To ensure a successful Content Gateway installation, meet the minimum requirements.

Administrators upgrading from the legacy MAG or VMware Tunnel product should first review the considerations outlined in Migration Overview.

Hardware Requirements

Use the following requirements as a basis for creating your VMware AirWatch Content Gateway server.

Requirement CPU Cores RAM (GB) Disk Space Notes

VM or Physical Server (64-bit)

2 CPU Core (2.0+ GHz)*

*An Intel processor is required.

2 GB+  5 GB  The requirements listed here support basic data query. You may require additional server space if your use case involves the transmission of large encrypted files from a content repository.
Sizing Recommendations
Number of Devices Up to 5,000 5,000 to 10,000 10,000 to 40,000 40,000 to 100,000

CPU Cores

1 server with 2 CPU Cores* 2 load-balanced servers with 2 CPU Cores each 2 load-balanced servers with 4 CPU Cores each 4 load-balanced servers with 4 CPU Cores each

RAM (GB)

4 4 each 8 each 16 each
Hard Disk Space (GB)

10 GB for distro (Linux only)

400 MB for installer

~10 GB for log file space**

*It is possible to deploy only a single AirWatch Content Gateway server as part of a smaller deployment. However, consider deploying at least 2 load-balanced servers with 2 CPU Cores each regardless of number of devices for uptime and performance purposes.

**About 10 GB is for a typical deployment. Log file size should be scaled based on your log usage and requirements for storing logs.

General Requirements

To ensure a successful installation, ensure your VMware AirWatch Content Gateway is set up with the following general requirements.

Requirements Notes

Internally registered DNS record

Register the Endpoint server.

Externally registered DNS record

Identify the appropriate configuration model to determine which server to register:

  • Endpoint-Only Configuration Model – Register the endpoint server.
  • Relay-Endpoint Configuration Model – Register the relay server.

SSL Certificate from a trusted third party with a subject name of the server hostname

Requires a PKCS12 (.pfx) format and the trust of all device types in use.

  • Android does not natively trust all Comodo certificates.
  • PKCS12 (.pfx) format includes the server certificate, private key, root chain, and password protection.

Linux Software Requirements

Ensure your VMware AirWatch Content Gateway server meets all the following software requirements.

Requirement Notes

SSH access to Linux Servers and an admin account with full write permissions.

Root permissions, or sudo access with the same privileges as root required. Once installation completes, you can put restrictions into place for these account types.

yum Enabled

Enable to allow the installer to request and install any missing prerequisites.

CentOS 7.x

SUSE 12.x

RHEL 7.x

UI-less recommended.

Basic infrastructure type recommended.

Remove Java from server prior to install. Java packaged with installer.

For configuring the ports listed below, all the traffic is uni-directional (outbound) from the source component to the destination component.

Source Component

Destination Component

Protocol

Port

Note

Content Gateway – Basic-Endpoint Configuration

Devices (from Internet and Wi-Fi)

Content Gateway Endpoint

HTTPS

443*

1

AirWatch Device Services

Content Gateway Endpoint

HTTPS

443*

5

UEM Console

Content Gateway Endpoint

HTTPS

443*

6

Content Gateway Endpoint

Web-based content repositories (SharePoint / WebDAV / CMIS, and so on)

HTTP or HTTPS

80

or 443

2

Content Gateway Endpoint

Network Share-based repositories (Windows file shares)

CIFS or SMB

137–139

and 445

7

Content Gateway – Relay-Endpoint Configuration

Devices (from Internet and Wi-Fi)

Content Gateway Relay

HTTPS

443*

1

AirWatch Device Services

Content Gateway Relay

HTTPS

443*

5

UEM Console

Content Gateway Relay

HTTPS

443*

6

Content Gateway Endpoint

Web-based content repositories (SharePoint / WebDAV / CMIS, and so on.)

HTTP or HTTPS

80

or 443

2

Content Gateway Relay

Content Gateway Endpoint

HTTPS

443*

4

Content Gateway Endpoint

Network Share-based repositories (Windows file shares)

CIFS or SMB

137–139

and 445

7

* If needed, this port can be changed based on your environment's restrictions.
  • For devices attempting to access internal resources.
  • For devices with the VMware Content Locker to access the internal content from websites, such as SharePoint.
  • For applications communicating with internal systems.

    If a firewall resides between the Content Gateway Endpoint and an internal system you are trying to reach, then you have to open the corresponding port depending on the traffic.

  • For Content Gateway Relay topologies to forward device requests to the internal Content Gateway endpoint only.
  • For the Device Services server to enumerate the repositories through the content relay and convert them into a format the devices can use.
  • For the console server to enumerate the repositories through the content relay for viewing in the UEM console.
  • For devices with the VMware Content Locker to access the internal content from Network Shares.
  • For various services to function properly.