How Nginx Plus Delivers Secure And Reliable Access To VMware Horizon UAG Setup In BFSI Enterprise Customers

Application Delivery Platforms | Jan 13, 2026

3 min read

How Nginx Plus delivers secure and reliable access to VMware Horizon UAG setup in BFSI Enterprise Customers

In BFSI environments, secure remote access is a core operational requirement. Banks, financial institutions, stock exchanges, and insurance platforms depend on uninterrupted access for customer servicing, trading and settlement systems, regulatory operations, and internal teams. These environments demand high availability, strong security controls, and predictable behavior during failures, as any disruption at the access layer can directly impact business continuity and compliance.

To address these gaps, we introduced NGINX Plus as a dedicated load balancer in front of multiple VMware Horizon UAG instances. All inbound user traffic terminated at NGINX Plus, which allowed us to control how traffic was distributed and ensure that only healthy gateways were serving users.
Multiple NGINX Plus instances were deployed to avoid introducing any new single points of failure. To manage them consistently, NGINX Instance Manager was implemented centrally, giving us a single place to manage configuration, visibility and lifecycle operations across all load balancers.

Business and Technical Context

In this environment, VMware Horizon was used to provide remote access to internal applications and virtual desktops. Unified Access Gateway acted as the external entry point for all users. Given the scale and sensitivity of large operations, it was clear early on that the access architecture needed to meet a few non-negotiable requirements:

No single point of failure at the gateway layer
Seamless failover without impacting active user sessions
Secure exposure with a minimal public attack surface
Support for multiple Horizon protocols, including Blast
Centralized management and operational consistency

The existing setup did not fully meet these expectations, particularly when it came to predictable failover behavior during gateway outages.

Architecture Overview

Multiple NGINX Plus instances were deployed to avoid introducing any new single points of failure. To manage them consistently, NGINX Instance Manager was implemented centrally, giving us a single place to manage configuration, visibility and lifecycle operations across all load balancers.

Role of NGINX Plus in the Architecture

Advanced Load Balancing

NGINX Plus enabled intelligent traffic distribution across UAG instances. This ensured that traffic was always routed to healthy gateways and removed reliance on any single UAG node.

Multi-Protocol Support

One of the key considerations was support for multiple VMware Horizon protocols. The setup handled:

HTTPS for authentication and management traffic
VMware Horizon Blast protocol for virtual desktop access
Additional supporting protocols required by Horizon services

NGINX Plus handled these protocols reliably, even during peak usage periods.

Session Persistence

Session stickiness was configured so that users remained connected to the same UAG instance throughout authentication and active desktop sessions. This was essential to avoid session drops and maintain a consistent user experience.

Active Health Checks

Health checks were aligned with actual UAG service behavior rather than simple port checks. When a gateway became unhealthy, it was automatically removed from traffic rotation and added back only after services fully recovered.

Security Controls

TLS termination and traffic handling were centralized at NGINX Plus. Only the required ports were exposed externally, while backend communication with UAG instances was restricted to private networks, aligning well with BFSI security expectations.

Key Takeaways

As the number of NGINX Plus instances grew, centralized management became increasingly important. NGINX Instance Manager provided a single control plane that enabled:

Central visibility into all NGINX Plus instances
Consistent configuration management across environments
Easier upgrades and lifecycle operations
Better governance and audit readiness

This approach reduced manual effort and helped prevent configuration drift across the environment.

Outcomes and Benefits

The solution delivered tangible improvements:

Elimination of single points of failure at the access layer
Seamless failover during gateway outages or maintenance
Stable handling of Horizon Blast traffic during peak usage
Improved security posture through controlled exposure
Centralized visibility and simpler day-to-day operations

The access platform is now resilient, scalable and significantly easier to operate.

Conclusion

By using NGINX Plus as the load-balancing layer and NGINX Instance Manager for centralized control, I was able to deliver the availability, security, and operational consistency expected in BFSI environments.

This experience reinforced the importance of designing remote access platforms with resilience and operations in mind and showed how the right application delivery platform can make a meaningful difference in mission-critical enterprise environments.

Managing East-West Traffic in Microservices: NGINX Best Practices

Mar 04, 2025 | 3 MIN READ

Principles of Modern Application Development

Sep 05, 2018 | 19 MIN READ

NGINX Plus vs. F5 BIG-IP: 2018 Price-Performance Comparison

Aug 29, 2018 | 5 MIN READ

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

NGINX sprawl ends here. Meet NGINX Instance Manager

Revolutionize Your CX with
Unified Observability

CloudOps Automation tool for Infrastructure monitoring and deployment.

Indonesia’s top digital credit service provider leverages Ashnik’s PostgreSQL expertise and services

Revolutionize Your CX with Unified Observability

Automate and monitor your PostgreSQL with ease.

The CloudOps Automation Tool for easy Infrastructure deployment and monitoring

Maximize Potential of Your Data with Streaming Data Pipeline Architecture

End-to-End Traceability and Unified Observability for the Modern Infrastructure

Watch: How to auto-scale in deployments using Kubernetes(K8s): A Technical Demo