Preparing the INI File for Deployment
You now learn how the INI file is used to deploy and configure a Unified Access Gateway using PowerShell and how to edit the contents of the INI file for your Unified Access Gateway deployments.
1. Configuring the General Deployment Settings
A INI file containing all the configuration settings is required to deploy the Unified Access Gateway appliance.
In this exercise, you use the uag-2NIC.ini file and fill out the respective parameters for your deployment.
You deploy a new Unified Access Gateway appliance called UAG02, which has two NICs where NIC one is Internet-facing and NIC two for backend and management.
1.1. Open the UAG-2NIC.ini File for Editing
- Click the File Explorer icon on the task bar.
- Click Desktop.
- Click UAG Resources.
- Right-click the uag-2NIC.ini file.
- Click Edit with Notepad++.
1.2. General Settings (1/2)
On the General section, provide the following settings on the INI file:
- Enter
UAG02
for the name field. - Enter the path and name of the OVA File for the source parameter, the OVA file located on
C:\Users\Administrator\Desktop\UAG Resources\UAG Files
. - Enter
vi://[email protected]:[email protected]/Nested_Datacenter/host/Host_Cluster
for the target field.
Note: You can replace 'VMware1!' with 'PASSWORD' and the script will prompt for the password during the PowerShell execution. - Enter
thin
for the diskmode field. - Enter
datastore2_ESXi01
for the ds field (ds refers to data store). - Enter
twonic
for the deploymentOption field.
1.3. General Settings (2/2)
Continuing the General section configuration, set the following values for the parameters on the INI file:
- Enter
STATICV4
for the ipMode field. - Enter
192.168.110.1
for the defaultGateway field. - Enter
192.168.110.10
for the dns field. - Enter
192.168.110.20
for the ip0 field.
Note: ip0 is the Internet-facing NIC. - Enter
172.16.0.20
for the ip1 field.
Note: ip1 is the internally facing NIC. - Enter
255.255.255.0
for the netmask0 and netmask1 fields. - Enter
DMZ_VM_DPortGroup
for the netInternet field. - Enter
Internal_VM_DPortGroup
for the netManagementNetwork and netBackendNetwork fields.
1.4. Configuring TLS/SSL Certificates for Unified Access Gateway Appliance
The SSLCert and SSLCertAdmin contain the information regarding the SSL Certificated for the administration and Internet interfaces.
- Enter
C:\AW Tools\airwlab.com.pfx
for the pfxCerts field under SSLCert (this certificate is for the Internet interface). - Enter
C:\AW Tools\airwlab.com.pfx
for the pfxCerts field under SSLCertAdmin (this certificate is for the administration interface).
The certificate password is requested during the deployment.
1.5. License Edition
VMware Unified Access Gateway is offered in three editions based on the Horizon or Workspace ONE licenses, each Unified Access Gateway edition includes the following features:
- Standard
- Edge service - Horizon, Content Gateway and Tunnel Edge Service.
- Pass through - No edge authentication.
- TLS Port sharing.
- Advanced
- All features from Standard Edition
- Identity Bridging - Cert and SAML to Kerberos / Headers.
- DMZ AuthN / Edge auth- user and device auth - Certificate/Smart Card, SecurID, RADIUS.
- Web Reverse Proxy - without AuthN.
- Enterprise
- All features from Advanced Edition
- High Availability
- End Point Compliance
- Web Reverse proxy - with AuthN
For this deployment licenseEdition=Enterprise
is set on the INI file under [General] section, as this will be the license used on this exercise.
0 Comments
Add your comment