VMware Tunnel Settings on Workspace ONE UEM Console

When the Tunnel Edge Service is enabled on Unified Access Gateway Appliance it pull out the configuration of the VMware Tunnel from Workspace ONE UEM, for that reason the VMWare Tunnel must be configured first on the Workspace ONE UEM, prior to deployment of the Unified Access Appliance.

This section will walk you through the steps to configure VMWare Tunnel in Workspace ONE UEM Console.

1. Open All Settings

Open All Settings
  1. Click on Groups & Settings
  2. Click on All Settings


2. Open VMware Tunnel Settings

Configure the VMware Tunnel settings
  1. Click System
  2. Click Enterprise Integration
  3. Click VMware Tunnel

2.1. Deployment Details

  1. Select Basic for the Deployment Type. Basic (Single-Tier) means the Unified Access Gateway Appliance will be deployed in the DMZ where the Tunnel Edge Service will be enabled to communicate with the internal network.

    You should have received an email titled Workspace ONE Workshop | Lab Ports and Hostnames, which has the assigned port and hostname values you should enter here.  This email is sent to the account you used to register for VLP and signed into the Workspace ONE UEM Console with.
  2. Enter the DNS address assigned to you for the Hostname field (Format: pool##.airwlab.com).
  3. Enter the Port assigned to you for the Port field (Format: 4###).
  4. Click the Server Authentication tab.

2.2. Configure Server Authentication

The VMware Tunnel service will be configured to use a 3rd party SSL certificate (*.airwlab.com).

  1. Select Third Party for SSL.
  2. Click Add Certificate.

2.2.1. Choose Server Certificate

Click Choose File.

2.2.2. Choose 3rd Party Certificate

  1. Click Local Disk (C:)
  2. Click AW Tools
  3. Click airwlab.com.pfx
  4. Click Open

2.2.3. Enter Certificate Password

  1. Enter [email protected]! for the Password
  2. Click Upload

2.3. Configure Client Authentication

You can choose to use the AirWatch Certificate Authority or a 3rd party Certificate Authority for client authentication.  For the purpose of this lab, you will leave the default option of AirWatch authentication selected.

  1. Click Client Authentication
  2. Ensure AirWatch is selected for Authentication

2.4. Save Tunnel Configuration

  1. Scroll up to the top of the Tunnel Configuration page
  2. Click Save

No further configurations will be made.  Feel free to explore the Networking, Logging, Device Traffic Rules, and Server Traffic Rules sections to see what additional options you can configured for VMware Tunnel.

2.5. (FOLLOW ALONG) Downloading the Unified Access Gateway Installer

NOTE: You do NOT need to download the installer, it has already been downloaded and made available to you.

  1. Once saved, the VMware Tunnel configuration is locked.  To make further adjustments, click Edit.  Once the Unified Access Gateway is deployed, you can test the integration by clicking Test Connection.
  2. In normal scenarios, the preferred method to retrieve the Unified Access Gateway appliance installer is to click Download Installer, which will redirect you to the Workspace ONE Resources Portal where the installers are hosted.

Now that the VMware Tunnel Settings are configured in the console, the next section goes through the process to deploy the Unified Access Gateway Appliance OVF through PowerShell and configure the Tunnel Edge Services as part of the deployment based on the settings configured in Workspace ONE UEM.