VMware Unified Access Gateway (UAG) is the security gateway for VMware Workspace ONE. It provides secure edge services and access to defined resources that reside in the internal network. This access allows authorized external users to access internally located resources in a secure manner. Today's post covers the updates and features in the Unified Access Gateway release.
For more informattion about Unified Access Gateway Architecture, see the On-Premises Reference Architecture for Workspace ONE and VMware Horizon 7.
Management Experience Improvements
If you've ever forgotten a password, this feature's for you! Now, if you forget the password for the Unified Access Gateway admin portal, you can use the new command-line interface to reset it. Once reset, the admin portal issues a prompt for a new password at the next log-in attempt.
• Admin must be part of the root group
• Root user or any user with root privileges
Logging Enhancements with Syslog
To support regulatory compliance guidelines and to align with log-retention best practices, you can now add Syslog servers to monitor Unified Access Gateway events and audit events.
Customizable Security Headers
Security headers specify how browsers handle site content, providing an additional layer of security for web applications. Now, you can mitigate security vulnerabilities by adding, uploading, or deleting security headers in the Unified Access Gateway admin portal.
The following security headers are available by default:
• Content Security Policy - Defines, and allows the browser to load, approved content sources
• X-XSS-Protection - Enables the cross-site scripting (XSS) filter
• HTTP Strict Transport Security - Forces web browsers to only use HTTPS to access web servers
• X-Frame-Options - Prevents iframes from loading to provide clickjacking protection
• Public-Key-Pins - Associates a public key with a web server to protect users in cases when the certificate authority is compromised.
• X-Content-Type-Options - Prevents browsers from sniffing a response away from the declared content-type.
A new setting in the Unified Access Gateway admin portal enables authentication for web applications that do not support SAML. Now, as part of identity bridging with web reverse proxy, you can configure custom logic based on SAML attributes passed as HTTP request headers to the backend web server.
PowerShell Support for Content Gateway and Identity Bridging
Now, using a PowerShell script, you can automate the configuration of the Content Gateway and Identity Bridging edge services.
In order to use this feature, you must update to the latest PowerShell script version.
Editable Network Settings
Use new settings in the Unified Access Gateway admin portal allow you to edit the network settings (Netmask and Default Gateway) for each NIC* of the UAG Appliance through the Admin UI.
*The Default Gateway is only editable on NIC 1
New UAG Hands-On Lab
Want to try out Unified Access Gateway without making any commitments or impacting your production environment? Then check out HOL-1957-08-UEM: Unified Access Gateway. This hands-on lab will walk you through the following configurations:
• Unified Access Gateway Deployment with vSphere
• Unified Access Gateway Deployment with PowerShell
• Securing Access to Internal Websites through Unified Access Gateway
• Securing Access and Single Sign-On to Legacy Web Applications with Identity Briding
For information about this release's resolved and known issues, please see the Release Notes.