. These features allow you more control over device access and networking support. The additional functionality allows you to maintain and manage your VMware Tunnel deployment. For more information, see VMware Tunnel Management Overview.

VMware Tunnel Troubleshooting

The VMware Tunnel supports troubleshooting logs to aid in diagnosing issues in your deployment. For more information, see VMware Tunnel Troubleshooting.