Deploying the Unified Access Gateway Appliances
Now that you had reviewed the INI files for both Unified Access Gateway deployments, you can run the uagdeploy.ps1
Powershell script to deploy each appliance.
Since you are deploying two appliances, the script will be executed twice, passing the correspondent INI file for each deployment.
1. Launch PowerShell
Click the PowerShell icon located on the Windows task bar.
2. Navigate to the Unified Access Gateway Resources Directory
Navigate to the Unified Access Gateway Resources Directory under the desktop user folder by entering cd '.\Desktop\UAG Resources'
and then press Enter
.
3. Deploying UAG-HA1 appliance
As the script starts, a couple of questions ask you to provide the following information.
- Enter
.\uagdeploy.ps1 .\uag-HA1.ini VMware1! VMware1! false false no
- The first VMware1! is the root password for the Unified Access Gateway appliance.
The second VMware1! is the admin password for the REST API management access.
The first false is to NOT skip the validation of signature and certificate.
The second false is to NOT skip SSL verification for the vSphere connection.
The no is to not join the VMware CEIP program. - Enter
A1rW@tch!
as the password for the SSLcert and SSLcertAdmin fields when prompted.
To avoid a password request for the certificate, remove the pfxCerts values and provide a PEM certificate, and set the pemCerts and pemPrivKey for the SSLCert and SSLCertAdmin sections of the INI file.
The deployment will begin and you can follow the progress in the same window or in your vSphere Web Client, which you opened at the beginning of this set of exercises.
4. Confirm that the PowerShell Script Deployment Completes for UAG-HA1
After successfully finalizing the deployment, the script will automatically power on the UAG-HA1 VM.
The Received IP address presented by the script log is a temporary IP. The final IPs for NIC 1 and NIC2 are assigned to the Unified Access Gateway appliance during the first boot. You can return to the vSphere Web Client to validate that as described in the next step.
5. Deploying UAG-2 appliance
Now, you will deploy the second appliance, called UAG-HA2, passing the uag-HA2.ini
file as parameter.
- Enter
.\uagdeploy.ps1 .\uag-HA2.ini VMware1! VMware1! false false no
- The first VMware1! is the root password for the Unified Access Gateway appliance.
The second VMware1! is the admin password for the REST API management access.
The first false is to NOT skip the validation of signature and certificate.
The second false is to NOT skip SSL verification for the vSphere connection.
The no is to not join the VMware CEIP program. - Enter
A1rW@tch!
as the password for the SSLcert and SSLcertAdmin fields when prompted.
To avoid a password request for the certificate, remove the pfxCerts values and provide a PEM certificate, and set the pemCerts and pemPrivKey for the SSLCert and SSLCertAdmin sections of the INI file.
The deployment starts and you can follow the progress on the same window or on your vSphere Web Client, which you opened at the beginning of this set of exercises.
6. Validate the Deployment
- Click VM and Templates.
- Click UAG-HA1.
- Click View all 2 IP addresses. Note the IP Addresses displayed for the VM.
Repeat steps #2 and #3 for UAG-HA2, the IP addresses for this appliance should be different from UAG-HA1.
Note: If the Unified Access Gateway appliance does not finalize the configuration during the first startup, you receive an error message from vSphere Web Client. If that happens, wait for the appliance to finalize, and refresh the entire Google Chrome browser.
7. Log In to the Unified Access Gateway Administration Console
- Click the New Tab button to open a new tab.
- Browse to
https://uagha-1.airwlab.com:9443/admin
or click the UAG Internal Admin Console bookmark. - Enter
admin
for the username. - Enter
VMware1!
for the password (created for the Admin API in the Deploy OVF Wizard). - Click Login.
- Repeat steps 1-5, opening a new tab and log in on the second appliance using the following URL
https://uagha-2.airwlab.com:9443/admin
8. Confirm the Unified Access Gateway Administration Console Login on the Internal Network
A successful login redirects you to the following screen on both Appliances, where you can import settings or manually configure the Unified Access Gateway appliance individually.
- Click Select under Configure Manually in the
UAGHA-1
administration console. - Click the tab to return to the
UAGHA-2
administration console. - Click Select under Configure Manually in the
UAGHA-2
administration console.
0 Comments
Add your comment