VMware View Security Server vs Unified Access Gateway

Just a little post about which product to choose, as I was at a customer who is running VMware Horizon View 7.4 and still using Security Servers.

While Security Server is still supported (for 7.4), why should’t you use UAG instead?

Well, this is interesting, because the story of this customer was:
– Already having Security Servers and for UAG some firewall / network changes have to be done
– Systems are already reserved for this purpose
– No knowledge of implementing UAG
– And last (and often heard of) but not least: we are familiar with Security Server, we don’t want to go to UAG

Well, the last one, I can image from a customer perspective, when it works, don’t change IT… IT might break then…

But, there are a lot of advantaged of using UAG against the Security:
– No need for pairing Security Servers with Connection Servers (so, current customer can decommission 2 Security Servers and 2 Connection Servers), that’s not entirely true, because for the Security Server we deploy UAG’s, so only less Connection Servers are needed.
– Security Server is in DMZ, Security Server is a Windows Machine…do I need to say more? Something with hardening, security etc. With UAG, you have a hardened Linux Appliance! Way more secure!
– Easy to implement! UAG installation is way more easy instead of deploying a security server, the UAG versions have a nice GUI, so installation is way more easy.
– UAG is secure out of the box! (just remember to change the password though 🙂 )
– It is possible to separate traffic, you can have a UAG with 1 NIC, 2 NIC’s or 3 NICS, where with 1 NIC it is the same situation with a Security Server. 2 NIC’s you separate DMZ Internet with DMZ Internal Traffic (where internal/management traffic is over 1 Interface (NIC). And 3 NIC’s where every part has its own network, 1 NIC for DMZ Internet, 1 NIC for DMZ Internal Traffic and 1 Interface for DMZ Internal Management Traffic. So every part is separated and thus more secure!
– When you have the UAG up and running, you export the configuration. Whenever the appliance breaks due to mistakes, security breaches or whatever, you deploy a new UAG, import the Configuration and you’re done! (Against a full installation of a Security Server)
– Installation of the UAG is scriptable! So this easies the installation proces and speeds up the deployment time.
– When you need to upgrade the appliance, you can do an in-place-upgrade, or just roll-out a new version and import the configuration! Easy as that!

So, I guess there are no reasons for customers to stay with Security Server, and soon upgrade to a UAG (unless there is a specific very good reason for keep using the Security Server)

In the next blog I will go through the Installation&Configuration proces of a UAG!