The following section shows you how to make use of VMware’s Unified Access Gateway (UAG) Appliance to give the enduser access into our virtual Desktop / Remote hosted Applications over an unsecure network like the Internet.
When we are creating this access we have multiple options.
- Using a VPN to ‘tunnel’ into the secure cooperate network environment and connect further to the Horizon View environment.
- Placing a Windows Server in the DMZ and installing/configuring the Horizon View Security Server and make it public accessible.
- Placing the virtual Unified Access Gateway in the DMZ and installing/configuring the Horizon View Security Server and make it public accessible.
What is the / my recommendation nowadays? Go with the Unified Access Gateway. Why?
- It is a general opinion within Security experts that a Windows, even if it’s hardened, offers more attack potentials than a hardened minimal linux.
- Using the Windows based security server creates a 1:1 relationship between the Security Server and the Connection Server, therefore it takes away some access flexibility.
- The UAG is getting more and more features to integrate other solutions like specific Airwatch functionality
- You can make use of the UDP based Blast Extreme Protocol Adaptive Transport protocol that gives you a better remote/user experience even if you are connecting over a lossy network
- It is much easier to operate than the first Access Point versions VMware has made GA a few years ago ;-)
One important aspect of the UAG is that you need to know about the packet-flow between the Horizon Client and the Desktop. You will be dependant on the networking and security guys. Make sure you are able to clearly articulate the requirements and what is going to happen. If you can tell the flow, the other people will be able to help you much better.