Unified Access Gateway can be deployed either by using the vSphere Web Client or PowerShell scripts. In either method, you must configure some parameters for the deployment. The information provided here helps you understand some of the configuration parameters that are used during the PowerShell deployment.
Configuration Parameter | Description |
---|---|
sshEnabled | This setting is present in the [General] section of the .ini file. When set to true , this parameter automatically enables SSH access on the deployed appliance.When sent to
Note: VMware does not generally recommend enabling SSH on
Unified Access Gateway except in certain specific situations and where access can be restricted. If root console access is required for Amazon AWS EC2 deployments, SSH can be enabled. For more information on Amazon AWS EC2, see
Unified Access Gateway PowerShell Deployment to Amazon Web Services at
VMware Docs.
Enabling SSH access on Unified Access Gateway deployments for vSphere, Hyper-V, or Microsoft Azure is not generally required as console access with those platforms can be used. In cases where SSH is enabled, TCP port 22 access must be restricted in firewalls or security groups to source IP addresses of individual administrators. EC2 supports this restriction in the EC2 Security Group associated with the Unified Access Gateway network interfaces. |
syslogType | Enables syslog configuration |
Custom configuration setting | The custom configuration values that must be added to the systemd.network files can be provided in the following format: SectionName^Parameter=Value . An example of a custom configuration entry is DHCP^UseDNS= Using the same format, you can add multiple such systemd.network configuration entries separated by semi-colons. Example of custom configuration values for the eth (0,1, and 2) is included in the General section of the sample .ini file. |
rootPasswordExpirationDays | Password expiration policy for the root users. The default password expiration time is To prevent password expiry, the expiration time can be set to |
passwordPolicyMinLen | Minimum length of the root user password. The defalut value of this parameter is The maximum value of this parameter is |
passwordPolicyMinClass | Minimum number of classes of character types that can be used to configure the root password complexity. The classes of character types are as follows: uppercase, lowercase, digits, and others. The default value is This parameter can be configured with the following values: If the parameter has the default value, then you can use characters from all the four classes. If the parameter value is |
passwordPolicyFailedLockout | Number of failed login attempts allowed for the root user to access the Unified Access Gateway console. The default value is |
passwordPolicyUnlockTime | Duration for which the Unified Access Gateway console is locked out after the configured number of failed login attempts by the root user. After the lockout, the Unified Access Gateway console is unlocked and the root user can access the console. The default value is |
adminpasswordPolicyMinLen | Minimum length of the admin user password. The defalut value of this parameter is The maximum value of this parameter is |
adminpasswordPolicyFailedLockoutCount | Number of failed login attempts allowed for the admin user to access the Unified Access Gateway admin UI. The default value is |
adminpasswordPolicyUnlockTime | Duration (in minutes) for which the Unified Access Gateway admin UI is locked out after the configured number of failed login attempts by the admin user. After the lockout, the Unified Access Gateway admin UI is unlocked and the admin user can access the UI. The default value is |
adminSessionIdleTimeoutMinutes | Duration (in minutes) for which the Unified Access Gateway admin UI session has been idle. After this timeout, the admin UI logs out automatically. The default value is The maximum value is If the parameter value is |
sshLoginBannerText | Option to customize the banner text displayed when logging into Unified Access Gateway using SSH or the vSphere Client's Web Console. This option can be configured only at the time of deployment. If you do not configure this parameter, the default text displayed is VMware EUC Unified Access Gateway. Only ASCII characters are supported in the customized text. For multi-line banner texts, |
secureRandomSource | Allows you to configure the secure random bit generator source used by Java processes for cryptographic functions. This option can be configured only at the time of deployment. Supported values are: |