The VMware Unified Access Gateway (formerly called Access Point) is a platform that provides secure edge services and access to defined resources that reside in the internal network. This allows authorized, external users to access internally located resources in a secure manner.

  • Unified Access Gateway can be used for multiple use cases including:
  • Remote access to VMware Horizon 7 desktop and applications.
  • Reverse proxying of web servers.
  • Access to on-premises legacy applications that use Kerberos or header-based authentication with identity bridging from SAML or certificates.
  • Provision of AirWatch or Workspace ONE Per App Tunnels and Tunnel Proxy to allow mobile applications secure access to internal services.
  • Running the VMware Content Gateway service to allow VMware Content Locker access to internal files shares or SharePoint repositories.

Figure 1 : How the VMware Unified Access Gateway works

Unified Access Gateway is usually deployed in the DMZ, run on a hardened version of SUSE Linux Enterprise Server 12.

To enhance security options, Unified Access Gateway provides many integration options for authentication, including smart card, certificates, SAML pass-through, RADIUS, and RSA SecurID. The Unified Access Gateway architecture keeps unauthenticated traffic in the DMZ. Traffic is allowed through to the internal network only after authentication has been successful.

Where a Unified Access Gateway is in use, if VMware users complaint that they are unable to access their desktops/applications, administrators should be able to quickly tell what could be causing the inaccessibility. If administrators are not able to promptly detect and rapidly troubleshoot such inaccessibility issues, then unauthenticated users may gain access to critical resources in the internal network. Sometimes, valid users may also be unjustly denied access to resources. Such eventualities can seriously challenge the high security and operational efficiency of the resources in your network. To avoid this, it is imperative that administrators continuously track the status of the gateway and the user sessions on the gateway, proactively detect a potential abnormality, and rapidly initiate measures to avert the anomaly, well before users complain.  This is where eG Enterprise helps!

eG Enterprise supports continuous monitoring of the availability and overall status of the VMware Unified Access Gateway and the user sessions on the gateway. In the process, the test quickly detects the inaccessibility of the gateway, reveals the count and type of user sessions that may have been affected by this anomaly, and also points to the probable reasons for the inaccessibility.

This discussion elaborates on how eG Enterprise monitors the gateway and what metrics it reports.