Getting Started with Automating the Unified Access Gateway Deployment

February 06, 2022

Today we will jump into leveraging PowerShell, a cross-platform task automation solution and scripting language, to deploy the VMware Unified Access Gateway. The PowerShell deployment option does not require the IT administrator to manually enter settings during deployment, and so is less prone to input error. This option also makes upgrading and deploying additional appliances easier.

For more information on getting started with PowerShell, see Getting Started with PowerShell.

What is Unified Access Gateway?

VMware Unified Access Gateway is a security platform that provides edge services and access to defined resources that reside in the internal network. It acts as the security gateway for VMware Workspace ONE® and VMware Horizon® deployments, enabling secure remote access from an external network to various internal resources. Unified Access Gateway supports multiple use cases:

  • Per-app tunneling of native and web apps on mobile and desktop platforms to secure access to internal resources through the VMware Tunnel service
  • Secure on-premises email infrastructure that grants access only to authorized devices, users, and email applications based on managed policies. This capability leverages the Secure Email Gateway service integrated with VMware Workspace ONE® UEM.
  • Access from VMware Workspace ONE® Content to internal file shares or SharePoint repositories by running the Content Gateway service
  • Reverse proxying of web applications
  • Identity bridging for authentication to on-premises legacy applications that use Kerberos or header-based authentication
  • Secure external access to desktops and applications on VMware Horizon® Cloud Service on Microsoft Azure, and VMware Horizon

(desktop virtualization pros and cons, virtual desktop management best practices, multiple virtual desktops) (vmware unified access gateway deployment, vmware unified access gateway implementation, aws console url)

Figure 1: Unified Access Gateway Logical Architecture

When providing access to internal resources, Unified Access Gateway can be deployed within the corporate DMZ or internal network, and act as a proxy host for connections to your company’s resources. Unified Access Gateway directs authenticated requests to the appropriate resource and discards any unauthenticated requests. It also can perform the authentication itself, leveraging additional authentication when enabled.

For more information, see the Mastering Unified Access Gateway product activity path.

Deployment Overview

A successful deployment of VMware Unified Access Gateway is dependent on good planning and a robust understanding of the platform. The Deploying VMware Unified Access Gateway: Workspace ONE Operational Tutorial gives you a technical overview to get you started with Unified Access Gateway deployment. It covers key points for those deploying Unified Access Gateway appliances for the first time. In addition, the tutorial provides detailed step-by-step guidance on how to deploy Unified Access Gateway with single or multiple NICs on:

Deployment Methods

A PowerShell script can be used to deploy Unified Access Gateway and configure all edge services across all platforms. You download the ZIP file, configure the PowerShell script for your environment, and run the script to deploy Unified Access Gateway. This method allows administrators to automate the deployment and configuration, making the appliance ready on the first boot.

PowerShell is the only available method for Unified Access Gateway deployment on Microsoft Azure, Hyper-V, and Amazon AWS EC2.

For Unified Access Gateway deployment on vSphere, the following methods are supported:

  • vSphere Web Client OVF Template Wizard
  • Unified Access Gateway Deployment Utility
  • PowerShell

The vSphere Web Client can be used to deploy the Unified Access Gateway OVA. You are prompted for basic settings, including the NIC deployment configuration, IP address, and management interface passwords. After the OVA is deployed, log in to the Unified Access Gateway admin user interface to configure Unified Access Gateway system settings, edge services in multiple use cases, and authentication in the DMZ. The configuration performed after deployment can be exported as a JSON file and used to reimport later on new appliances.

Check out the video below for more details on the deployment options. The video is dated; however, the core concepts remain accurate. See the Deploying VMware Unified Access Gateway: Workspace ONE Operational Tutorial for the latest content.

Leveraging the PowerShell Deployment Method

The PowerShell method ensures that the Unified Access Gateway virtual appliance is production-ready on first boot. This method uses the VMware OVF Tool command-line utility in the background when deploying on vSphere. The IT administrator updates an INI file with the required configuration settings and then deploys the Unified Access Gateway by entering a simple deployment command in PowerShell (.\uagdeploy.ps1 .\<name>.ini). For deployments on Microsoft Azure, Hyper-V, and Amazon Web Services (AWS), the OVF tool is not required because Unified Access Gateway leverages the PowerShell module for the respective hypervisor.

More information on using the PowerShell method is available on the Using PowerShell to Deploy VMware Unified Access Gateway community page. The PowerShell script and sample INI files can be downloaded from the Unified Access Gateway product download page. For step-by-step instructions on how to deploy Unified Access Gateway, see the following articles on Tech Zone:

For deployment of Unified Access Gateway on vSphere and configuration of any edge services through PowerShell, see the Edge Services section of the Mastering Unified Access Gateway product activity path on VMware Digital Workspace Tech Zone.

Check out the videos below for more details on using PowerShell to deploy Unified Access Gateway. The videos are dated, but the core concepts remain accurate. See the Deploying VMware Unified Access Gateway: Workspace ONE Operational Tutorial for the latest content.

Video 1: VMware Unified Access Gateway Deployment and Security Best Practices

Video 2: VMware Unified Access Gateway: PowerShell Deployment - Feature Walk-through

Knowledge Acquired & What’s Next

We briefly discussed the two supported methods of deploying Unified Access Gateway and then pointed you to detailed resources on how to get started with automating the deployment of the Unified Access Gateway. We covered how to leverage PowerShell, a cross-platform task automation solution and scripting language, to deploy the VMware Unified Access Gateway. We will share more PowerShell examples later this month and show how PowerShell can make API calls and automate workflows.

Be sure to subscribe to the Digital Workspace Tech Zone Blog RSS or check back daily to see what we release. By the end of this month, we hope that you are comfortable leveraging code samples, VMware Flings, scripting/coding, and leveraging the EUC APIs to automate your workspace!

You can also follow us on Twitter @EUCTechZone to stay updated on the latest EUC content!


And make sure to check out the other blog posts in this month-long series:

Filter Tags

Workspace ONE Unified Access Gateway Workspace ONE Access Workspace ONE Intelligence Workspace ONE UEM Blog Technical Overview Intermediate Optimize