Anyone out there have any recommendations for what version of UAG to stay away from for Content Management and Tunnel services? We haven't had much luck finding a version that is without major bugs in it, that would not be an issue for us, since we are heavily dependent on the Content Gateway.
I would go to the latest version, in your acceptance and test it. If your on the really old versions like 3.4, 3.5 they did have some bugs, after you jump a lot of versions on the upgrade, be sure to check your DNS, NTP other settings import on the JSON/iNi, they had a bug going from 3.4 to newer versions it would not transfer them settings, and you manually had to add that back.
What are you using CG for just local internal shares? I know a lot of companies are moving to sharepoint/Onedrive/ETC for this work flow.
Thanks for the input. I usually do that once a year but last year we didn't get a chance to update the UAGs due to time constraints with other projects. The last time we upgraded from 3.1 to 3.9.1 it was a mess and 3.9.1 has been AWFUL to say the least.
Yeah these users are not licensed for MS products (about 8000) and we are looking at a few different solutions this year for the coming year but not going to make any changes this year. It would be great if we could do dynamic document delivery but there are about 6000 docs per day for the train crews. We use UEM Content for those and but we have to mark up the docs and save them for the FRA which requires CG to our on-prem file share that uploads to ECM. I would like to invest in a different method but we are not budgeted for anything.
I would highly suggest if your still on the 3.x versions to upgrade. Take screenshots of all tabs of settings etc. save that ova, stand up your new UAG. Import settings, verify they look good (check NTP and DNS), then start your testing.
Your quite a few versions behind(about 9 versions), (if your using some aspects of the horzion/reverse proxy) VMWARE says to update NOW for the Log4J. Even if your not its a great idea to update this to get all the patches they bundle from a security point of view.
Good luck on your upgrades!!
It seems if you don't wait (5-10 versions) between upgrades the upgrades do go smoother. So maybe just get normal cadence after you get on the latest.
Mitigation instructions to address CVE-2021-44228 and CVE-2021-45046 in VMware Unified Access Gatewa...
What issues have you come across? I am using the latest version of UAG for a customer mostly around patches for log4j and havent come across any issues. However we are not using Content Gateway - only per-app tunnel.
We have been plagued by a bunch of outages on the CG side. At least once a month it goes down and no one can find a single reason why. I have spent 300+ hours pulling my hair out trying to figure it out. Then we have to restart the services for CG every week because it just stops working. We were plagued with an issue getting the logs because it would fill up the space with these weird files as soon as you requested the logs via the admin UI. They had to create a patch to solve that. Now it won't communicate with the console correctly when they moved us to AWS and I had to change the API url to "cn" instead of "as". Support tells me that the version I am on is the worst one they've ever seen.
With that said, I would've upgraded it already but I am tier 1 and they have no patience for down time of any kind...not even 30 minutes. 5 minutes of train delays can cause issues throughout the system for months. We have a dedicated SaaS with a Prod, DEV and UAT but mine are actually just a mirror of my Prod connected to all of the ame Prod systems. So I can test whatever changes I make. I just have to be really certain about the one I apply to my Prod.
I read all of the issues with the latest security breach but it didn't seem to apply to us but would be curious to see when they release the next version if it is already patched.
We use Tunnel but we are working towards a zero trust environment so most things get routed through Okta for 2FA as we move towards that goal. We are also looking into using Zscaler on mobile instead of Tunnel, which would make me very happy!
Which UAG version are you using and what resources are you exposing via CGW, if you don't mind my asking?
No, I don't mind. 🙂 We are on version 3.9.1 currently. Looks like we are going to move towards upgrading to 2111.1 unless they release a newer version before the end of February. We use it to just access on-prem file shares but we are trying to move towards a cloud service like OneDrive and will use their app instead or possibly even using something like Slack. There is a significant cost and effort involved in moving those documents (train bulletins, notices... etc) so not sure if we are going to be able to do that this year or not.