December 16, 2024

Omnissa’s New Standalone Tunnel Deployment Method: Embracing Modern Software Architecture

Attention tech professionals! Say goodbye to traditional virtual machine-based software deployments and hello to Omnissa's game-changing new standalone Tunnel Deployment method. Embrace modern software architecture with increased portability, flexibility, and ease of management. Learn why transitioning to this agile model can simplify and streamline your gateway software management.

In the rapidly evolving world of enterprise IT infrastructure, the shift from traditional virtual machine (VM)-based software deployments to more agile and scalable containerized solutions have been a game-changer. This transformation brings with it numerous benefits, including increased portability, flexibility, and ease of management. For software vendors like Omnissa, this evolution is paving the way for delivering enhanced value to customers through innovative deployment strategies driven by the need for agility, ease of management, and consistent performance across diverse environments.

In this blog, we’ll explore the key differences between deploying Tunnel as part of Unified Access Gateway and the new Tunnel deployment method on containers and explain why moving to the latter can provide your team with a host of advantages. Let’s dive into how the transition can simplify and streamline the way you manage your gateway software.

Unified Access Gateway: The Legacy Approach

The Unified Access Gateway (UAG) is an all-in-one solution that combines essential gateway services (edge services) into a single virtual machine (VM). These edge services include Secure Email Gateway (SEG), Tunnel, Content Gateway, Web Reverse Proxy and Horizon. The UAG is deployed as an appliance and provides some key features:

  • All-in-One VM: UAG packages everything needed for secure access into a single virtual machine, making initial setup relatively straightforward.
  • Hardened by Omnissa: The virtual machine is pre-configured with minimal dependencies, providing a secure and streamlined environment.
  • Patch Management: Patches are provided by Omnissa in the form of new VM releases. This requires redeployment of the entire VM to apply updates.
  • Upgrade Process: Upgrading UAG requires redeploying the entire VM at the hypervisor level, leading to potential downtime and operational complexity.

While UAG offers simplicity in the form of a single, ready-to-use VM, it has some limitations in terms of flexibility and upgradeability. As the software evolves or needs to be patched, the entire VM must be replaced, which can be both operationally and organizationally challenging for some.

New Tunnel Deployment: The Modern Alternative

On the other hand, the new Tunnel Deployment method based on containers takes a modular and flexible approach by separating the application from the underlying infrastructure. Rather than bundling everything into a single VM, the gateway software is packaged as a container, which runs on a host OS with Docker installed. The deployment of Tunnel in a container introduces some key features:

  • Separation of Artifacts: The application (the tunnel gateway) and the host OS are decoupled, meaning they can evolve independently.
  • Flexible Patching: With containers, patches are only required for the container itself. The only prerequisite is the Docker engine, which simplifies the patching process.
  • Simplified Deployment: Tunnel is managed through a new CLI tool called dux, that abstracts away the complexities of Docker and Kubernetes, enabling admins to deploy and manage Tunnel gateways without specialized expertise. This tool simplifies the entire deployment process and includes features like managing multiple gateways, creating deployment templates, and troubleshooting in real-time.
  • Simplified Software Upgrades: Unlike UAG, where upgrades require redeployment of the entire VM, Tunnel container deployment allows for in-place upgrades of the tunnel gateway, reducing downtime and simplifying the process.
  • Role Separation for Admins: Many organizations separate the roles of Infrastructure Admin (managing the underlying Docker hosts and infrastructure) and Application Admin (managing the Tunnel container deployment). This separation ensures that operational tasks related to hypervisor or host-level changes are distinct from those related to application configuration, reducing operational complexity and improving security.

The flexibility offered by containers ensures that organizations can scale their deployment easily, update components independently, and ensure consistent performance across different environments.

Evolution of Software Packaging: Why Containers Matter

Containers represent a significant shift in how software is packaged, deployed, and managed. For Omnissa and other software vendors, containers offer numerous benefits:

  • Portability: Containers encapsulate the application and its dependencies, making them portable across different environments without needing specific prerequisites on the host system.
  • Isolation: By running in their own isolated environment, containers prevent conflicts with other software running on the same system.
  • Consistency: A containerized application behaves the same way in development, staging, and production environments, ensuring reliability and consistency. This consistency also makes it easier for us to support, as the development environment (Omnissa engineering) closely mirrors the customer environment, minimizing discrepancies and troubleshooting challenges.

This shift enables Omnissa to deliver secure, high-performance solutions with less overhead and more flexibility for customers.

Simplified Deployment Strategy and Separation of Roles

The new deployment strategy for Tunnel is designed for simplicity and flexibility, consisting of two phases with clear separation of roles.

A diagram of a computer network Description automatically generated

  1. Deploy the Host OS with Docker (Infrastructure admin)

The first step in the deployment process is to deploy a host OS that runs Docker. This can be:

  • Customer’s preferred Linux OS.
  • Omnissa-provided, pre-configured, hardened host (coming soon).

The host OS is configured with minimal dependencies, ensuring a lightweight, secure, and stable environment for running the Tunnel container. Docker is then installed on the host to enable containerization.

  1. Deploy the Tunnel Gateway (Application admin)

Once the host OS is in place, the Tunnel Gateway package is deployed as a Docker container. The gateway package has zero host dependencies aside from Docker, which allows for a streamlined deployment process. The container inherits the network configuration from the host OS.

To simplify the deployment process, Omnissa provides a command line interface tool (dux), which allows admins to manage and deploy the Tunnel Gateway container without requiring deep knowledge of Docker or Kubernetes.

How This Solves Existing Challenges

The new Tunnel deployment method solves several common challenges faced by organizations using traditional, monolithic virtual machines for gateway services:

  1. One-Time Host OS Deployment

With container deployment, the host OS is only deployed once during the lifecycle of the gateway. This minimizes interactions with the hypervisor admin and allows admins to use their native hypervisor tools to manage the environment.

  1. Safe Host OS Patching

Patching the host OS can be done without impacting the gateway software. Administrators can patch the host OS independently, without waiting for a new VM release or Omnissa’s approval for patches.

  1. In-Place Software Upgrades

Omnissa software can be upgraded in place by simply upgrading the container itself. No changes are needed to the host OS, and no redeployment is required, which reduces downtime and simplifies maintenance.

  1. Optimized OS Template

Omnissa provides a Base OS Template that includes only the necessary packages for running Tunnel, ensuring that the OS is lightweight and optimized for performance. Docker is added to the template to enable container deployment.

  1. Customer Flexibility

Customers have options when choosing the host OS:

  • Use Omnissa’s FOSS (Free and Open-Source Software) template.
  • License Alma Linux from a vendor (optionally).
  • Build a custom Linux OS image based on Omnissa’s recommendations.

This flexibility allows customers to choose the best-fit operating system for their environment while ensuring compatibility with Omnissa’s Tunnel Gateway software.

The “dux” Tool: Simplified Deployment

Omnissa’s dux is a cross-platform CLI tool for lifecycle management of Tunnel server, it’s a tool designed to make deploying and managing Tunnel containers as simple as possible. For customers of UAG, dux can most easily be understood as a replacement for actions you would take from the UAG Admin console as well as for actions at the hypervisor layer.

Figure 1: dux CLI can be used from a client machine or one of the hosts

The dux CLI abstracts away the complexities of Docker and Kubernetes, enabling admins to deploy and manage Tunnel gateways without specialized expertise, with some key features:

  • Manage Multiple Gateways: Deploy and manage multiple Tunnel containers at once.
  • Template Support: Create and reuse templates (manifest files) to ensure consistency across deployments.
  • Monitoring and Troubleshooting: View stats, collect logs, and search for devices across all deployed Tunnel servers.

Deploying Tunnel Container in Three Simple Steps

Deploying Tunnel Gateway containers is a straightforward procedure. By leveraging dux, you can seamlessly deploy Tunnel Gateways in just three simple steps. Whether you're scaling up for increased traffic or upgrading to the latest version, this following summary guides you through the steps required to prepare your host environment, configure the deployment, and get your Tunnel Gateway containers up and running quickly.

A screenshot of a phone Description automatically generated

Let’s dive into how you can streamline your Tunnel deployment process with minimal effort and maximum efficiency.

  1. Prepare the Host VM:
    • Obtain the Linux distribution of your choice.
    • Size the VM based on the number of concurrent connections (use configmax.omnissa.com for sizing guidelines).
    • Install Docker on the VM.
    • As best practice, create a template of the fully configured VM when deployments multiples tunnel gateways.
  2. Set Up dux and tunnel images:
    • Install the dux CLI.
    • Set up dux on your client machine or one of the hosts.
    • Download the Tunnel container image from the Workspace ONE Portal.

A white screen with black text Description automatically generated

Figure 2: Available commands for dux CLI

  1. Verify Manifest and Deploy:
    • The manifest file serves as a configuration template for deploying multiple Tunnel servers. It can define settings for single or multi-server deployments.
    • Use dux init command to create and prepare the manifest file.
    • Use dux deploy command to deploy or upgrade the Tunnel Gateway containers.

A screenshot of a computer Description automatically generated

Figure 3: Example of Manifest file to deploy two servers in basic mode

A screenshot of a computer Description automatically generated

Figure 4: Example of Manifest file to deploy two servers in cascade mode

Troubleshooting with dux

When comes to troubleshooting, dux provides useful commands for troubleshooting and monitoring your deployments in real-time, even in a multiple host deployment a single command can obtain the logs of all host and download in a single place. Here a list of some commands available for troubleshooting:

  • Get Logs: dux logs
  • Follow Logs: dux logs -f (view live logs from a specific server or IP)
  • Override Log Levels: dux log-override -l <level> -d <duration> (adjust log verbosity)

These tools make it easier to troubleshoot issues and ensure that the Tunnel Gateway is running smoothly across all environments.

Conclusion: The Future of Gateway Deployments

While the Unified Access Gateway (UAG) provides a reliable, all-in-one solution, the Tunnel standalone deployment offers unparalleled flexibility, scalability, and ease of management. By decoupling the gateway software from the underlying infrastructure, Omnissa is providing a more agile and efficient deployment model that reduces downtime, simplifies upgrades, and scales with your business needs.

This new standalone method along with dux CLI, makes the deployment and management of Tunnel Gateways easier than ever, even for teams with limited Docker or Kubernetes expertise. Whether you’re dealing with frequent updates, large-scale deployments, or simply want more control over your infrastructure, Tunnel standalone deployment offers the modern solution for today’s enterprise environments.

To learn more and see Tunnel Deployment in a Container in action watch the Omnissa Tech Deep Dive webinar: Introducing Workspace ONE Tunnel Container Deployment.

 

You can also learn more and connect with us:

  • Connect: Reach out to Omnissa’s product specialists and industry experts at community.omnissa.com.
  • Learn: Explore how Omnissa’s products and solutions can address your business needs at techzone.omnissa.com.
  • Reference: Access the latest resources and documentation for Tunnel Container Deployment at docs.omnissa.com.

Filter Tags

Horizon Horizon Unified Access Gateway Blog Announcement

Andreano Lanusse

Read More from the Author

Staff Architect, End User Computing. Andreano Lanusse is an experienced professional with a diverse background in multiple technologies, including the Omnissa portfolio. He has successfully led some of Omnissa's largest Digital Workspace deployments within the financial sector. In his role as Staff Architect, he serves as a subject matter expert, empowering the technical community through the creation of comprehensive technical content across the Omnissa Platform, Security, and Workspace ONE. His contributions include developing Reference Architectures for Workspace ONE and Horizon, fostering innovation and best practices in digital workspace solutions.