Introduction to Unified Access Gateway

Unified Access Gateway (UAG) is an appliance which is a replacement for Horizon Security Servers. UAG ensure the traffic entering to DC is of authenticated users only by directing authentication requests to the appropriate server and discards any unauthenticated request.  VMware Unified Access Gateway (UAG) is specifically designed for DMZ environment with hardening settings like multi-NIC support for Internet & Intranet traffic, Disabled SSH, FTP, Telnet, Rlogin, etc. You can deploy Unified Access Gateway appliance either on VMware ESXi or Microsoft Hyper-V.

VMware Unified Access Gateway Advantages:

  • No VMware Horizon Security server needed to access entitled virtual desktops to users.
  • Only TCP 443 need to be opened on external firewall
  • Can provide an additional layer of security by integrating RSA SecurID, RADIUS, CAC/certificates, etc.

The Unified Access Gateway (UAG) provides secure access to the following environments:

  • VMware Horizon desktops and applications
  • VMware Identity Manager
  • VMware AirWatch or VMware Workspace ONE per-app tunnels and tunnel proxy
  • VMware Content Gateway service to allow VMware Content Locker access to internal file shares and Microsoft SharePoint

You can not upgrade VMware Unified Access Gateway using upgrade bundles, the way you can do for other VMware appliances. You can upgrade Unified Access Gateway by deploying the latest release and importing the configuration of the old appliance. You can upgrade Unified Access Gateway with Zero Downtime by placing Unified Access Gateway quiesce mode to YES. Once quiesce mode is YES, the UAG is shown as not available and requests from load balancer are not sent to Unified Access Gateway.

There are primary methods you can use to install the Unified Access Gateway appliance on a vSphere ESX or ESXi host.

  1. The vSphere Client or vSphere Web Client
  2. PowerShell Script

When you deploy the OVF, you configure how many network interfaces (NIC) are required, the IP address and set up the administrator and root passwords. The simplest deployment of VMware UAG is a single NIC where all network traffic is combined into a single network. Deployment using Single NIC is best suited for POC environment.

VMware UAG Virtual Appliance Requirement

  1. 4GB of RAM on a physical host running ESXi / Hyper-V running on Windows 2012 R2 or Windows 2016.
  2. 2 x vCPU
  3. 1 – 3 Network Cards
    • 1 NIC, Single NIC handle Internet, Internal & Management traffic (recommended for POC only)
    • 2 NIC, One NIC handles Internet traffic & Second NIC handles all internal & management traffic.
    • 3 NIC, Separate NIC to handle Internet, Internal & Management traffic each.
  4. 20 GB of Disk Space
  5. Horizon 6.x & 7.x
  6. 1 UAG node per 2000 concurrent connections

Once deployed you can access Admin GUI of VMware Unified Access Gateway appliance using

https://<UAG_appliance_hostname_or_IPAddress>:9443/admin/index.html

Conclusion

This summarizes the introduction to VMware Unified Acess Gateway. In next post, I will be covering the deployment of VMware Unified Access Gateway. Hope this will be informative for you, Happy Reading!!. Be social and share if you find worth sharing it.