On-premises deployments support basic and relay-endpoint configurations. In this configuration, your organization hosts all Workspace ONE UEM components and servers on its internal networks.

Basic Endpoint

In a basic endpoint deployment, the VMware Tunnel is behind a WAF and resides on an internal network. The traffic from your managed devices is sent securely over an HTTP or HTTPS transport and its message level is signed using unique X.509 certificates. All deployment configurations support load balancing and reverse proxy.

  • For VMware Tunnel Proxy for Windows, basic endpoint can apply to the Proxy component.

These components can be installed on shared or dedicated servers. The following image shows a single server for all components.

Relay-Endpoint

In a multiple network zones deployment, the VMware Tunnel is used in an on-premises (non-SaaS) environment to integrate with internal systems from a DMZ server connection. All deployment configurations support load balancing and reverse proxy. For VMware Tunnel Proxy for Windows, basic endpoint can apply to the Proxy component.