Deploying Unified Access Gateway with PowerShell

You can deploy and configure the Unified Access Gateway through the vCenter Web Client, however, the preferred method is to use the provided uagdeploy.ps1 PowerShell script with an INI file (.ini) to automatically deploy and configure the Unified Access Gateway to your specifications. This has several benefits over manual deployment:

  1. Documented Configuration: The INI file serves as a list of initial configurations you made to your Unified Access Gateway, allowing you to easily repeat this process with other Unified Access Gateway deployments.
  2. Eliminate Manual Misconfigurations: By removing the amount of manual input during the deployment process, there is less risk in accidentally misconfiguring the Unified Access Gateway.

1. Components of Deploying Unified Access Gateway with PowerShell

There are three main components when deploying Unified Access Gateway with PowerShell:

  1. uagdeploy PowerShell Script: The uagdeploy.ps1 script is available from https://my.vmware.com/en/web/vmware/downloads/.  This script is used deploy the Unified Access Gateway OVA with the specifications provided in your INI file.
  2. INI File: The INI (.ini) file will specify where the Unified Access Gateway appliance will be deployed, which storage will be used, networking details, device name, and more.
  3. Unified Access Gateway OVA: The Unified Access Gateway OVA, or image, that will be deployed by the uagdeploy.ps1 script.

These files have already been downloaded for you. Let's begin by reviewing the INI file you will use for this exercise.

2. Configure the INI File for Deployment

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome
  1. Click the File Explorer icon on the task bar.
  2. Click Documents.
  3. Click HOL.
  4. Click Unified Access Gateway.
  5. Right-Click the uag-2NIC - filled.ini file.
  6. Click Edit with Notepad++.

2.1. Update IP0 in the INI File

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome

One change to the INI is required for this exercise:

  1. Edit line 18 from ip0=192.168.110.160 to be ip0=192.168.110.150 (change .160 to .150)
  2. Click Save.

Feel free to peruse the INI file for other configurations and continue when you are ready. For further explanation, the INI file is declaring the following:

[General]

  • The device will be named UAG-2NIC
  • The file path to the Unified Access Gateway OVA we wish to deploy is provided
  • The vCenter target (RegionA01/host/RegionA01-COMP01) is provided with login credentials already set
  • The disk will be in Thin format
  • The datastore will use ESX01a-Local
  • The Unified Access Gateway will be deployed in a 2 NIC configuration, allowing 1 NIC to be internet-facing and 1 NIC to be internal-facing to separate the traffic. This is the standard and recommended deployment method for Unified Access Gateway
  • IPv4 (STATICV4) will be used and we define our default gateway, routes, DNS, IP addresses and netmasks for NIC1 and NIC2. Since we only have 1 VM network in this vSphere instance, the Internet, Management, and BackendNetworks are all using the same network.

[SSLCert] and [SSLCertAdmin]

  • The SSLCert and SSLCertAdmin section provide the .pem certificiates and private keys which will be used to configure the services and admin console of the device.

 

3. Deploying the Unified Access Gateway Appliance with PowerShell

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome

Click the PowerShell icon on the task bar.

3.1. Running the uagdeploy.ps1 PowerShell Script

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome

NOTE: Remember that you can highlight the below commands and drag-and-drop them into the Console window to paste these into PowerShell for easier typing!

  1. Navigate to the Unified Access Gateway directory: cd 'C:\users\Administrator\Documents\HOL\Unified Access Gateway'
  2. Enter .\uagdeploy.ps1 '.\uag-2NIC - filled.ini' VMware1! VMware1! false false no and press ENTER.
    The '.\uag-2NIC - filled.ini' refers to the INI file you edited previously that contains the configuration details for the Unified Access Gateway appliance.
    The first VMware1! is the root password for the Unified Access Gateway appliance.
    The second VMware1! is the admin password for the REST API management access.
    The first false is to NOT skip the validation of signature and certificate.
    The second false is to NOT skip SSL verification for the vSphere connection.
    The no is to not join the VMware CEIP program.
  3. If successful, you will see the Disk progress: #% indicator showing the OVA upload progress to vSphere.

3.2. Confirm the PowerShell Script Deployment Completed

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome

After finishing the deployment, the script will automatically power on the UAG-2NIC virtual machine.

Note that the initial received IP address presented by the script log is a temporary IP. The final IPs for NIC1 and NIC2 are assigned to the Unified Access Gateway appliance during the first boot.

Confirm that you see the UAG virtual appliance UAG-2NIC deployed successfully message, then continue to the next step.

4. Validate the Deployment in vSphere

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome
  1. Click Google Chrome to return to the vSphere Client.
  2. Click the VMs and Templates view.
  3. Expand RegionA01 if it is collapsed.
  4. Click the UAG-2NIC virtual machine to select it.
  5. Click View all 2 IP addresses.
  6. Confirm that the 2 IP addresses listed as 192.168.120.160 and 192.168.110.150. If the IPs are not showing yet, you may need to click the Refresh button.

5. Login to the Unified Access Gateway Administration Console

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome
  1. Click the New Tab button.
  2. Browse to the internal-facing NIC (192.168.120.160) which hosts the administration console at https://uag-intranet.corp.local:9443. Alternatively, you can click the UAG bookmark folder and click UAG Admin Console.
  3. Enter admin for the username.
  4. Enter VMware1! for the password (this password was specified during the PowerShell deployment).
  5. Click Login.

5.1. Select Configure Manually

HOL-2151-09-DWS - Workspace ONE UEM - Getting Started with the Digital Workspace | Lab Console | VMware Learning Platform - Google Chrome

A successful login redirects you to the following screen where you can import settings from other Unified Access Gateway configurations or configure the device manually.

Click Select under Configure Manually.

0 Comments

Add your comment

E-Mail me when someone replies to this comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.