Getting Started with Automating the Unified Access Gateway Deployment
Today we will jump into leveraging PowerShell, a cross-platform task automation solution and scripting language, to deploy the VMware Unified Access Gateway™. The PowerShell deployment option does not require the IT administrator to manually enter settings during deployment, and so is less prone to input error. This option also makes upgrading and deploying additional appliances easier.
For more information on getting started with PowerShell, see Getting Started with PowerShell.
What is Unified Access Gateway?
VMware Unified Access Gateway is a security platform that provides edge services and access to defined resources that reside in the internal network. It acts as the security gateway for VMware Workspace ONE® and VMware Horizon® deployments, enabling secure remote access from an external network to various internal resources. Unified Access Gateway supports multiple use cases:
- Per-app tunneling of native and web apps on mobile and desktop platforms to secure access to internal resources through the VMware Tunnel service
- Secure on-premises email infrastructure that grants access only to authorized devices, users, and email applications based on managed policies. This capability leverages the Secure Email Gateway service integrated with VMware Workspace ONE® UEM.
- Access from VMware Workspace ONE® Content to internal file shares or SharePoint repositories by running the Content Gateway service
- Reverse proxying of web applications
- Identity bridging for authentication to on-premises legacy applications that use Kerberos or header-based authentication
- Secure external access to desktops and applications on VMware Horizon® Cloud Service™ on Microsoft Azure, and VMware Horizon
Figure 1: Unified Access Gateway Logical Architecture
When providing access to internal resources, Unified Access Gateway can be deployed within the corporate DMZ or internal network, and act as a proxy host for connections to your company’s resources. Unified Access Gateway directs authenticated requests to the appropriate resource and discards any unauthenticated requests. It also can perform the authentication itself, leveraging additional authentication when enabled.
For more information, see the Mastering Unified Access Gateway product activity path.
Deployment Overview
A successful deployment of VMware Unified Access Gateway is dependent on good planning and a robust understanding of the platform. The Deploying VMware Unified Access Gateway: Workspace ONE Operational Tutorial gives you a technical overview to get you started with Unified Access Gateway deployment. It covers key points for those deploying Unified Access Gateway appliances for the first time. In addition, the tutorial provides detailed step-by-step guidance on how to deploy Unified Access Gateway with single or multiple NICs on:
- vSphere using vSphere Web Client (GUI-based)
- vSphere using PowerShell
- Amazon Web Service using PowerShell
- Microsoft Azure using PowerShell
- Google Cloud using PowerShell
Deployment Methods
A PowerShell script can be used to deploy Unified Access Gateway and configure all edge services across all platforms. You download the ZIP file, configure the PowerShell script for your environment, and run the script to deploy Unified Access Gateway. This method allows administrators to automate the deployment and configuration, making the appliance ready on the first boot.
PowerShell is the only available method for Unified Access Gateway deployment on Microsoft Azure, Hyper-V, and Amazon AWS EC2.
For Unified Access Gateway deployment on vSphere, the following methods are supported:
- vSphere Web Client OVF Template Wizard
- Unified Access Gateway Deployment Utility
- PowerShell
The vSphere Web Client can be used to deploy the Unified Access Gateway OVA. You are prompted for basic settings, including the NIC deployment configuration, IP address, and management interface passwords. After the OVA is deployed, log in to the Unified Access Gateway admin user interface to configure Unified Access Gateway system settings, edge services in multiple use cases, and authentication in the DMZ. The configuration performed after deployment can be exported as a JSON file and used to reimport later on new appliances.
Check out the video below for more details on the deployment options. The video is dated; however, the core concepts remain accurate. See the Deploying VMware Unified Access Gateway: Workspace ONE Operational Tutorial for the latest content.
Leveraging the PowerShell Deployment Method
The PowerShell method ensures that the Unified Access Gateway virtual appliance is production-ready on first boot. This method uses the VMware OVF Tool command-line utility in the background when deploying on vSphere. The IT administrator updates an INI file with the required configuration settings and then deploys the Unified Access Gateway by entering a simple deployment command in PowerShell (.\uagdeploy.ps1 .\<name>.ini). For deployments on Microsoft Azure, Hyper-V, and Amazon Web Services (AWS), the OVF tool is not required because Unified Access Gateway leverages the PowerShell module for the respective hypervisor.
More information on using the PowerShell method is available on the Using PowerShell to Deploy VMware Unified Access Gateway community page. The PowerShell script and sample INI files can be downloaded from the Unified Access Gateway product download page. For step-by-step instructions on how to deploy Unified Access Gateway, see the following articles on Tech Zone:
- Deploying Unified Access Gateway on vSphere with One NIC Through vSphere Web Client
- Deploying Unified Access Gateway on vSphere with Two NICs Through PowerShell
- Deploying Unified Access Gateway on Amazon Web Services
- Deploying Unified Access Gateway on Microsoft Azure
For deployment of Unified Access Gateway on vSphere and configuration of any edge services through PowerShell, see the Edge Services section of the Mastering Unified Access Gateway product activity path on VMware Digital Workspace Tech Zone.
Check out the videos below for more details on using PowerShell to deploy Unified Access Gateway. The videos are dated, but the core concepts remain accurate. See the Deploying VMware Unified Access Gateway: Workspace ONE Operational Tutorial for the latest content.
Video 1: VMware Unified Access Gateway Deployment and Security Best Practices
Video 2: VMware Unified Access Gateway: PowerShell Deployment - Feature Walk-through
Knowledge Acquired & What’s Next
We briefly discussed the two supported methods of deploying Unified Access Gateway and then pointed you to detailed resources on how to get started with automating the deployment of the Unified Access Gateway. We covered how to leverage PowerShell, a cross-platform task automation solution and scripting language, to deploy the VMware Unified Access Gateway. We will share more PowerShell examples later this month and show how PowerShell can make API calls and automate workflows.
Be sure to subscribe to the Digital Workspace Tech Zone Blog RSS or check back daily to see what we release. By the end of this month, we hope that you are comfortable leveraging code samples, VMware Flings, scripting/coding, and leveraging the EUC APIs to automate your workspace!
You can also follow us on Twitter @EUCTechZone to stay updated on the latest EUC content!
Agenda
And make sure to check out the other blog posts in this month-long series:
- Day 1: Let's Git Commit(ted) to Dev Resources
- Day 2: Getting Started with the Workspace ONE UEM REST APIs
- Day 3: Getting Started with the Workspace ONE Access APIs
- Day 4: Getting Started with the VMware Workspace ONE Intelligence APIs
- Day 5: Getting Started with the VMware Horizon REST APIs and VMware PowerCLI
- Day 6: Getting Started with Automating the Unified Access Gateway Deployment
- Day 7: Podcast: Day 0 Onboarding Automation with Scot Curry
- Day 8: Video: Anatomy of the Workspace ONE UEM API
- Day 9: Introduction to using Postman - Part 1
- Day 10: Introduction to using Postman - Part 2
- Day 11: Pro Tips and Tricks - How to be an API Boss
- Day 12: What is OAuth - Learning the Basics
- Day 13: Getting Started with Intelligent Hub Notifications
- Day 14: Git Basics: Getting Git Going
- Day 15: Podcast: Git Commit(ted) to Resources: Customer Spotlight with The Home Depot
- Day 16: Git VMware {code} Samples and Flings
- Day 17: Using paginated requests with Workspace ONE UEM REST APIs
- Day 18: Event Notifications
- Day 19: Overview of Script Samples using PowerCLI for Horizon
- Day 20: Uploading Windows apps using REST APIs
- Day 21: Uploading macOS apps using REST APIs and Admin Assistant
- Day 22: API-based user lifecycle and SCIM
- Day 23: Video: Community Expert Roundtable on Leveraging APIs and Scripting
- Day 24: Video: Exploring the Workspace ONE GitHub Samples Repository
- Day 25: Featured Fling: Forklift for Workspace ONE UEM
- Day 26: Featured VMware {code} Samples for Horizon
- Day 27: Featured Flings for VMware Horizon
- Day 28: Continuing to Focus on </Dev> Resources Page