Notes from the lab: VMware Workspace ONE and the home-lab setup for one external IP

Just a quick blog for setting up your home-lab and use all the VMware Workspace ONE services on the UAG’s with one external IP.

Our starting point is based on the following articles:

Unified Access Gateway Appliances Deployed in a Double DMZ (vmware.com) – follow the steps for double DMZ deployment,  Minimum/Optional Horizon Protocols and if needed switch the ports to be used for BEAT, take note that UDP 443 is by default reserved on the UAG see Solved: Can BEAT run over a different port than UDP 8443? – VMware Technology Network VMTN

About TLS Port Sharing (vmware.com) – get a SAN or wildcard certificate so that all services can have a unique FQDN externally and are using this as a Proxy Host Pattern entry on each UEM service in the UAG

On-Premises Hardware Considerations (vmware.com) – for production scenario’s regarding sizing the UAG’s if needed for a home lab just keep it simple and small

So, we should have at least one UAG for all the UEM services configured with a reverse proxy instance putting it all to the second UAG which houses the Horizon edge service. This is the one edge service that cannot be combined when all the other UEM services are enabled on one UAG.

UAG1:

Unique URL for reverse proxy that points to Horizon UAG (the normal URL which you would give in a UAG for Horizon deployment)

Unique URL for Tunnel

Unique URL for SEG

Unique URL for Content

UAG2:

Same URL for Horizon service as on the UAG1 deployment and configured to point to all the Horizon services.

 

Happy lab adventures and there is a next post coming regarding IPV6 in the future!


Posted

in

, ,

by