Unified Access Gateway can be deployed either by using the vSphere Web Client or PowerShell scripts. In either method, you must configure some parameters for the deployment. The information provided here helps you understand some of the configuration parameters that are used during the PowerShell deployment.
Configuration Parameter | Description |
---|---|
osLoginUsername |
This setting is present in the [General] section of the .ini file. Enter a customized username of the high privilege user during Unified Access Gateway deployment. Maximum length of the username is When this user is configured, the root login is deactivated. |
osMaxLoginLimit |
This setting is present in the [General] section of the .ini file. Allows you to configure the limit on concurrent logins of Unified Access Gateway local console using high privileged non-root user.The default value is
Note: This configuration is effective only when non-root user (osLoginUsername) is configured for
Unified Access Gateway local console login. There is no limit on the concurrent logins of root user.
|
sshEnabled | This setting is present in the [General] section of the .ini file. When set to true , this parameter automatically enables SSH access on the deployed appliance.When sent to
Note: VMware does not generally recommend enabling SSH on
Unified Access Gateway except in certain specific situations and where access can be restricted. If root console access is required for Amazon AWS EC2 deployments, SSH can be enabled. For more information on Amazon AWS EC2, see
Unified Access Gateway PowerShell Deployment to Amazon Web Services at
VMware Docs.
Enabling SSH access on Unified Access Gateway deployments for vSphere, Hyper-V, or Microsoft Azure is not generally required as console access with those platforms can be used. In cases where SSH is enabled, TCP port 22 access must be restricted in firewalls or security groups to source IP addresses of individual administrators. EC2 supports this restriction in the EC2 Security Group associated with the Unified Access Gateway network interfaces. |
sshPort |
This setting is present in the [General] section of the Configure the port on which SSH is enabled. The default value is |
sshInterface | This setting is present in the [General] section of the Configure the network interface on which SSH login is enabled. By default, SSH is enabled on all the interfaces. The supported values are |
syslogType | Enables syslog configuration. |
Custom configuration setting | The custom configuration values that must be added to the systemd.network files can be provided in the following format: SectionName^Parameter=Value . An example of a custom configuration entry is DHCP^UseDNS= Using the same format, you can add multiple such systemd.network configuration entries separated by semi-colons. Example of custom configuration values for the eth (0,1, and 2) is included in the General section of the sample .ini file. |
rootSessionIdleTimeoutSeconds | Duration (in seconds) for which the Unified Access Gateway console session has been idle. After this timeout, the console logs out automatically. Default value of this parameter when logging into Unified Access Gateway using SSH on Microsoft Azure is For Serial console session, the default value is The maximum value of this parameter is |
rootPasswordExpirationDays | Password expiration policy for the root users. The default password expiration time is To prevent password expiry, the expiration time can be set to |
passwordPolicyMinLen | Minimum length of the root user password. The default value of this parameter is The maximum value of this parameter is |
passwordPolicyMinClass | Minimum number of classes of character types that can be used to configure the root password complexity. The classes of character types are as follows: uppercase, lowercase, digits, and others. The default value is This parameter can be configured with the following values: If the parameter has the default value, then you can use characters from all the four classes. If the parameter value is |
passwordPolicyFailedLockout | Number of failed login attempts allowed for the root user to access the Unified Access Gateway console. The default value is |
passwordPolicyUnlockTime | Duration for which the Unified Access Gateway console is locked out after the configured number of failed login attempts by the root user. After the lockout, the Unified Access Gateway console is unlocked and the root user can access the console. The default value is |
adminpasswordPolicyMinLen | Minimum length of the admin user password. The default value of this parameter is The maximum value of this parameter is |
adminpasswordPolicyFailedLockoutCount | Number of failed login attempts allowed for the admin user to access the Unified Access Gateway admin UI. The default value is |
adminpasswordPolicyUnlockTime | Duration (in minutes) for which the Unified Access Gateway admin UI is locked out after the configured number of failed login attempts by the admin user. After the lockout, the Unified Access Gateway admin UI is unlocked and the admin user can access the UI. The default value is |
adminSessionIdleTimeoutMinutes | Duration (in minutes) for which the Unified Access Gateway admin UI session has been idle. After this timeout, the admin UI logs out automatically. The default value is The maximum value is If the parameter value is |
adminMaxConcurrentSessions | This setting is present in the [General] section of the .ini file. Allows you to configure limit on concurrent admin sessions. The default value is The supported range is When this value is set to If you want to create a new session when the number of concurrent sessions already hit the limit, the system will invalidate the least recently used session. |
sshLoginBannerText | Option to customize the banner text displayed when logging into Unified Access Gateway using SSH or the vSphere Client's Web Console. This option can be configured only at the time of deployment. If you do not configure this parameter, the default text displayed is VMware EUC Unified Access Gateway. Only ASCII characters are supported in the customized text. For multi-line banner texts, |
secureRandomSource | Allows you to configure the secure random bit generator source used by Java processes for cryptographic functions. This option can be configured only at the time of deployment. Supported values are: |
dsComplianceOS | This setting is present in the [General] section of the Default value is When set to
Note: This setting must be used with the FIPS version when DISA STIG OS compliance is required.
|