You can prepare the Azure environment before deployment.


  1. Add a group named Azure Resource Group in to which Unified Access Gateway appliances will be deployed. It can either be done using the Azure Portal web interface, or by running the PowerShell command as in this example:
    $location="uk south"
    New-AzureRmResourceGroup -Name $resourceGroup -Location $location
  2. Add a storage account, and a blob container called vhds within that storage account. It is to store the Unified Access Gateway images. It can be done using the Azure Portal web interface, or by running the PowerShell commands as in this example:
    New-AzureRmStorageAccount -ResourceGroupName $resourceGroup -AccountName uagstore `
    -Location $location -SkuName Standard_LRS
    New-AzureRmStorageContainer -Name vhds -ResourceGroupName $resourceGroup `
    -StorageAccountName uagstore
  3. Create a Virtual Network with a default subnet.
    New-AzureRmVirtualNetwork -Name VirtualNetwork -ResourceGroupName $resourceGroup ` 
    -Location $location -AddressPrefix ""
  4. Alternatively, the virtual network can have specified subnets so they can be specified as follows.
    $frontendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name frontendSubnet `
    -AddressPrefix ""
    $backendSubnet = New-AzureRmVirtualNetworkSubnetConfig -Name backendSubnet `
    -AddressPrefix ""
    New-AzureRmVirtualNetwork -Name VirtualNetwork -ResourceGroupName $resourceGroup `
    -Location $location -AddressPrefix "" -Subnet $frontendSubnet,$backendSubnet
  5. If the Unified Access Gateway appliance is to be directly accessed from the Internet, add a security group called UAGInternetSG to control the inbound port access from the Internet to each Unified Access Gateway. It can be done through the portal or with PowerShell. This security group can be shared by several Unified Access Gateway appliances. For example with the Horizon access, allow the following ports:
    • HTTPS - TCP 443
    • HTTP - TCP 80
    • Blast -TCP 8443
    • Blast/BEAT UDP 8443
    • UDP Tunnel - UDP 443
    • PCoIP - TCP and UDP 4172
  6. Optionally add a public IP address object.
    New-AzureRmPublicIpAddress -Name UAG1PublicIP -ResourceGroupName $resourceGroup `
    -AllocationMethod Static -Location $location


The objects are displayed in the Azure portal.