Why use Unified Access Gateway(UAG) over Client VPN?

Posted on 23 May 201824 May 2018 by Arun PC

Lots of customers use VPN to access virtual desktops and apps instead of directly landing on an application proxy from the internet. One of them quizzed me on the merits and demerits of using VMware UAG versus Client VPN to access Horizon Desktops and Apps.

Before doing a compare and contrast, the following are what both UAG and Client VPN have in common:

Provide remote access to Horizon apps and desktops hosted internally.
Authenticates(additionally multi-factor) users before establishing a connection.
Endpoint scanning capabilities to check for Windows Patch level, AV update and so on.

The following are the merits of UAG and a Client VPN like Cisco AnyConnect.

Merits and Demerits of VMware UAG versus VPN

Merits	Demerits
Security – Main difference is the Access Control is at the application layer and not at the network layer. Users access applications/desktops only and users’ network is not patched to the internal network like a Client VPN.	Extra Servers – UAG Servers need to be stood up in DMZ. If the customer already has an existing VPN solution, this could additional setup.
User Experience – While using VPN, user requires to do two steps to connect to Horizon apps and desktops. 1. Connect to Client VPN 2. Login to Horizon Client If UAG is setup, users can directly access Horizon from internet using a public URL instead of logging in via a VPN.	Teams – Often times, VDI teams could be different from network and security teams and it maybe cumbersome to go through the various approval processes to stand up UAG server in the DMZ.
Performance – Blast Extreme, PCoIP are UDP based protocols are secure by design and optimized for real-time traffic like audio and video. When these streams are encapsulated and forced into TCP packets by SSL VPNs, the performance can drop significantly.	Size of implementation – For small setups and certain user groups, it may still be okay not to have the most optimal and performant delivery methods.

Hope the info helps!

Published by Arun PC

Technologist, lover of books, father, son, friend. Life long student. View all posts by Arun PC

2 thoughts on “Why use Unified Access Gateway(UAG) over Client VPN?”

Anand Johnson 31 May 20185:15 pm Reply

Well expalined .
1. Arun PC 4 Jun 20187:29 am Reply
  
  Thanks Anand for your response!

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s

%d bloggers like this: