Now announcing the latest release of VMware Unified Access Gateway 3.5. New features and enhancements are available for all Workspace ONE and Horizon editions. These include support for Microsoft Azure and Amazon AWS cloud deployments, statistics API for monitoring, support for PCoIP Secure Gateway (PSG) SSL certificate replacement, and more.
What’s New Video
You can see the highlights of this release in the What’s New in Unified Access Gateway 3.5 Deep Dive.
Summary of What’s New in VMware Unified Access Gateway 3.5
VMware Unified Access Gateway just launched the 3.5 release, which includes a variety of enhancements, removing licensing restrictions, additional hypervisors to choose from, and more.
Licensing Restriction Removed
The Unified Access Gateway 3.4 license restriction has been lifted for 3.5. This means that all 3.5 features are available to all Workspace ONE and Horizon editions, whether you have deployed the standard, advanced, or enterprise edition. If you deploy using PowerShell, the licenseEdition property is ignored, and if you deploy using vCenter OVF Deploy, the licenseEdition does not appear at all. Note that if you want to redeploy a 3.4 version, the restrictions still apply, and you must use the licenseEdition.
Support for Microsoft Azure Added
Unified Access Gateway has been supporting Azure for a while through the Horizon Cloud offering, providing secure access to desktops and apps hosted on Azure. In this release, Unified Access Gateway support has been extended to all Edge Services and authentication methods. This means you can now leverage VMware Tunnel, Content Gateway, Web Reverse Proxy, and Identity Bridging to access your internal resources. You must meet the following prerequisites:
- Microsoft Azure prerequisites:
- AzureRM, the PowerShell module, installed on the client machine
- An active Microsoft Azure subscription account
- Azure environment with defined resource group and storage, virtual network configuration, and security groups.
- Unified Access Gateway prerequisites:
- Minimum Unified Access Gateway 3.5 version
- Unified Access Gateway vhd image file uploaded to Microsoft Azure
- PowerShell script (uagdeployaz.ps1)
For more information, see the Unified Access Gateway PowerShell Deployment to Microsoft Azure.
Support for Amazon Web Services EC2 Added
In addition to VMware vSphere, Microsoft Hyper-V and Microsoft Azure, full support is now provided for Amazon AWS EC2 platforms, including support for all Edge Services and Authentication Methods. Note that on Microsoft Hyper-V, support is limited to VMware Tunnel and Content Gateway only.
For more information, see the Unified Access Gateway PowerShell Deployment to Amazon Web Services.
The following additional enhancements have been made available in this release:
- Added support for SSH enabling – You can now enable SSH access during a PowerShell deployment by adding the sshEnabled property to the INI file. Note that it is highly recommended that SSH access be restricted to specific IP address through firewall rules. For more detail, see the Unified Access Gateway 3.6 Deep Dive video.
- Added support for quiesce mode for all Edge Services – You can now apply quiesce mode in preparation for maintenance with no downtime to the users. When you enable quiesce mode, the appliance appears Not Available during a health check, triggering your load balancer to skip the quiesced appliance and send traffic to the next available appliance. The favicon.ico also now reports the health of the Unified Access Gateway, including the VMware Tunnel and Content Gateway.
- Added Unified Access Gateway HA REST API Statistics – A new API now reports high availability statistics for Edge Services through REST API, making it easier to troubleshoot the high availability component. The REST API provides statistics and status for each Edge Service that is enabled on each node, including total statistics and status for the High Availability component. This means you can use third-party monitoring tools to leverage the API to monitor the Unified Access Gateway appliances in High Availability, as well as making troubleshooting easier.
- Replaced PCoIP (PSG) SSL certificate – A new property has been added to resolve concern about self-signed SSL server certificates. The property, called pcoipDisableLegacyCertificate, is set to false by default to allow legacy Zero clients to continue to use the self-signed certificate to connect. You can set this property to true, which prevents legacy Zero clients from connecting and thus, avoiding PCI-DSS false positive reports.
For more information, see Release Notes for VMware Unified Access Gateway 3.5.
Subject Matter Expert
The following people contributed directly to the creation of this blog post:
- Andreano Lanusse, Staff Architect for VMware EUC Technical Marketing, subject matter expert for Unified Access Gateway