You can, the recommended method in the reference architecture says use split dns, but they can be used separate. There is one exception, if you have the secure gateways enabled on the connection server, you can't enable them on the UAG because only one or the other can use them.
By secure gateways you mean the options for PCoIP Secure Gateway and Blast Secure Gateway?
I have both enabled so that users sessions are tunneled, brokered and maintained through the Connection Server.
1 person found this helpful
Yes, if you want to use a uag, you wither need to disable those or install a replica connection server and disable it on it and point the uag to the replica.
Awesome, that is making sense now. Is there another configuration with two UAGs in front of the Connection Server?
UAG 1: NO RSA
UAG 2: RSA
This way I can turn off the Secure Gateway on the Horizon Connection server and the UAGs then manage the tunneling.
Yes, you can deploy 2 UAG in front of the Connection servers with one RSA enable and other without 2 factors.
However, you need to have 2 different public URL ( one for 2FA UAG and one without 2FA UAG )
Thank you for the response. I will be going with the UAG to replica route for the time being. Too many impacts with taking down the current access and standing up the new, at least with the lack of lead time that I have. I appreciate your input on this.
Like was mentioned before yes, the UAG is basically a proxy for the connection server that can handle the user connection instead of the connection server. There isn't a 1-1 relation ship like there is with the older security servers. What I currently do is use one address, but we use sourced based routing on the load balancer to route different networks to different UAGs. The external UAG has radius enabled, and is only used by external networks, anything that we labeled as internal comes to the internal UAGs. We have them pointed at different connection servers and use connection server tags to prevent some desktops from being available on the external uags as well.