Deploying Unified Access Gateway with vSphere

In this section, you explore the vSphere Admin UI and learn how to deploy an OVF Template by configuring the necessary fields for the Unified Access Gateway. You deploy the Unified Access Gateway in a one-NIC configuration, meaning that the Internet-facing, internal-facing, and management networks all reside on a single NIC.

1. Deploying the OVF Template

Deploying UAG OVF Template
  1. Click the VMs and Templates tab.
  2. Right-click the Region named RegionA01.
  3. Click Deploy OVF Template.

1.1. Uploading OVF Template

Uploading OVF Template
  1. Select Local File.
  2. Click Browse.

1.1.1. Select the OVF File

  1. Click Documents.
  2. Click HOL.
  3. Click Unified Access Gateway.
  4. Select the euc-unified-access-gateway-3.3.0.0-#####.ova file.
  5. Click Open.

1.1.2. Continue after OVF File Selected

Click Next.

1.2. Select Name and Location

Select Name and Location
  1. Enter UAG-1NIC for the Name.
  2. Select RegionA01.
  3. Click Next

1.3. Select a Resource

Select a resource
  1. Select RegionA01-COMP01.
  2. Click Next.

1.4. Review Details

Review details

Review the details here, these items will be updated as you complete the OVF Template wizard.

Click Next

1.5. Select Configuration

Select configuration
  1. Select Single NIC.
  2. Click Next.

Note: The Dropdown menu provides a short description of each configuration and sizing of the UAG VM. In this module, the Single NIC configuration means all traffic to the UAG will be received on the same interface regardless of the source and the Admin UI will run on the same NIC over port 9443.

Selecting Two NICs will direct traffic from external networks to the public interface and traffic from within the network to an internal interface. The Admin UI will runs on the same internal interface.

Selecting Three NICs will direct traffic from external networks to the public interface and traffic from within the network to an internal interface.  In this configuration, the Admin UI will run on a separate, dedicated Network Interface. When selecting multiple NICs, you must then configure the corresponding network values for each NIC in the Setup Networks and Customize Template sections later in the wizard.

Customers who require multiple NICs typically follow this same protocol for other web application servers within their organization. For more information on deploying the UAG with multiple NICs, please see the UAG Guide located here.

1.6. Select Storage

Select storage
  1. Select Thin provision for the virtual disk format.
  2. Select the RegionA01-ISCSI01-COMP01 datastore.
  3. Select Next.

1.7. Select Networks

Select networks
  1. Select the VM-DMZ-RegionA01-vDS-COMP destination network for ManagementNetwork source.
  2. Select the VM-DMZ-RegionA01-vDS-COMP destination network for BackendNetwork source.
  3. Select the VM-DMZ-RegionA01-vDS-COMP destination network for Internet source.
  4. Click Next

NOTE: We already selected a Single NIC configuration, meaning the Internet, Management and Backend traffic all goes through a Single NIC, however this step of the wizard asks for three destination networks which can lead to some confusion when you are configuring the UAG for the first time. Since this is a single NIC deployment, you just need to select the same Network for all the Source Networks.

1.8. Configure CIEP Settings

Customize Template 1 of 4
  1. Unckeck the Join CEIP option.
  2. Click the Networking Properties dropdown to expand these options.
  3. Scroll down.

1.9. Configure Networking Settings

Customize Template 2 of 4
  1. Enter 192.168.110.10 for the DNS server addresses.
  2. Enter STATICV4 for the IPMode for NIC 1.
  3. Enter 192.168.110.1 for the IPv4 Default Gateway.
  4. Enter 192.168.110.150 for the NIC 1 (eth0) IPv4 Address.
  5. Scroll down to configure additional settings.

1.10. Configure Additional Networking Settings

Customize Template 3 of 4
  1. Enter 255.255.255.0 for the NIC1 (eth0) IPv4 netmask.
  2. Enter UAG-1NIC for the Unified Gateway Appliance Name.
  3. Click the Password Options dropdown to expand these settings.
  4. Scroll down to find the Password Options section.

1.11. Configure Password Settings

Customize Template 5 of 4
  1. Enter VMware1! for the admin user, which enabled REST API access.
  2. Reenter VMware1! to confirm the password.
  3. Enter VMware1! for the root user password of the Unified Access Gateway Virtual Machine.
  4. Reenter VMware1! to confirm the password.
  5. Click Next.

1.12. Ready to Complete

Ready to complete

Review all the settings entered in the Network Mapping and Properties to ensure there are no errors.

Click Finish

2. Accessing the Task Console

Accessing the Task Console

You can follow the status of the OVF deployment through the Task Console.

  1. Click the Home icon
  2. Click Tasks

2.1. Monitoring OVF Import and Deployment

Monitoring OVF Import and Deployment
  1. Wait until the Deploy OVF package and Deploy OVF Template tasks
    NOTE - Due to Hands on Labs limitations, this installation will run for several minutes before completing.  Please allow the tasks to complete before continuing.
  2. Click Back once the tasks have completed.

2.2. Handling a Failed OVF Deploy (IF NEEDED)

Deployment error

If your Import OVF package task fails with the error "Failed to deploy OVF package" on the Tasks Console, you should restart the deployment by returning to step Deploying the OVF Template.

3. Power on UAG Appliance

Power on UAG Appliance
  1. Expand RegionA01-COMP01
  2. Select the UAG-1NIC virtual machine.
  3. Click the Summary tab.
  4. Click the Power On icon.  Wait for the virtual machine to power on.
    NOTE: If the Power On icon is not clickable, you may need to refresh the page first!
  5. Click the Refresh icon to check the status of the virtual machine.  The IP Addresses field will populate once it is powered on.
  6. The screen will appear as the blue login page as soon the initialization completes.
  7. The IP address 192.168.110.150 will be assigned to this virtual machine.

NOTE - Do NOT continue to the next step until the VM receives the associated IP address!  This may take 1-2 minutes.

4. Navigate to the UAG Admin UI Login

UAG Admin UI Login

NOTE: The page may say it is unavailable when you try attempting to connecting. This is because the Unified Access Gateway appliance service is still starting up and may take a minute or two before it is available.  

  1. Click the New Tab button.
  2. Enter https://uag.corp.local:9443/admin for the URL and press ENTER.
  3. Click the Advanced link.
  4. Accept the security exception and click the Proceed to uag.corp.local (unsafe) link.

NOTE: The connection is not private because no SSL Certificate has been supplied for our Unified Access Gateway.  We will access the Admin Console to supply a SSL certificate now.  Other Hands on Labs Modules will cover how to deploy Unified Access Gateway with a SSL Certificate in order to skip this step.

5. Login to the UAG Admin UI

UAG Login
  1. Enter admin for the username.
  2. Enter VMware1! the password created for the Admin API in the Deploy OVF Wizard.
  3. Click Login.

6. UAG Import and Configuration Settings

Successful login

A successful login will redirect you to the following screen, where you can import settings or manually configure the UAG appliance.

Click Select for Configure Manually.

7. Configuring TLS/SSL Certificates for Unified Access Gateway Appliances

Configuring TLS/SSL Certificates for Unified Access Gateway Appliances

Click the Gear icon for TLS Server Certificate Settings under Advanced Settings.

TLS/SSL is required for client connections to Unified Access Gateway appliances. Client-facing Unified Access Gateway appliances and intermediate servers that terminate TLS/SSL connections require TLS/SSL server certificates.

TLS/SSL server certificates are signed by a Certificate Authority (CA). A CA is a trusted entity that guarantees the identity of the certificate and its creator. When a certificate is signed by a trusted CA, users no longer receive messages asking them to verify the certificate, and thin client devices can connect without requiring additional configuration. A default TLS/SSL server certificate is generated when you deploy a Unified Access Gateway appliance.

Up to this point the UAG Appliance is using the default certificate, which is not signed by a trusted CA.

7.1. Configuring Type of Certificate

Configuring Type of Certificate
  1. Enable the Admin Interface option.
  2. Enable the Internet Interface option.
  3. Select PFX for the Certificate Type.
  4. Click the Select link to upload a PFX.

7.2. Select PFX Certificate

  1. Click Documents.
  2. Click HOL.
  3. Click Unified Access Gateway.
  4. Click wildcard_corp_local.pfx.
  5. Click Open.

7.3. Enter Certificate Password and Save

  1. Enter VMware1! for the certificate password.
  2. Click Save

7.4. UAG Certificate Changed

Certificate changed

You will receive a message stating that the Internet facing interface certificate was changed.  You will need to reload the Admin UI to see the changes you have made.

  1. Click the Close button on the UAG Admin UI browser tab.
  2. Click the New Tab button.

7.5. Validating Certificate installation

Certificate Validation

Enter https://uag.corp.local:9443/admin for the URL and press ENTER to return to the Unified Access Gateway Admin Console.

You should no longer see a certificate error on the Browser navigation bar, confirming that the certificate upload was successful.

0 Comments

Add your comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.