The Compute Engine PowerShell deployment script for Unified Access Gateway reads all configuration settings from a .ini configuration file. This section describes the .ini file format and shows examples of the settings that can be used for the deployment.

Most sections of the .ini file are identical to the standard .ini settings for Unified Access Gateway as supported for all the other hypervisor deployments.

For more information about the .ini file, see the Using PowerShell to Deploy the Unified Access Gateway Appliance section in the Deploying and Configuring VMware Unified Access Gateway documentation at VMware Docs.

  1. In the .ini file, add a new group, [GoogleCloud] and the necessary settings specific to Google Cloud Platform.
    Note: For Google Cloud Platform deployments, the following settings in the General section are not used:
    • diskMode
    • ds
    • folder
    • netInternet
    • netManagementNetwork
    • netmask0
    • netmask1
    • netmask2
    • netBackendNetwork
    • source
    • target
    • All IPv4 settings
    • All IPv6 settings

The following table lists the settings (Value Name) that are required for the Google Cloud Platform deployment. The table also includes examples and indicates which of these settings are mandatory and optional.

Group Value Name Example Description Mandatory/Optional
[GoogleCloud] projectId projectId=my-project The Google Cloud Platform project ID used for creating a new Unified Access Gateway instance.

If the project ID is not provided, the project from active configuration in the Cloud SDK is used.

 Optional
imageName imageName=euc-unified-access-gateway-22-12-0-0-42741890 Name of the imported appliance image in the Compute Engine from which a new instance must be created. Mandatory
imageProjectId imageProjectId= (image-host-project) The Project that hosts the compute image imageName. If not specified, default projectId is used for looking up the compute image. Optional
machineType machineType=e2-standard-4 Indicates the Compute Engine machine type.

Default value of machineType is e2-standard-4.

Note: Ensure that the machineType specified is appropriate for the number of Unified Access Gateway NICs required.

For example: e2-standard-2 supports one NIC or two NIC deployments but not three NIC. For more information, see Maximum number of network interfaces on Google Cloud documentation.

 Optional
zone zone=us-central1-a Compute Engine zone where new a Unified Access Gateway instance is created.

If the zone value is not provided, the zone from active configuration in the Cloud SDK is used.

 Optional

subnet0

subnet1

subnet2

 subnet0=custom-subnet Subnet on which eth0, eth1, and eth2 NICs of the Unified Access Gateway must be created.
Following are the values of the deploymentOption and the corresponding subnets used:
  • If deploymentOption is set to onenic, then subnet0 is used.
  • If deploymentOption is set to twonic, subnet0 and subnet1 are used.
  • If deploymentOption is set to threenic, subnet0, subnet1, and subnet2 are used.

If a subnet value is not provided, then the PowerShell script uses the default value for the subnet. In a two NIC or three NIC deployment, only a single subnet can use the default value.

 In a two NIC or three NIC deployment, only one of the subnet values can be optional.
vpcHostProjectId vpcHostProjectId= (shared-vpc-host-project) The project that acts as host project when any of the Unified Access Gateway NICs is configured from shared VPC. To configure a given subnet on shared VPC, set the sharedVpcForSubnet<n> flag to true, where, n is the NIC number. Optional

sharedVpcForSubnet0

sharedVpcForSubnet1

sharedVpcForSubnet2

 
sharedVpcForSubnet0=true
sharedVpcForSubnet1=false
sharedVpcForSubnet2=false
 If vpcHostProjectId is specified, this flag indicates whether a given subnet is created in shared VPC. If vpcHostProjectId is not specified, this field is ignored. The default value is false. Optional

privateIPAddress0

privateIPAddress1

privateIPAddress2

privateIPAddress0=10.30.11.213 Internal IP address for the NIC.

This setting can be used to attach eth0, eth1, and eth2 of the Unified Access Gateway with static internal IP addresses from Google Cloud's VPC network.

If the value of privateIPAddress is not provided, Compute Engine attaches the corresponding NIC with a dynamic internal IP address.

For example: consider a two NIC deployment
  • eth0 is attached with a static internal IP address.
  • eth1 receives an internal IP address attached dynamically.
Both IP addresses remain attached to the Unified Access Gateway instance until the instance is deleted.
Optional

publicIPAddress0

publicIPAddress1

publicIPAddress2

publicIPAddress0=eipalloc-027afa45f34984c87

publicIPAddress1=no-address

 External IP address for the NIC

This setting can be used to attach eth0, eth1, and eth2 of the Unified Access Gateway with reserved external IP addresses from Google Cloud's VPC network.

If the value of publicIPAddress is not provided, Compute Engine attaches the corresponding NIC with a dynamic external IP address.

To prevent a NIC from attaching with an external IP address, use no-address as the value.

In the example, consider a three NIC deployment:
  • eth0 is attached with a static external IP address.

    The static external IP address remains attached to this NIC until the instance is deleted (or reservation is removed).

  • eth1 is not attached with any external IP address.
  • eth2 receives an external IP address attached dynamically.

    The external IP address is released when the instance is stopped or terminated.

 Optional
labels labels=label0=value0,label1=value1 Labels associated with a Unified Access Gateway instance.

By default, name=$uagName label is associated with a Unified Access Gateway instance by the PowerShell script.

 Optional
tags tags=tag0,tag1 Tags associated with a Unified Access Gateway instance.

By default, https-server tag is associated with the Unified Access Gateway instance by the PowerShell script.

 Optional
serviceAccount serviceAccount=51841023978-compute@prod.gserviceaccount.com A service account is an identity attached to the Unified Access Gateway instance.

The service account's access tokens can be accessed through the Unified Access Gateway instance metadata server and are used to authenticate applications on the instance. The account can be set using an email address corresponding to the required service account.

If the service account is not provided, the Unified Access Gateway instance uses the project's default service account.

 Optional

Example 1: INI File Definition for deploying Unified Access Gateway to Google Cloud Platform

[General]
name=uag1
deploymentOption=onenic
sshEnabled=true

[GoogleCloud]
projectId=my-project
imageName=euc-unified-access-gateway-22-12-0-0-42741890
zone=us-central1-a
subnet0=uag-front-network

[Horizon]
proxyDestinationUrl=https://myhorizon.example.com

Example 2: INI File Definition for deploying Unified Access Gateway to Google Cloud Platform

[General]
name=uag2
deploymentOption=twonic
sshEnabled=true
routes1=10.20.0.0/16 10.2.0.1

[GoogleCloud]
projectId=my-project
imageName=euc-unified-access-gateway-22-12-0-0-42741890
imageProjectId=my-image-hosting-project
zone=us-central1-a
vpcHostProjectId=my-sharedvpc-host-project
subnet0=uag-front-network
sharedVpcForSubnet0=true
subnet1=uag-back-network
sharedVpcForSubnet1=false

[Horizon]
proxyDestinationUrl=https://myhorizon.example.com