The VMware Content Gateway can be deployed using the basic endpoint model and the relay-endpoint model. These deployment models are supported on both SaaS and on-premises Workspace ONE UEM environments.
Basic Endpoint Deployment Model
The basic endpoint model has a single instance of the Content Gateway installed on the Unified Access Gateway appliance with a publicly available DNS. The Content Gateway is placed either in the internal network or DMZ. In the internal network, Content Gateway is placed behind a load balancer which is in the DMZ. The load balancer forwards traffic on the configured ports to the VMware Content Gateway. VMware Content Gateway then connects directly to your internal content repositories. All deployment configurations support load balancing and reverse proxy.
The basic endpoint Content Gateway server communicates with API and Devices Services. Device Services connects the end-user device to the correct Content Gateway.
If the basic endpoint is installed in the DMZ, then proper network changes must be made for the VMware Content Gateway to access various internal resources over the necessary ports.
Relay-Endpoint Deployment Model
The relay-endpoint deployment model has two instances of the VMware Content Gateway with separate roles. The VMware Content Gateway relay server resides in the DMZ and can be accessed from public DNS over the configured ports. The VMware Content Gateway endpoint server is installed in the internal network hosting internal resources. This server must have an internal DNS record that the relay server can resolve.
The role of the endpoint server is to connect to the internal repository or content requested by the device. The relay server performs health checks at a regular interval to ensure that the endpoint is active and available.