AirWatch Tunnel Admin UI
The AirWatch Tunnel virtual appliance is
ccess Point 2.8 separates the appliance deployment and product configuration steps when using vSphere to deploy AirWatch Tunnel.
Rather than entering all information in the OVF deployment template, this version provides a GUI-based Admin Page to configure and manage the product.
Access Point 2.8 supports multiple Edge Services such as AirWatch Per App Tunnel & Proxy , SEG, Horizon, and IDM. This guide walks you through manually configuring AirWatch Tunnel from the Admin UI. The following section will show additional features and options in the UI as well as troubleshooting steps for AirWatch Tunnel.
AirWatch 9.0+ console allows you to change log levels remotely without needing to restart services. Ideally, the new web-based tools should allow the administrator to manage, configure or troubleshoot without having to log in to the Tunnel server.
Access Point Login
After completing the OVF deployment in vSphere, complete the following steps to complete the Tunnel setup.
- Navigate to https://Tunnel_IP:9443/admin
- Enter "admin" in the User Name field
- Enter the password configured for the API during deployment
- Click Login
Select Configure Manually
Click Select under Configure Manually
Configure Edge Services
- Click the slider to "Show" Edge Service Settings
- Click the Settings Gear next to Per App Tunnel and Proxy Settings
Configure Tunnel Settings
- Enter "https://API_URL.awmdm.com/" in the API field
- Enter "yourAdminUsername" in API Server Username field
- Enter the Password for that account
- Enter the "GroupID" for your Organization Group (case-sensative).
- Enter the hostname for this server that matches what was configured in the AirWatch console
Note: the Admin UI reaches out to the AirWatch API server to retrieve settings based on the hostname entered in the AirWatch Server Hostname field. This should match what you configured in the console for the Tunnel hostname.
Validation
Once settings are saved, the Tunnel server will retrieve the configuration details and servies will startup on that server. One of the easiest ways to validate the setup completed successfully is to run the "Test Connection" from the AirWatch console. This test shows results for the Tunnel Proxy service ONLY. There is no independent test for Per App Tunnel from the console. This is a very high level test and should not be considered the final validation step.
In addition to Test Connection, you can validate the setup by logging in to the server and confirming whether the Tunnel services are running. Ru
Open server from vSphere
Return to the vSphere client
Navigate to "VMs and Templates"
Select the Tunnel server from the list of VMs
Click More Actions, and click Open Console
Login to Server
Enter username: "root"
Enter password for the root account concigured during vsphere deployment
Check Services
After log in, run the command: netstat -tlpn
The response should include services running on 8443 and 2020 (ont he Relay server or Basic Endpoint) Endpoint server will only show the one on 2020.
If you do not see both of these servies, run the following commands to start and check status:
systemctl status vpnd
systemctl status proxy
Confirm Files are downloaded
If the APi call awas successful, you will find all of the configuration files downloaded to the Tunnel folder.
Run: ls -l /opt/airwatch/tunnel/vpnd
Make sure the server.conf file is listed in the folder. Without this file, the Per App Tunnel service cannot run and the API call was not successful. Return to the Admin UI and check your configuration settings. Confirm they are correct, resave, and then repeat this step. If there is still no file, go to the bottom of the Admin UI page and click "Download Log Archive"