What’s New in VMware UAG 3.10
The 3.10 version of the Unified Access Gateway was released early July but I have only recently been getting some experience deploying it at clients. Here are my thoughts on the features that I have found interesting in this release.
Admin Disclaimer Text
In this version, you can now make all your auditors happy with the new Admin Disclaimer Text. This disclaimer can be added via the UI or via the Powershell.ini. It will display on the admin page that must be accepted before an Administrator can log in and do admin stuff. For Powershell, you can add to the [Horizon] section with the following line:
adminDisclaimerText=This is a sample message.
You can find the Admin Disclaimer in the UI under System settings.
More Support Logs
The System Logs Archive Directory now includes cpu.info, mem.info, sysctl.log, and journalctl_archive. This may seem trivial but with the recent surge of usage during the pandemic, I’ve seen a ton of CPU and MEM issues that would have been caught quicker with these logs for support.
Full CPU usage
In past versions, when a UAG’s CPU would hit 90%, it would begin responding to HTTP requests with 503 errors while it was overloaded. The new limit is now 100% which basically means it will no longer send out 503 errors. If you are using 503s for load balancing monitoring, you can configure the value lower in the UI so it triggers.
Updated TLS and Ciphers
There are new ones for TLS 1.2 and 1.3. Check the release notes for the particulars. The Blast component bumped up support from 1.1 to TLS 1.2 only now.
How to get an A+ from Qualys SSLLabs on your Horizon UAG deployment.
So after a recent deployment of VMware’s Universal Access Gateway appliance (v3.3.0), it seems that out of the box, this appliance gets a B grade from SSLLABS.COM. Obviously you want to make sure you get an A rating from a security perspective so here are the steps we took to achieve an A+ rating on […]
That’s about all the ones that interested me. There are a bunch of minor fixes and a few more known issues but you can read about them all in the release notes referenced above.