Lab Guidance

Note: It may take more than 90 minutes to complete this lab. You should expect to only finish 2-3 of the modules during your time.  The modules are independent of each other so you can start at the beginning of any module and proceed from there. You can use the Table of Contents to access any module of your choosing.

The Table of Contents can be accessed in the upper right-hand corner of the Lab Manual.

The Unified Access Gateway can empower your digital workforce by allowing authorized users and devices to securely access internal resources from anywhere.  Learn how to deploy the Unified Access Gateway and understand best practices and deployment configurations for enterprise-level security.  Explorer how the Unified Access Gateway can also provide secure access to internal web applications through certificate authentication and Identity Bridging configurations to cover a variety of use cases.

Lab Module List:

  • Module 1 - Unified Access Gateway Deployment with vSphere (30 minutes) (Beginner) Learn how to deploy Unified Access Gateway using vSphere Web Client and the different aspects of network and certificate configuration when deployment the Unified Access Gateway.
  • Module 2 - Unified Access Gateway Deployment with PowerShell (30 minutes) (Intermediate) Install and configure the Unified Access Gateway using PowerShell.  Explore additional deployment and management use cases for recommended security design strategies.
  • Module 3 - Web Reverse Proxy secure access to Internal Websites (60 minutes) (Intermediate) The Unified Access Gateway is the Security Gateway for Workspace ONE that provide secure access to internal resources for external users. Learn how to configure Web Reverse Proxy using Device Certificate for authentication to legacy Web applications to restrict access to specific devices.
  • Module 4 - Identity Bridging and Single Sign-On access to Legacy Web Applications (60 Minutes) (Intermediate) Learn how to setup Identity Bridging to provide Single Sign On to legacy Web Applications using Kerberos Constrained Delegation (KCD), allowing VMware Identity Manager to act as identity provider integrated with Unified Access Gateway to handle user authentication by acting as a service provider by converting the incoming SAML assertion to Kerberos.

 Lab Captains:

  • Roger Deane, Sr. Manager, Technical Marketing, USA
  • Andreano Lanusse, EUC Staff Architect, USA
  • Chris Halstead, EUC Staff Architect, USA
  • Justin Sheets, Sr. Technical Marketing Architect, USA
  • Shardul Navare, Sr. Technical Marketing Architect, USA

This lab manual can be downloaded from the Hands-on Labs Document site found here:

This lab may be available in other languages.  To set your language preference and have a localized manual deployed with your lab, you may utilize this document to help guide you through the process:

Location of the Main Console

  1. The area in the RED box contains the Main Console.  The Lab Manual is on the tab to the Right of the Main Console.
  2. A particular lab may have additional consoles found on separate tabs in the upper left. You will be directed to open another specific console if needed.
  3. Your lab starts with 90 minutes on the timer.  The lab can not be saved.  All your work must be done during the lab session.  But you can click the EXTEND to increase your time.  If you are at a VMware event, you can extend your lab time twice, for up to 30 minutes.  Each click gives you an additional 15 minutes.  Outside of VMware events, you can extend your lab time up to 9 hours and 30 minutes. Each click gives you an additional hour.

Alternate Methods of Keyboard Data Entry

During this module, you will input text into the Main Console. Besides directly typing it in, there are two very helpful methods of entering data which make it easier to enter complex data.

Click and Drag Lab Manual Content Into Console Active Window


You can also click and drag text and Command Line Interface (CLI) commands directly from the Lab Manual into the active window in the Main Console.  

Accessing the Online International Keyboard

You can also use the Online International Keyboard found in the Main Console.

  1. Click on the Keyboard Icon found on the Windows Quick Launch Task Bar.

Click once in active console window

In this example, you will use the Online Keyboard to enter the "@" sign used in email addresses. The "@" sign is Shift-2 on US keyboard layouts.

  1. Click once in the active console window.
  2. Click on the Shift key.

Click on the @ key

  1. Click on the "@ key".

Notice the @ sign entered in the active console window.

Activation Prompt or Watermark

When you first start your lab, you may notice a watermark on the desktop indicating that Windows is not activated.  

One of the major benefits of virtualization is that virtual machines can be moved and run on any platform.  The Hands-on Labs utilizes this benefit and we are able to run the labs out of multiple datacenters.  However, these datacenters may not have identical processors, which triggers a Microsoft activation check through the Internet.

Rest assured, VMware and the Hands-on Labs are in full compliance with Microsoft licensing requirements.  The lab that you are using is a self-contained pod and does not have full access to the Internet, which is required for Windows to verify the activation.  Without full access to the Internet, this automated process fails and you see this watermark.

This cosmetic issue has no effect on your lab.  

Look at the lower right portion of the screen

Please check to see that your lab is finished all the startup routines and is ready for you to start. If you see anything other than "Ready", please wait a few minutes.  If after 5 minutes you lab has not changed to "Ready", please ask for assistance.


Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.