Lab 21: Deploy Unified Access Gateway using the PowerShell method
Objective and Tasks
In this lab, you will deploy a Unified Access Gateway (UAG) using the PowerShell deployment method.
- Configure the INI settings file that will be used during deployment.
- Run the PowerShell script to deploy a Unified Access Gateway.
- Login to the Unified Access Gateway admin console and validate the configuration.
- Test a connection to a virtual desktop via the Unified Access Gateway.
- Locate the INI settings file that will use to configure the Unified Access Gateway appliance.
- On the ControlCenter, open File Explorer on the task bar at the bottom.
- Select the Resources (S:) drive.
- Browse to the S:\Scripts\uagdeploy-25.12.0.0-19XXXX628 folder.
- Copy the INI file.
- Select the uag2-advanced.ini file.
- Copy and Paste so that you have a backup of the original file.
- Edit the original uag2-advanced.ini file.
- Right click uag2-advanced.ini and select Edit with Notepad++
While this lab uses Notepad++, any text editor can be used to edit the INI file.
- Change the name of the UAG appliance to be deployed.
- Locate the name entry and change UAG2 to UAG-HZN-01a.
name=UAG-HZN-01a- Change the Source string:
- Locate the source entry and change it to the following:
source=S:\Software\Horizon_2512\euc-unified-access-gateway-25.12.0.0-19824103628_OVF10.ovaThe source entry provides the source OVA file that is used to install the Unified Access Gateway appliance.
- Change the target string.
- Locate the target entry entry and change it to the following:
target=vi://[email protected]:[email protected]/DC1/host/Cluster1/esx01.omnissatraining.comThe target entry defines which vCenter, and cluster the Unified Access Gateway appliance will be deployed to.
- Change the ds (datastore) string.
- Locate the ds entry and change it to the following:
ds=Datastore1- Change the diskMode string.
- Locate the #diskMode entry and remove the # to change this to:
diskMode=thin- Define the networks to use by updating the following entries to match the following:
netInternet=DMZ
netManagementNetwork=DMZ
netBackendNetwork=DMZ- Define the default network gateway to use.
- Locate the defaultGateway entry and update it to the following:
defaultGateway=10.10.110.254- Define the number of network interfaces (NIC) to configure.
- Locate the deploymentOption entry and ensure that the onenic option is selected:
deploymentOption=onenic In a production environment, you would normally use either the twonic or threenic options to match your DMZ architecture and requirements.
- Change the IP address information for the NIC to the following:
- This defines the IP address information of NIC0
ip0=10.10.110.1
netmask0=255.255.255.0
routes0=172.16.111.0/24 10.10.110.254
- Change the DNS to be used by the UAG aaplicance.
- Locate the dns entry and update it to the following:
dns=192.168.110.10- Define the TLS certificate to be used for by the UAG appliance.
- Scroll down to the [SSLCert] section, locate the pfxCerts entry and update it to the following:
pfxCerts=S:\SSL\omnissatraining.com\PFX\omnissatraining_with_pwd.pfx
- Define the TLS certificate to be used for by the admin interface of the UAG appliance.
- Scroll down to the [SSLCertAdmin] section, locate the pfxCerts entry and update it to the following:
pfxCerts=S:\SSL\omnissatraining.com\PFX\omnissatraining_with_pwd.pfx
- Change the proxyDestination value for the Connection Server to target.
- Scroll down to the [Horizon] section, locate the proxyDestination entry and update it to the following:
proxyDestinationUrl=https://horizon-01a.omnissatraining.comThe proxyDestinationURL is the address for the Connection Server that this UAG appliance will target for user connections.
- Change the proxyDestinationUrlThumbprints value to match the thumbprint of the certificate of the Connection Server.
- In the [Horizon] section, locate the proxyDestinationUrlThumprints entry and update it to the following:
proxyDestinationUrlThumbprints=sha256:30 50 b2 41 2a c9 a2 d6 8c 9f 5b 3a 72 6e 04 b7 10 26 ad 0f 2f 3c 29 75 42 c0 00 cc 5d b1 ba 7e
- Change the tunnelExternalUrl value.
- Locate the tunnelExternalUrl entry and update it to the following:
tunnelExternalUrl=https://uag-hzn-01a.omnissatraining.com:443- Change the blastExternalUrl value.
- Locate the blastExternalUrl entry and update it to the following:
blastExternalUrl=https://uag-hzn-01a.omnissatraining.com:443
- Change the pcoipExternalUrl value.
- Locate the pcoipExternalUrl entry and update it to the following:
pcoipExternalUrl=10.10.110.1:4172
- Save your INI file.
- Use the File > Save function of Notepad++ to save the file with your changes.
In this section, you will deploy the a Unified Access Gateway using a PowerShell Script and passing it the INI settings file you edited.
- Change the PowerShell execution policy.
- On your ControlCenter server launch PowerShell using Windows > Windows PowerShell.
- Change the script execution is to unrestricted using the following command.
Set-ExecutionPolicy -scope CurrentUser Unrestricted- Change to the uagdeploy script folder using the following command.
cd S:\Scripts\uagdeploy-25.12.0.0-19824103628- Start the script to deploy your Unified Access Gateway appliance.
- Run the following command
.\uagdeploy.ps1 -iniFile .\uag2-advanced.ini- Enter the password to assign to the root user.
- When prompted to Enter a root password for UAG-HZN-01a: use: Pa$$w0rd.
- Enter a password for the admin user for admin UI access.
- When prompted to Enter password for admin for the Admin UI access for UAG-HZN-01a: use: Pa$$w0rd.
- Join the customer experience program.
- When prompted Join CEIP for UAG-HZN-01a? Enter yes. (or press enter).
- Enter the password for the certificate file
- When prompted to Enter the password for the specified [SSLcert], enter Pa$$w0rd
- Enter the password for the admin certificate file
- When prompted to Enter the password for the specified [SSLcertAdmin], enter Pa$$w0rd
- Accept the SSL fingerprint for the vCenter Server.
- When prompted, Fingerprint will be added to the known host file, enter yes.
- Enter the password to login to the vCenter Server (vi://192.168.110.25/).
- When prompted the password for [email protected], enter Pa$$w0rd
Your UAG virtual appliance deployment will now start and can take several minutes to complete. Monitor the progress.
When the appliance receives an IP address and indicates Completed successfully, proceed to the next step.
- Confirm that your UAG appliance has been successfully deployed.
- Check that a Received IP Address shows a valid value.
- Check that UAG virtual appliance UAG-HZN-01a deployed successfully is displayed.
You can deploy additional UAG appliances by copying an existing INI file and updating fields like name and IP information.
To verify that the Unified Access Gateway was deployed successfully, first login to the UAG admin console.
Best practice it to put all required configuration into the INI file so that the appliance is fully configured upon deployment. But you can also manually configure individual appliances, using the admin console, to change Horizon and other settings.
- Open the UAG admin console for uag-hzn-01a.
- On your ControlCenter desktop, open the Google Chrome browser.
- Click the bookmark on the bookmark bar for uag-hzn-01a
- This will connect you to the UAG admin console at https://UAG-HZN-01a.omnissatraining.com:9443/admin
- Login to the UAG admin console.
- Username: admin
- Password : Pa$$w0rd
- Click SIGN IN.
- Select the configuration method.
- Click on the SELECT button under Configure Manually.
- View the Horizon Edge Service Settings.
- In the General Settings section (at the top) click on the toggle for Edge Services Settings.
- Click on Horizon Settings to expand that section.
This displays the status of the various Horizon edge services. Investigate and correct any that do not display a healthy status of green.
- Open the edit dialog for the Horizon Settings.
- Click on the gear icon to the right of Horizon Settings.
You will see the configuration here that corresponds to the additional lines of settings that you entered into your INI settings file that you created to deploy the UAG appliance.
The configuration changes you make below are justexamples to illustrate the ability to make changes in the UAG admin console.
- Change the Allow Origins settings.
- Scroll down to the bottom of the screen and click on More. (this will display all the Horizon settings).
- Scroll down to Allowed Origins section.
- Click on the Re-Write Origin toggle for uag-hzn-01a.omnissatraining.com:443 to enable it.
- Click on the Re-write Origin toggle for 10.10.110.1 to enable it.
- Click SAVE.
This lab assumes that you are connecting to the Horizon pod and desktop that you created in previous lab exercises.
- Launch the Omnissa Horizon Client.
- From the ControlCenter, double click the Omnissa Horizon Client icon.
You will a New Server connection to your Horizon Client targeting the Unified Access Gateway. This will force the client to authenticate and connect the session via the Unified Access Gateway.
- Add a new Horizon 8 Pod to the Horizon Client.
- Click on + Add Server in the top-right.
- Enter the FQDN https://uag-hzn-01a.omnissatraining.com
- Click Connect.
- Login and authenticate with an assigned user from the Horizon-Students group.
- Username: Student1
- Password : Pa$$w0rd
- Click Login.
- Once logged in, you will see a tile for the entitled desktop pool Win11-Site1
- Launch the desktop.
- Click on the 3 dots on the pool tile for Win11-Site1 and click Launch.
- Alternatively you can double-click on the tile.
- Confirm successful desktop launch.
- Logout of the Horizon desktop pool desktop.
- Use Windows > Student 1 > Sign out
- Alternatively, you can use the Horizon menubar at the top of the screen, selecting the three dots (...), then Logoff Desktop, and confirm with OK.
- Close the Omnissa Horizon Client.
This concludes this lab.
0 Comments
Add your comment