Home > Blogs > VMware Consulting Blog

Horizon Mirage 4.4: Game Changer for Mobile Workforce Backup and Recovery

John KramerBy John Kramer, Consultant at VMware

I am excited to share what I think is a game changing feature of the new release of Horizon Mirage: its ability to do remote backup and recovery in the cloud. This provides a huge boost in both ease of use and security of end user data on your corporate endpoints.

Previously, using Mirage off network required some form of VPN access to connect to the Mirage servers in the data center, but new enhancements mean that’s no longer the case. With Horizon Mirage 4.4, VMware introduces the Mirage Edge Gateway. Thanks to collaboration between the Mirage development team, the VMware Light House program, and VMware Professional Services, our behind-the-scenes efforts have brought this new feature to all Mirage customers with this release.

This new feature is something I have been asking product management to consider for a while now, as more and more people no longer use VPN to access corporate resources. It’s a pain to constantly log into VPN—a complaint I’ve heard often in my years supporting sales reps who say that the VPN just gets in the way of getting their jobs done.

How Does It Work?
The Mirage Edge Gateway sits in the DMZ of the enterprise network and allows a Mirage client to securely sync with the Mirage servers in the data center whenever a laptop has an active Internet connection.

Deployment is simple. The diagram below gives you an overview of how to put all the pieces together. Most companies have an external firewall and the Mirage Edge Gateway simply sits in the DMZ and proxies Mirage traffic back to the Mirage Cluster that sits on the corporate network.

Mirage Edge Implementation Architecture

There is one main difference between an on-network and off-network Mirage client connection: when off network, all Mirage traffic is directed to the Mirage Edge Gateway during which time the Mirage client will prompt the end user for credentials.

This added layer of security is based on Active Directory or LDAP credentials and a security token is granted for a specific amount of time that a network administrator determines. This means the end user could be prompted for a password once a week, twice a month, or whatever a security team deems appropriate.

Using a security token means end user credentials are not stored or cached and end users aren’t constantly bombarded with prompts for credentials to accomplish a Mirage sync. (I do recommend a longer timeout value versus a shorter timeout because you want to make sure the endpoints are backed up at the end of the day.)

Mirage on Site with Customers

A few customers recently told me that they have remote workers who rarely or never come into the office. In one particular customer’s case, a third of its workforce is completely mobile—meaning 4000 mobile end points. Before Mirage, those mobile workers said they would rather come into the office than log into the VPN.

This is why the Mirage Edge Gateway is such a genius solution. Not only does the Mirage solution allow remote users to protect the data on their endpoints, but also they don’t need to be at the office or on the VPN for backups to take place.

With the addition of the Mirage Edge gateway, Mirage can completely replace cloud-based backup solutions like CrashPlan, Mozy, and Carbonite, with the benefit of allowing IT to securely control the solution in the corporate data center

Commercial cloud-based backup solutions don’t typically offer the image management and layer management features that are included out of the box with Mirage. Furthermore, while Mirage secures mobile workforce data in your corporate data center, it allows both IT and end users flexibility when they need to recover data. For example end users can recover deleted files or previous versions of files directly from Windows Explorer by right clicking a file or folder.

Mirage Edge in Windows Explorer


Mirage also makes a great solution for migrating user data when it comes time for a lease refresh of old endpoints to new hardware. If you’re still running Windows XP, Mirage can help reduce the effort around a Windows 7 migration.

With its remote backup and recovery in the cloud, Mirage means ease of use for remote users and a more secure solution for IT. The only problem now is that those remote users may never head into the office.

John Kramer is a Consultant for VMware focusing on End-User-Computing (EUC) solutions. He works in the field providing real-world design guidance and hands-on implementation skills for VMware Horizon Mirage, Horizon View, and Horizon Workspace solutions for Fortune 500 businesses, government entities, and academics across the United States and Canada. Read more from John at his blog: www.eucpractice.com

10 thoughts on “Horizon Mirage 4.4: Game Changer for Mobile Workforce Backup and Recovery

  1. navendu.bhatt@amdocs.com

    Hi John,

    Thanks for wonderful article on Mirage.

    I am part of Information security Group.

    Could you please help with Deployment best practices & Critical security considerations. mainly in terms for 2 Factor Authentication.

    Best Regards
    Navendu Bhatt

  2. John Kramer

    2 factor authentication is not supported with edge gateway. If would actually make ease of use a lot more difficult and reduce the security of the endpoint data since it’s less likely users will authenticate if forced to use two factor. The idea is to ensure your endpoints data is protected and not constantly prompt users for credentials.

    What good is a backup if it never runs because it’s to difficult for users to authenticate?

    1. navendu.bhatt@amdocs.com

      HI John,

      Is it document somewhere in VMware doc (2 Factor Auth not supported) , I am facing issue to find good documentation for secure design of Mirage GW



Leave a Reply

Your email address will not be published. Required fields are marked *