After configuring the VMware Tunnel in the AirWatch Console and downloading the OVA file, configure the vSphere template.ini file with your virtual appliance settings. The PowerShell script uses the template to configure your virtual appliance deployment.

Watch a tutorial video explaining how to deploy the VMware Tunnel virtual appliance using PowerShell: https://support.air-watch.com/articles/115001666428.

To configure the template.ini:

  1. Download the Unified Access Gateway Using vSphere ZIP from AirWatch Resources ( https://resources.air-watch.com/view/sbfsfykltpqfxhvg9tpy/en).

  2. Unzip the file and locate the template.ini file.
  3. Right click the file and select Open With. Select notepad or your preferred file editor.
  4. Configure the template.ini settings:

    Settings Descriptions
    vSphere Settings
    name=<VIRTUAL_MACHINE_NAME>

    Enter the virtual appliance unique name.

    Example: name=TunnelAppliance

    source=<OVA_FILE_PATH>

    Enter the full file path to the OVA file on your local machine.

    Example: source=C:\access-point.ova

    target=vi://<USERNAME>:PASSWORD@<VSPHEREDOMAIN>/

    <LOCATION/TO/PLACE/APPLIANCE/IN/VSPHERE>

    Enter the vCenter user name and address/hostname.

    Then enter the location to place the appliance in vSphere.

    Do not remove the PASSWORD. PASSWORD in upper case results in a password prompt during deployment so that passwords do not need to be specified in this INI file.

    Example: target=vi://admin@vmware.com:PASSWORD@vsphere.com

    /MyMachines/host/Development/Resources/MyResourcePool

    deploymentOption=<NUMBER_OF_NICS>

    dns=<DNS_IP>

    ip0=<NIC1_IP_ADDRESS>

    ip1=<NIC2_IP_ADDRESS>

    ip2=<NIC3_IP_ADDRESS>

    Enter the number of Network Interface Controllers you want to associate with the appliance for your deployment configuration. Your options are:

    • onenic
    • twonic
    • threenic

    Then enter the address for each NIC you are using. Delete the excess lines if you are not using all three.

    The different IP addresses entered change based on your NIC settings.

    • If you use one NIC, then the IP address is used for all communications.
    • If you use two NICs, then ip0 is for external communications and ip1 is for internal communications.
    • If you use three NICs, then ip0 is for external communications. Ip1 is for the admin UI only and ip2 is for internal communications.

    For best results, consult your network admins. Three NICs provide the most security.

    Example: deploymentOption=threenic

    For dns=, enter the DNS server address to configure the appliance resolv.conf file. If you use multiple DNS servers, enter the addresses separated by a space value. Do not use commas.

    ds=<DATA_STORE_NAME> Enter the name of your vSphere datastore.
    netInternet=<NIC1_IP_NETWORK_NAME> netManagementNetwork=<NIC2_IP_NETWORK_NAME> netBackendNetwork=<NIC3_IP_NETWORK_NAME>

    Enter the vSphere network names. A vSphere Network Protocol Profile must be associated with every referenced network name. This specifies network settings such as IPv4 subnet mask, gateway etc.

    honorCipherOrder=<true_or_false> Enter true to force the TLS cipher order to be the order specified by the server.
    VMware Tunnel Settings
    tunnelGatewayEnabled=<true_or_false>

    Enter true if you are using the VMware Tunnel Per-App Tunnel component.

    Example: tunnelGatewayEnabled=true

    tunnelProxyEnabled=<true_or_false>

    Enter true if you are using the VMware Tunnel Proxy component.

    Example: tunnelProxyEnabled=true

    apiServerUrl=<API_SERVER_URL> Enter the API server URL.
    apiServerUsername=<API_SERVER_USERNAME> Enter the user name of an AirWatch Admin user account. This user is an admin user with API permissions. Consider using an account with Console Administrator privleges.
    organizationGroupCode=<ORGANIZATION_GROUP_CODE> Enter the Organization Group ID the VMware Tunnel is configured for.
    airwatchServerHostname= <HOSTNAME> Enter the hostname or IP address for the virtual appliance. Ensure that this field matches what is entered in the AirWatch Console to prevent installation issues.
    outboundProxyPort=<OUTBOUND_PROXY_PORT>

    Enter the outbound proxy port if you use an outbound proxy for the initial setup API call or for tunnel traffic.

    This field is commented out by default.

    outboundProxyHost=<OUTBOUND_PROXY_HOST> Enter the outbound proxy host if you use an outbound proxy for the initial setup API call or for tunnel traffic.

    This field is commented out by default.

    airwatchOutboundProxy=<true or false> Enter true if you want to route tunnel traffic through an outbound proxy for the initial setup API call or for tunnel traffic.

    This field is commented out by default.

    ntlmAuthentication=<true or false> Enter true if you use NTLM authentication for the initial setup API call or for tunnel traffic.

    This field is commented out by default.

    hostEntry1=<HOSTNAME>

    Enter additional host entries for the appliance. You can add multiple host entries. Increase the number for each entry. For example hostEntry2, hostEntry3, and so on.

    This field is commented out by default.

    trustedCert1=<CERT_FILE_PATH>

    Enter the file path for the trusted certificates. You can add multple trusted certificates. Increase the for each entry. For example, trustedCert2, trustedCert3, and so on.

    This field is commented out by default.

  5. Save the file in the same folder as the PowerShell script and run the PowerShell script.