Deploying Unified Access Gateway Appliance
Now that you have configured the ini file for your UAG deployment, you will run the uagdeploy.ps1 PowerShell script and provide this ini file as the configuration to automate the deployment.
1. Open PowerShell window
Click on the PowerShell icon
2. Deploying Unified Access Gateway Appliance via PowerShell
As the scripts starts a couple questions will be asked, follow the steps below in order to provide the correct information.
cd '.\Desktop\UAG Resources'then press
.\uagdeploy.ps1 .\uag-Cert-to-Kerberos.ini VMware1! VMware1! false false nothen press
ENTER.The first VMware1! is the root password for the UAG appliance
The second VMware1! is the admin password for the REST API management access
The first false is to NOT skip the validation of signature and certificate
The second false is to NOT skip SSL verification for the vSphere connection
The no is to not join the VMware CEIP program
AirWatchas the password for the SSLcert and SSLcertAdmin fields when prompted.
VMware1!as the password to access AirWatch API
To avoid password request for the certificate, remove the pfxCerts values and provide a PEM certificate, set the pemCerts and pemPrivKey for the SSLCert and SSLCertAdmin sections of the INI file.
The deployment starts and you can follow the progress on the same window or on your vSphere Web Client.
3. Confirm the PowerShell Script Deployment Completes
- Confirm the UAG deployment completed successfully. The Completed successfully text will be shown in the output.
- Click Close.
After successfully finalized the deployment the script will automatic Power on the VM UAG-CERT.
The Received IP address presented by the script log is a temporary IP, the final IPs for NIC one and NIC two will be assigned to the UAG appliance during the first start. You can return to the vSphere Web Client to validate that as described on the next step.
4. Validate Unified Access Gateway Deployment
Return to the vSphere Web Client tab in Google Chrome.
- If you do not see the UAG-CERT VM under Nested_Datacenter, you may need to click Refresh.
- Click on UAG-CERT.
- Click the Summary tab.
- Click on View all 2 IP addresses.
- The IP Addresses should show:
Note - In case the UAG appliance have not finalized the configuration during the first startup, you will receive a error message from vSphere Web Client. If that happen wait for the Appliance to finalized and refresh the whole Chrome Browser.
5. Login on UAG Admin UI
- Click the New Tab button to open a new tab
- Browse to
https://uagmgt-int.airwlab.com:9443/adminor click on the UAG Internal Admin Console bookmark
adminfor the username
VMware1!for the password (created for the Admin API in Deploy OVF Wizard)
- Click Login
6. Validate Configuration Settings
A successful login will redirect you to the following screen.
7. Confirm ITBUDGET Reverse Proxy Instance is Running
Following the steps below to see that a Web Reverse Proxy instance named ITBUDGET has been automatically configured, later you will enable Identity Bridging feature for this Instance.
- Click SHOW, after you click it will switch to HIDE
- Click on the arrow down
NOTE: It will take a couple minutes for the VMware Tunnel Service to come up and show Green on this screen.
8. Testing Tunnel Proxy Connection
Return to Workspace ONE UEM Console to perform a Test Connection between Tunnel Proxy and Workspace ONE UEM API, AWCM and Device Service.
- Click on Groups & Settings.
- Click on All Settings,
8.1. Perform Test Connection for Tunnel Proxy
- Click System
- Click Enterprise Integration
- Click VMware Tunnel
- Click Configuration
- Click Test Connection