Certificate Authentication for Horizon View Access with UAG

Unified Access Gateway (formally Access Point) is used to secure external access for a Horizon View.  There are numerous advantages over using Security Servers, which are still supported, noticeably the lower resources required to run and the removal of the necessity to pair with a dedicated connection server.  Not to mention the lack of Windows!  In a multi-site environment with redundancy that is a significant reduction in deployed resource.

Anyway, I wanted to run through deployment of UAG with certificate-based authentication (something else you cannot do with Security Server), in this example I am going to use a user cert provided by an internal Certificate Authority as part of 2FA requirement.  I’ll go through the stages which I took to get it working – it roughly breaks down in to 3 parts.

Part 1 – Prepare Certificate Auto-Enrolment

I’m using an internal MS certificate authority in my lab.

Part 2 -  Deploy & Configure UAG

The recommended way to deploy UAG is with Mark Benson’s powershell script which is available here.

https://communities.vmware.com/docs/DOC-30835

This works well but you have to be particular with the syntax around the target values. You create an .ini file based on the examples and documentation in the link and run the script which uses those settings.

Part 3 – Check Settings and Test

Now the appliance has been deployed we can check the settings and test that the cert authentication is working as desired.

These are the steps I took to get it working in a lab environment.  When deploying in production, the cert check must be performed on the UAG device(s) so if you are using 2 or more appliances behind a load balancer then pass-through will need to be configured.

Happy deploying!

To understand more about how you can change the way you manage your users desktops, watch the short video below: