As an admin, you can configure the VMware Content Gateway settings required to deploy Content Gateway as a service on the Unified Access Gateway (UAG) appliance. The pre-configured settings are bundled into the Content Gateway configuration file eliminating the need to configure the settings manually post-installation on the server.

What can you do with the Content Gateway settings page?

The path to the settings page on the UEM console is Groups & Settings > All Settings > System > Enterprise Applications > Content Gateway.

With the Content Gateway settings page, you can:
  • Select and configure the Content Gateway deployment model that addresses your security needs.
  • Enable the Cross-domain KCD authentication to authenticate those users who access on-prem SharePoint repositories from their devices.
  • Set the custom configuration values for Content Gateway on Unified Access Gateway (UAG), which the UAG server fetches and automatically updates the Content Gateway configuration files when the UAG server undergoes an upgrade.

Determine your Organization group hierarchy

Before you review and modify the settings, understand the two types of inheritance/override options for the organization group hierarchy available at the top and bottom of the settings page and determine your choice. For more information about these settings, see Override Versus Inherit Setting for Organization Groups.
  • Current Setting - Select whether to Inherit or Override the displayed settings. Inherit means use the settings of the current organization group's parent OG, while Override enables the settings for editing so you can modify the current OG's settings directly.
  • Child Permission - Select the available behavior of child organization groups that exist below the currently selected organization group. Inherit only means child OGs are only allowed to inherit these settings. Override only means they override the settings, and Inherit or Override means you can choose to inherit or override settings in child OGs that exist below the currently selected OG.

Content Gateway Configuration

Configuration includes selecting the configuration model, associated ports, and if necessary, uploading an SSL certificate.

Settings Description
Enable the Content Gateway Set Enable the Content Gateway to Enabled. You might need to select Override to unlock Content Gateway settings.
Add Use this setting to begin configuring the Content Gateway. You must select the Installation Type, enter the Content Configuration details and enable the Content SSL Certificate settings.
Installation Type The default option available is Unified Access Gateway (UAG). Content Gateway is installed on the Unified Access Gateway (UAG) appliance. Legacy Windows and Linux platforms are no longer supported.
Content Configuration You must select either Basic or Relay as the Configuration Type.

The basic endpoint model has a single instance of the Content Gateway installed on the Unified Access Gateway appliance. Basic is the endpoint configuration with no relay component.

The relay endpoint model has two instances of the Content Gateway with separate roles. It has a relay component.

  • Name- Provide a unique name used to select this Content Gateway instance when attaching it to a Content Repository, Repository Template, or RFS Node.
  • Content Gateway Relay Address - If implementing a relay configuration, you must enter the URL used to access the Content Gateway Relay from the Internet.
  • Content Gateway Relay Port- If implementing a relay configuration, you must enter the relay server port.
  • Content Gateway Endpoint Address - Enter the host name of the Content Gateway endpoint. The Public SSL certificate bound on the configured port must be valid for this entry.
  • Content Gateway Endpoint Port - Enter the endpoint server port.
Content SSL Certificate
  • Public SSL Certificate (required for Linux requirements) - For the devices to trust the Content Gateway, you must upload a PKCS12 (.pfx) certificate file with a full chain for the Content Gateway Installer to bind to the port. The full chain includes a password, server certificate, intermediates, root certificate, and a private key. Requirements vary by platform and the SSL configuration.
  • Ignore SSL Errors (not recommended) - If you are using a self-signed certificate, consider enabling this setting. This setting allows the UEM console to trust Content Gateway even when there is no valid SSL certificate. If enabled, Content Gateway ignores certificate trust errors and certificate name mismatches.
  • SSL Offloading - If you enable this setting, load balancer in front of Content Gateway does the SSL offloading. If deployment mode includes the relay end point, SSL offload applies only to the relay server.
  • Server SSL Port - You must enter the port on which Content Gateway listens when SSL offloading is enabled. If the deployment mode includes the relay end point, this port applies only to the relay server.
Certificate Authentication
  • Enable Cross-domain KCD Authentication - Use this setting to authenticate users with the PIV-D Derived Credentials instead of user names and passwords. PIV-D certificate authentication is for the users who access the on-prem SharePoint repositories from their devices.

    When you enable the cross-domain KCD authentication, the listed settings appears.

  • Client Certificate Chain - The certificate chain used to issue client certificates.

  • Target SPN - SPN of the target service.

  • Service Account Username - User name of the service account that has delegation rights.

  • Service Account Password - Password for the service account.

  • Domain - Name of the domain in the Active Directory (AD) containing the users.

  • Domain Controller - Hostname or IP address of the domain controller for the domain.
Custom Gateway Settings

This step is optional. You must perform this step only if you want to override the default configuration values for Content Gateway and set the custom configuration values.