The Horizon Unified Access Gateway software is delivered as a single open virtual appliance (OVA) file, named in a format similar to euc-unified-access-gateway-x.x.x.x-yyyyyyy_OVF10.ova. The following steps outline the deployment process:
- If not already installed, install PowerShell, the VMware OVF tool, and VMware PowerCLI on the Windows-based computer you will use to deploy the Horizon Unified Access Gateway.
- If not already extracted, extract the VMware Unified Access Gateway Deployment Script files.
- Make a copy of the uag2-advanced.ini file named uag1.ini; you will customize the copied file for your Horizon deployment.
- Customize the script as shown, using values specific to your Horizon infrastructure. The example provided is for a UAG appliance with 3 network interfaces, which is the recommended deployment:
[General]
name=UAG1
source=C:Tempeuc-unified-access-gateway-3.3.1.0-9451788_OVF10.ova
target=vi://[email protected]:[email protected]/Lab/host/Cluster1/
ds=ESXi01:Local1
diskMode=thin
netInternet=VM Network
netManagementNetwork=VM Network
netBackendNetwork=VM Network
defaultGateway=192.168.76.1
deploymentOption=threenic
ip0=192.168.76.90
netmask0=255.255.255.0
ip1=192.168.76.91
netmask1=255.255.255.0
ip2=192.168.76.92
netmask2=255.255.255.0
#routes0=192.168.1.0/24 192.168.0.1,192.168.2.0/24 192.168.0.2
#routes1=192.168.3.0/24 192.168.0.1,192.168.4.0/24 192.168.0.2
#routes2=192.168.5.0/24 192.168.0.1,192.168.6.0/24 192.168.0.2
dns=192.168.76.5
honorCipherOrder=true
sessionTimeout=39600000
[SSLCert]
pfxCerts=c: emphorizon.pfx
[SSLCertAdmin]
pfxCerts=c: emphorizon.pfx
[Horizon]
proxyDestinationUrl=https://192.168.76.15
proxyDestinationUrlThumbprints=sha1:69 c9 6c eb f2 17 d7 6e 7f 52 24 ba 66 51 30 bb 02 97 f5 a5
tunnelExternalUrl=https://horizon.vjason.com:443
blastExternalUrl=https://horizon.vjason.com:443
pcoipExternalUrl=192.168.76.90:4172
proxyPattern=(/|/view-client(.*)|/portal(.*)|/appblast(.*)|/downloads(.*))
Note that 192.168.76.15 is the IP address of the destination Horizon Connection Server or Horizon Connection Server load balancer, the thumbprint provided was copied from the SSL certificate currently used on that server (or load balancer), and that |/downloads(.*) was added to the proxyPattern entry so that clients will download any needed Horizon clients directly from your Horizon servers rather than from the VMware website. While this example file does not contain any network routes (the default entries are commented out), be aware that in most cases your UAG appliance will be placed in a DMZ and you will need to customize the route entries so that it knows which network interface to use to reach Horizon resources on the internal network. Refer to the comments in the ini file to understand how to configure each value. The following example contains the minimum options required to deploy a fully functional UAG appliance with three network interfaces and a custom SSL certificate.
- From within the folder containing the VMware UAG deployment scripts, use PowerShell to execute the following command: uagdeploy.ps1 -iniFile uag1.ini.
If this is the first time you are connecting to the vCenter Server specified in the ini file, you will be prompted to verify the server SSL thumbprint to continue. Verify the thumbprint when prompted to continue the deployment process.
- Provide passwords for the UAG appliance root account and admin interface when prompted, select whether to join the VMware Customer Experience Improvement Program, and, if required, provide the password for the SSL certificates you are deploying with the appliance.
- Monitor the deployment process for errors; a sample output is shown in the following screenshot:
- Log on to the UAG admin web interface using the IP address provided for ip1 in the INI file, using the following URL format: https://192.168.76.91:9443/admin. The admin web interface username will be admin, and the management access password will be the one you provided when running the deployment script.
- Click the Select button under Configure Manually in the UAG admin web interface.
- Click on the highlighted Edge Service Settings slider, then expand the options by clicking on the > icon. Verify that all settings are green, as shown in the following screenshot, indicating that the UAG appliance is able to successfully communicate with the Connection Server:
- To deploy additional UAG appliances, edit the script and provide unique values for the interface IP addresses, appliance name, and other values as required.
The Unified Access Gateway appliances have now been deployed, and you may implement load-balancing in front of the Unified Access Gateway appliances themselves if desired.
In the next section, we will review some of the resources that can be used to troubleshoot the deployment or functionality of Unified Access Gateway.