MetaAccess can be leveraged by VMware Unified Access Gateway (UAG) 3.1+ and Horizon clients 7.3.1+ for Windows and macOS. Now VMware Unified Access Gateway provides enhanced compliance checking capabilities for Horizon Client access to virtual desktops and RDS hosted applications. Learn more about this integration.
By integrating MetaAccess into VMware Unified Access Gateway solutions, administrators are able to check remote devices for:
Vulnerabilities - Detect vulnerabilities on endpoints in installed applications and operating systems.
Enhanced Compliance - Get greater visibility into the status of installed security applications such as hard disk encryption and system information such as password protection to ensure devices are compliant with existing policies.
Unwanted Applications - Detect and remove non-compliant or unwanted applications such as peer-to-peer applications from a remote device.
Advanced Threat Detection - Utilizing two methods of advanced threat detection, MetaAccess helps identify potential threats that existing anti-malware software might not protect against.
Portable media scanning and access control - MetaAccess protects organizations against threats from portable media on the endpoints, a common attack vector for malware
You can set up a MetaAccess account to manage up to 50 devices with free of charge. Start Trial Now
1. Why does a user can access VDIs even their device is non-compliance through web access?
The Horizon Endpoint Compliance feature with OPSWAT MetaAccess is currently supported for VMware native Horizon clients. With HTML Access, no policy check is made. However, you can turn on or off the disable HTML access setting on VMware UAG to either fully deny or allow access.
To deny all HTML access, you can follow the below steps:
Log into VMware UAG console admin
Open Edge Service Settings > Horizon Settings
Turn on "Disable HTML Access" setting
2. Does this integration support Android users?
This integration may work on some Android devices if the VMware Horizon app and OPSWAT Mobile app can retrieve a device MAC address. But the user needs to install OPSWAT Mobile app and enroll it to your MetaAccess account.
3. Does this integration support iOS users?
From VMware UAG version 3.8+, it now supports iOS users. The user experience will be different compared with the user experience on PCs.
4 What domains and IP addresses should I whitelist on my firewall/proxy?
If your devices or your UAG sit behind a firewall or a proxy, you need to whitelist domains to allow UAG and devices talk to OPSWAT MetaAccess. See more details at How do I configure OPSWAT Client to work with a proxy or outbound firewall?
Y ou need to configure UAG outbound connection to Internet which is on the Internet facing NIC to able to contact the OPSWAT MetaAccess servers, please refer VMware documents for more details. Please note that the domain gears.opswat.com is not assigned static IP addresses. If you need static IP addresses to configure on UAG/firewall, we have domain dapi.opswat.com as an alternative domain for gears.opswat.com and it's assigned static IP addresses.
5. Where can I find OPSWAT on-demand Client's log when it's triggered from Horizon Client?
You can find OPSWAT On-demand Client's log at
Windows: C :\Users\<username>\AppData\Local\VMware\VMware Horizon View Client\Code Cache\<uuid>\ while Horizon Client session is still on.
macOS: Desktop folder
6. Why couldn't Horizon Client distribute OPSWAT on-demand Client on devices?
The minimum version of Horizon Client that supports this feature is 5.4 and make sure you upload an on-demand client to Unified Access Gateway.
If a user runs an older version, please upgrade Horizon Client to a version 5.4.
If a user already run Horizon Client 5.4.x, please contact VMware support to troubleshoot the issue.
To restrict minimum Horizon Client running on a device, you can refer this guideline on VMware
7. Why couldn't Horizon Client distribute OPSWAT on-demand Client on macOS devices?
This is a known issue if you are running Horizon Client version 5.4.x and previous versions and your administrators do not add any parameters into CLI on UAG. As a workaround solution, you should add parameters to the CLI on UAG, such as /log 1 as the below screenshot to fix it.
For more information about parameters available on OPSWAT Client, you can visit this document.
This article was last updated on 2020-09-23