Deploying VMware Access Point with PowerShell

In my previous article I wrote about deploying VMware Access point and SafeNet Radius two factor authentication. If you want to read about that, you will find the link here. – link – I thought it might be interesting also to see how to deploy the VMware Access Point (version 2.7.2) with the PowerShell. Its a small article but it will give you enough guidance to enable you to deploy a VMware Access Point within minutes easily.

What do you need?

Not trying to sound like a recipe here is a list of things you need to deploy without issues;

  • VMware Access Point .ova file (look for the 2.7.2 or perhaps the new 2.8 one)
  • OVF tools (installed on VMware vCenter servers
  • Access to your vCenter server
    • Hostname
    • Datastore
    • Datacenter name
    • Cluster name
  • IP adres(ses) in your perimeter network (do you want one or more interfaces?)
  • Hostname
  • VMware Horizon
    • VMware Horizon FQDN
    • PCoIP External URL
    • VMware Horizon thumbprint of the certificate

This sound like a lot but if you look at it, it comes down to three big clunks of data, the appliance, the virtual environment and the Horizon environment. and last but not least of course you need the PowerShell script.

The OVA file is found at download VMware or right here – link

The PowerShell scripts for all the version are downloaded right here – link

The OVF tool is installed at the VMware vCenter server so deploying the VMware Access Point from there is easiest.. If however you have a customer that has the VMware vCenter installation installed at any other disk than C:\ you need to edit the PowerShell script that you downloaded to get it working.


Ini files

When you download the PowerShell script you have a couple of options, depending on what you want to use the VMware Access Point. There are five configuration files;

  • AP1-basic.ini
  • AP2-Advanced.ini
  • AP3-SecureID.ini
  • AP4-Radius.ini
  • AP10-vidm.ini

The basic configuration file is really basic, if you don’t need any persistent routes or two factor authentication you use this configuration file. If you deploy a VMware Access Point with PowerShell for two factor authentication with Radius you use the AP4 script.

Let me show you what you need to configure;

  • Name : The hostname of the VMware Access Point
  • Source: The source of the OVA file
  • Target: The connection with the vCenter server, mind you this is the tricky one in the script… lucky it will show what you are missing is you do.

target=vi://domain admin user account@Domain FQDN:PASSWORD@<vCenter sever FQDN>/cluster/

  • DS: the datastore the VMware Access Point is deployed on
  • netInternet/netManagement/netBackendNetwork: the VLANs you connect the VMware Access Point to.

Mind you this is important… some parts of the configuration file are marked out. depending on the number of interfaces you use you include a section or mark out some part. Below is the example, here one nic is used and no routes are added. The twonic option is marked out so it won’t be read. Make sure the net part is always filled in, even if you use only one nic make sure the rest also has the same entries. The routes are not in the basic configuration file, often you don’t need any routes.

netInternet=VM Network
netManagementNetwork=VM Network
netBackendNetwork=VM Network



  • DNS: the dns server (internally)
  • HonorCipherorderTrue: honour the Cipher order as configured at the server
  • sessionTimeout: The time in milliseconds the session times out, its 10 hours by default
  • PemCert: The certificate file also containing the intermediate and root certifcate
  • pemPrivkey: The private key with the certificate

This is the basic of the configuration, now the Horizon settings are set.

  • proxyDestinationUrl: The VMware Horizon connection url a user connects to
  • proxyDestinationUrlThumprint: the thumbprint of the certificate of the VMware Horizon connection server
  • tunnelExternalURL: The external URL, the FQDN you use for the external url
  • BlastExternalURL: the blast url
  • PCoIPExternalURL: the PCoIP IP address used for external access

This concludes the Advanced configuration. With this configured you can deploy the VMware Access Point with the PowerShell script.


If you deploy with a duplicate IP address… yes I did that, you get this after you deployed


So don’t do this and check. We were deploying and redeploying to test things so we forgot that there was one running already.

To deploy you need to start PowerShell and set the execution policy to unrestricted. The rest is setting the root and admin password.


After a few minutes the VMware Access Point is up and running. If you want to add the radius part check out my previous article where that part of the configuration is shown. Have fun deploying.

3 thought on “Deploying VMware Access Point with PowerShell”
  1. Wow , That’s great, Currently i am working on the project where I need deploy VMware access point with PowerShell but I was little bit confused about how to do this but now my all the confusion has been cleared . Your article is really helpful for me . I have done by the help of your article. Thanks for sharing. The way you explained each and everything is really great. Thanks once again.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.