PowerShell scripts prepare you environment with all the configuration settings. When you run the PowerShell script to deploy Unified Access Gateway, the solution is ready for production on first system boot.

Important:

With a PowerShell deployment, you can provide all the settings in the INI file, and the Unified Access Gateway instance is production-ready as soon as it is booted up. If you do not want to change any settings post-deployment, you need not provide the Admin UI password.

However, both Admin UI and the API are not available if the Admin UI password is not provided during deployment.

Note:

If you do not provide the Admin UI password at the time of deployment, you cannot add a user later to enable access to either the Admin UI or the API. You must redeploy your Unified Access Gateway instance with a valid password if you want to add an Admin UI user.

Prerequisites

  • For a Hyper-V deployment, and if you are upgrading Unified Access Gateway with static IP, delete the older appliance before deploying the newer instance of Unified Access Gateway.

  • Verify that the system requirements are appropriate and available for use.

    This is a sample script to deploy Unified Access Gateway in your environment.

    Figure 1. Sample PowerShell Script

Procedure

  1. Download the Unified Access Gateway OVA from My VMware to your Windows machine.
  2. Download the uagdeploy-XXX.zip files into a folder on the Windows machine.

    The ZIP files are available at https://communities.vmware.com/docs/DOC-30835.

  3. Open a PowerShell script and modify the directory to the location of your script.
  4. Create a .INI configuration file for the Unified Access Gateway virtual appliance.

    For example: Deploy a new Unified Access Gateway appliance AP1. The configuration file is named ap1.ini. This file contains all the configuration settings for AP1. You can use the sample .INI files in the apdeploy.ZIP file to create the .INI file and modify the settings appropriately.

    Note:

    You can have unique .INI files for multiple Unified Access Gateway deployments in your environment. You must change the IP Addresses and the name parameters in the .INI file appropriately to deploy multiple appliances.

    Example of the .INI File to modify.

    [General]
    netManagementNetwork=
    netInternet=
    netBackendNetwork=
    name=
    dns=10.112.64.1
    ip0=10.108.120.119
    diskMode=
    source=
    defaultGateway=10.108.120.125
    target=
    ds=
    authenticationTimeout=300000
    fipsEnabled=false
    uagName=trustedcert
    locale=en_US
    ipModeforNIC3=DHCPV4_DHCPV6
    tls12Enabled=true
    ipMode=DHCPV4_DHCPV6
    requestTimeoutMsec=10000
    ipModeforNIC2=DHCPV4_DHCPV6
    tls11Enabled=true
    clientConnectionIdleTimeout=180
    tls10Enabled=false
    adminCertRolledBack=false
    honorCipherOrder=false
    cookiesToBeCached=none
    healthCheckUrl=/favicon.ico
    quiesceMode=false
    isCiphersSetByUser=false
    tlsPortSharingEnabled=true
    ceipEnabled=true
    bodyReceiveTimeoutMsec=15000
    monitorInterval=60
    cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA
    adminPasswordExpirationDays=90
    httpConnectionTimeout=120
    isTLS11SetByUser=false
    sessionTimeout=36000000
    ssl30Enabled=false
    
    [WebReverseProxy1]
    proxyDestinationUrl=https://10.108.120.21
    trustedCert1=
    instanceId=view
    healthCheckUrl=/favicon.ico
    userNameHeader=AccessPoint-User-ID
    proxyPattern=/(.*)
    landingPagePath=/
    hostEntry1=10.108.120.21 HZNView.uagqe.auto.com
    
    [Horizon]
    proxyDestinationUrl=https://enterViewConnectionServerUrl
    trustedCert1=
    gatewayLocation=external
    disableHtmlAccess=false
    healthCheckUrl=/favicon.ico
    proxyDestinationIPSupport=IPV4
    smartCardHintPrompt=false
    queryBrokerInterval=300
    proxyPattern=(/|/view-client(.*)|/portal(.*)|/appblast(.*))
    matchWindowsUserName=false
    windowsSSOEnabled=false
    
    [SSLCert]
    pemPrivKey=
    pemCerts=
    pfxCerts=
    pfxCertAlias=
    
    [SSLCertAdmin]
    pemPrivKey=
    pemCerts=
    pfxCerts=
    pfxCertAlias=
    
    

  5. To make sure that the script execution is successful, type the PowerShell set-executionpolicy command.
    set-executionpolicy -scope currentuser unrestricted

    You must run this command once and only if it is currently restricted.

    1. (Optional) If there is a warning for the script, run the following command to unblock the warning: unblock-file -path .\uagdeploy.ps1
  6. Run the command to start the deployment. If you do not specify the .INI file, the script defaults to ap.ini.
    .\uagdeploy.ps1 -iniFile ap1.ini
  7. Enter the credentials when prompted and complete the script.
    Note:

    If you are prompted to add the fingerprint for the target machine, enter yes.

    Unified Access Gateway appliance is deployed and available for production.

Results

For more information on PowerShell scripts, see https://communities.vmware.com/docs/DOC-30835.

What to do next

If you want to upgrade Unified Access Gateway while preserving the existing settings, edit the .ini file to change the source reference to the new version and rerun the .ini file: uagdeploy.ps1 uag1.ini. This process can take up to 3 minutes.

[General]
name=UAG1
source=C:\temp\euc-unified-access-gateway-3.2.1-7766089_OVF10.ova

If you want to upgrade with zero service interruption, see Upgrade with Zero Downtime.