When deployed within a network infrastructure, Workspace ONE UEM can adhere to strict corporate security policies by storing all data on site. In addition, Workspace ONE UEM has been designed to run on virtual environments, which allows for seamless deployments on several different setups.
Workspace ONE UEM can be deployed in various configurations to suit diverse business requirements. In a standard Workspace ONE UEM deployment you can use a multiple servers deployment model and deploy any of the Workspace ONE UEM components on dedicated or shared servers. The primary difference between deployment sizes (by number of devices) is how Workspace ONE UEM components (UEM console, Device Services, AWCM, Database Server, Secure Email Gateway, VMware Enterprise Systems Connector, and VMware Tunnel) are grouped, and how they are positioned within the corporate network. The Workspace ONE UEM solution is highly customizable to meet your specific needs. If necessary, contact Workspace ONE UEM to discuss the possible server combinations that best suit your needs. For more information on hardware sizing, see Hardware Sizing.
Most typical Workspace ONE UEM topologies support reverse proxies. A reverse proxy can be used to route incoming traffic from devices and users on the Internet to the Workspace ONE UEM servers in your corporate network. Supported reverse proxy technologies include: Bluecoat, Microsoft, F5 Networks, IBM, and Cisco. Consult your Workspace ONE UEM representative for information about support for technologies not listed here, as support is continuously evolving.
For more information about configuring reverse proxies with Workspace ONE UEM, see the following Workspace ONE UEM Knowledge Base article: https://support.workspaceone.com/articles/115001665868.
Standard Deployment Model
In a standard Workspace ONE UEM deployment you will use multiple servers for the various components. If desired, you can use a DMZ architecture to segment the administrative console server into the internal network for increased security. This deployment model allows for increased resource capacity by allowing each server to be dedicated to Workspace ONE UEM components. The following diagrams illustrate how to use VMware Enterprise Systems Connector and VMware Tunnel in an on-premises environment.
While these components are combined in the diagrams for illustrative purposes, they can reside on a dedicated server. Many configuration combinations exist and may apply to your particular network setup. For a detailed look at these configurations based on deployment size, see Hardware Sizing. Contact Workspace ONE UEM and schedule a consultation to discuss the appropriate server configuration for your on-premises deployment.