Preparing the INI File for Deployment

You now learn how the INI file is used to deploy and configure a Unified Access Gateway using PowerShell and how to edit the contents of the INI file for your Unified Access Gateway deployments.

1. Configuring the General Deployment Settings

A INI file containing all the configuration settings is required to deploy the Unified Access Gateway appliance.

In this exercise, you use the uag-2NIC.ini file and fill out the respective parameters for your deployment.

You deploy a new Unified Access Gateway appliance called UAG02, which has two NICs where NIC one is Internet-facing and NIC two for backend and management.

1.1. Open the UAG-2NIC.ini File for Editing

Editing UAG-2NIC.ini
  1. Click the File Explorer icon on the task bar.
  2. Click Desktop.
  3. Click UAG Resources.
  4. Right-click the uag-2NIC.ini file.
  5. Click Edit with Notepad++.

1.2. General Settings (1/2)

General Settings 1/2

On the General section, provide the following settings on the INI file:

  1. Enter UAG02 for the name field.
  2. Enter the path and name of the OVA File for the source parameter, the OVA file located on C:\Users\Administrator\Desktop\UAG Resources\UAG Files.
  3. Enter vi://[email protected]:[email protected]/Nested_Datacenter/host/Host_Cluster for the target field.
    Note: You can replace 'VMware1!' with 'PASSWORD' and the script will prompt for the password during the PowerShell execution.
  4. Enter thin for the diskmode field.
  5. Enter datastore2_ESXi01 for the ds field (ds refers to data store).
  6. Enter twonic for the deploymentOption field.

 

1.3. General Settings (2/2)

General Settings 2/2

Continuing the General section configuration, set the following values for the parameters on the INI file:

  1. Enter STATICV4 for the ipMode field.
  2. Enter 192.168.110.1 for the defaultGateway field.
  3. Enter 192.168.110.10 for the dns field.
  4. Enter 192.168.110.20 for the ip0 field.
    Note: ip0 is the Internet-facing NIC.
  5. Enter 172.16.0.20 for the ip1 field.
    Note: ip1 is the internally facing NIC.
  6. Enter 255.255.255.0 for the netmask0 and netmask1 fields.
  7. Enter DMZ_VM_DPortGroup for the netInternet field.
  8. Enter Internal_VM_DPortGroup for the netManagementNetwork and netBackendNetwork fields.

1.4. Configuring TLS/SSL Certificates for Unified Access Gateway Appliance

Select Name and Location

The SSLCert and SSLCertAdmin contain the information regarding the SSL Certificated for the administration and Internet interfaces.

  1. Enter C:\AW Tools\airwlab.com.pfx for the pfxCerts field under SSLCert (this certificate is for the Internet interface).
  2. Enter C:\AW Tools\airwlab.com.pfx for the pfxCerts field under SSLCertAdmin (this certificate is for the administration interface).

The certificate password is requested during the deployment.

1.5. License Edition

VMware Unified Access Gateway is offered in three editions based on the Horizon or Workspace ONE licenses, each Unified Access Gateway edition includes the following features:

  • Standard
    • Edge service - Horizon, Content Gateway and Tunnel Edge Service.
    • Pass through - No edge authentication.
    • TLS Port sharing.
  • Advanced
    • All features from Standard Edition
    • Identity Bridging - Cert and SAML to Kerberos / Headers.
    • DMZ AuthN / Edge auth- user and device auth - Certificate/Smart Card, SecurID, RADIUS.
    • Web Reverse Proxy - without AuthN.
  • Enterprise
    • All features from Advanced Edition
    • High Availability
    • End Point Compliance
    • Web Reverse proxy - with AuthN

For this deployment licenseEdition=Enterprise is set on the INI file under [General] section, as this will be the license used on this exercise.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.