The VMware Tunnel is a product you can install on physical or virtual servers that reside in either the DMZ or a secured internal network zone. VMware Tunnel comprises two separate components, Proxy and Per-App tunneling, each with their own features.
Consider using the Per-App Tunnel component as it provides the most functionality with easier installation and maintenance. Per-App Tunnel uses the native platform (Apple, Google, Microsoft) APIs to provide a seamless experience for users.
The Proxy component provides most of the same functionality of Per-App Tunnel with the need for additional configuration. This component can be leveraged only by the applications having the Workspace ONE (AirWatch) SDK implemented or using the App Wrapping. This includes most of the VMware productivity applications.
VMware Tunnel offers single-tier and multi-tier deployment models. Both the configurations support load-balancing for faster availability. The Proxy component supports SSL offloading, while Per-App tunneling cannot be SSL-offloaded.