Deploy UAG with PowerShell

Deploying Unified Access Gateways (UAGs) is easy, but did you know that there is a VMware PowerShell script available that can make this process even easier? The script eliminates the need to manually configure the settings for each UAG, which can be time-consuming and error-prone. It also eliminates the need for manual intervention in the deployment process. This helps to ensure the UAGs are correctly deployed and configured, making the deployment process much more efficient.

Preparations:

Start by downloading all the needed components:
Download the UAG appliance OVA file and the UAG PowerShell scripts from VMware.
https://customerconnect.vmware.com/downloads/details?downloadGroup=HZ-2303-ENT&productId=1412&rPId=102747

Download the OVF tools and install it where you want to deploy from.
https://customerconnect.vmware.com/downloads/details?downloadGroup=OVFTOOL442&productId=1230

The content of the folder will be as follows:

Extract the UAG Deploy zip.

When the directory is extracted, you will see some INI files and UAG deploys PowerShell scripts. We are going to use the advanced INI file for this tutorial.

There are two methods to deploy – we’ll start with New Deploy and then move on to Upgrade.

New Deployment:

Open “uag2-advanced.ini” and change the following BOLD lines (the data written in the lines are examples from the VMware templates):

name=UAG1
source=C:\UAGs\euc-unified-access-gateway-x.y.z.0-nnnnnnn_OVF10.ova
target=vi://administrator@vsphere.local:PASSWORD@192.168.0.21/Datacenter1/host/esx1.myco.int (the “host” must stay as is)
folder=Test/ (Optional if you want to deploy to a folder on VC)
ds=Local Disk 1 (Datastore Location)
netInternet=VM Network (Users source network)
netManagementNetwork=VM Network (admin Management source network)
netBackendNetwork=VM Network (Connection server destination network)
defaultGateway=192.168.0.1
deploymentOption=onenic (One NIC configuration)
ip0=192.168.0.90
netmask0=255.255.255.0
routes0=192.168.1.0/24 192.168.0.1,192.168.2.0/24 192.168.0.2 (use routing if the network roles are in different port groups, else delete the content of the line)
dns=192.168.0.10

[SSLCert]
pfxCerts=sslcerts.pfx (specify the PFX certificate if needed. If not, comment this line)

[SSLCertAdmin]
pfxCerts=sslcerts.pfx (specify the PFX certificate if needed. If not, comment this line)

[Horizon]
proxyDestinationUrl=https://192.168.0.209 (the Connection server address)
proxyDestinationUrlThumbprints=sha1:3e ef ed c6 86 75 a6 15 ff c8 96 27 5a 4c ee 8e 16 fd 6e d3
tunnelExternalUrl=https://uag2.horizon.myco.com:443 (UAG address for external access)
blastExternalUrl=https://uag2.horizon.myco.com:443 (UAG address for external access)

Comment on these lines:
# pcoipExternalUrl=10.20.30.90:4172
# pcoipDisableLegacyCertificate=true

Running the script:

Open a PowerShell window, navigate to the script library and run the following:
set-executionpolicy -scope currentuser unrestricted

then run the deploy script with the location of the INI file:
.\uagdeploy.ps1 -iniFile uag1.ini


enter an admin password when prompt. When you asked for joining CEIP enter “No”.

As the script starts kicking, you can see the progress on the VC tasks.

When the deployment is finished, the script will power on the VM and configure all the settings we configured in the INI file.

Now we can connect to the admin panel with port 9443 and see that everything is properly configured. There will also be a log file created in the same location as the script files.

We can test it by accessing the UAG address. If you see this window, then you made it to the Connection Server!

A quick connection test:

UAG In-Place Upgrade:

The process for a UAG In-Place Upgrade is nearly the same as new deployment except we don’t need to use VMware’s templates.

First, connect to the UAG admin panel and download the INI file:

Open the INI file that you just downloaded.
Note all the empty lines; these lines need to be filled with your information:

For example:

Navigate to the script files location and run the upgrade script with the file you downloaded and edited:

.\uagdeploy.ps1 -iniFile C:\Temp\UAG\UAG_Settings.ini

Enter the admin password when prompted (and the PFX password if needed):

When the progress ends, the script will automatically turn on the VM and configure all the settings by the INI file that you downloaded earlier.

The VM will get the same hostname, address, and configuration as the old one.

With the VMware PowerShell script outlined above, deploying UAGs becomes an effortless task. This script streamlines the configuration process, eliminating the need for manual settings and reducing potential errors. Furthermore, it automates the deployment process, eliminating the need for manual intervention and ensuring accurate configuration of the UAGs. By following the steps outlined in this guide and leveraging the power of the VMware PowerShell script, you can achieve a highly efficient and error-free deployment of UAGs.

Written by: Guy Hemed, VDI Specialist