Deploy Unified Access Gateway (UAG) 3.0 with Horizon

Deploy Unified Access Gateway (UAG) 3.0 with Horizon

Hi All,

We will be deploying UAG 3.0 for Horizon with this post. As you might be aware, UAG is the next Security server for Horizon. It is also a UNIFIED gateway for other services; Horizon, Reverse Proxy, VMware Tunnel, and SEG (Secure Email Gateway) as tech preview for Airwatch or Workspace ONE!

Edge Services

There are lots of deployment options so use the guides wisely. It can also place in front of VMware Identity Manager as reverse proxy. Please check the latest guides as always as there are lots of new stuff within each versions. You can find the latest at:

I must note that with UAG, the need to 1-1 pair with Connection server is no longer necessary. The UAG can now cross talk to pair of Connection servers:


UAG Topology in DMZ

UAG Topology in DMZ

The deployment is very easy and quick:

  1. Need to download OVF
  2. Deploy OVF
  3. Create DNS records for OVF
  4. Login to Admin interface and configure Edge Services.

Thats all.

Quick recap with screenshots (I am not going into the details of deploying OVF Templates but during the deployment you need to select one, two, nic leg option per your environment and then enter IP/DNS etc.. information into configuration. There is already great guide about this: 

You can also use Powershell to deploy ovf… Up to you.

Once you login to UAG Admin interface https://UAGServer:9443/admin, unhide Edge Services and configure Horizon:


Go to connection server, and edit Tunnel settings, that is Untick all of them



Then you are almost set. One thing you need to remember is that if you  will be using HTML access, due to security settings on Connection server, you need to make some changes to config file:

You need to create (the path is: C:\Program Files\VMware\VMware View\Server\sslgateway\conf) and add one of the followings per your environment to this file:

  • checkorigin=false
  • balancedHost=Loadbalancer FQDN
  • portalHost.1=UAGName1

Please also refer to:

It may also be good idea (recommended) to change the self signed certificate upon installation… Within UAG Admin interface, go to TLS Server Certificate Settings and upload PFX or PEM. For PFX, if you get error as below, try to copy GUID within error message to Alias field:



You may also refer to the video at my another post (although it is in Turkish)

Hope helps.

Good luck.

Bulent Tolu
Latest posts by Bulent Tolu (see all)
Translate »