Deploy and configure VMware Access Point with the GUI


Deploy and configure VMware Access Point with the GUI

VMware changed their remote access strategy in the past years by slowly replacing the VMware Security server with the Access Point. In the beginning deployment was only possible with a PowerShell script, not difficult but you couldn’t manage the device after you deployed it. VMware had a strategy, or they told us, that there was no management and the Access Point strategy was destroy and deploy. The article about deploying the VMware Access Point with the script and with two-factor authentication is found here – Deploying VMware Access Point with PowerShell – VMware Access Point Radius two-factor authentication with SafeNet (SAS) – VMware Access Point: adding static routes. Now with the GUI I decided to deploy with the GUI, one other reason was that the customer is using DHCP with reserved addresses instead of static ones. The PowerShell script needs a static IP address. So a GUI deployment it was.

As of now the Access point is renamed the VMware Unified Access Gateway… I will leave the article as it is for now but just that you know.

Deploying the VMware Access Point

First step is to deploy the VMware Access Point in a VMware environment. This is a basic deployment and not that difficult. All the configuration is done afterwards in the GUI. First you pick the OVA file you downloaded from the VMware website.

GUIGUI

GUIGUI

GUIGUI

GUIGUI

In the above pictures you see how to deploy the VMware Access Point, there are two screens important here. At one point you select the number of network interfaces. Deploy the VMware Access Point with one, two or three NIC’s. If you don’t want any routing hassle pick one NIC.

The other screen you you need to attend to is the VLAN selection screen, even if you pick one NIC you need to make sure all networks have to right VLAN selected. With one NIC you set the rest to the same one as the one you use.

Configure the appliance

After the deployment is finished you can configure the VMware Access Point appliance, Go to the vApp settings and fill in the blanks. If you have static IP addresses you enter IPv4 (if you use IPv4). In the filed NIC1 you fill in the IP address and so on and so on.

GUI

The last two options are important, you have to fill in the passwords for root and for the admin console. The root password can be pretty simple (not saying you should do that but you can). The admin password should be something more complex as it says there.

One interesting option is that you can configure the DHCP setting in the vApp options. By default, even if you configured the vApp properties blank (should be DHCP it says) it stil be revert to static. You need to go into the Advanced option to configure the DHCP option + IPv4 if you use DHCP. If you don’t no need to look here and just go on.

GUI

 

 

 

 

 

 

 

 

 

 

 

 

 

When you configure all this you can start the VMware Access Point, after a while you see the login screen after which you can configure the Access Point with the GUI.

Configure VMware Access Point

Open a browser https://FQDN of the VMware Access Point:9443/Admin and you will see the logon screen as shown below.

GUI

You logon with the admin credentials as you just configured in the vApp settings. Once you logon you see two options, you can either import VMware Access Point settings (handy if you deploy multiple ones) or you can do a manual configuration.

GUI

You can select a Json file with the settings and import them. This is a very interesting way to deploy and do upgrades. As mentioned before the upgrade is destroy and deploy the new one.

So I we click the configure manual option you see the following screen. The two top options are the configurations you need to look at, The top one are the VMware Horizon settings and more. The lower one is the Authentication setting where you configure the two-factor authentication.

GUI

The lower part of the screen is the configuration of the appliance. You can do the system settings, add an SSL server certificate, SAML and so on. Also in the event of an error you can easily export the logs and export the settings. When you open the Edge settings (strange the button turns grey when it is closed and not stays green even when it is configured) you see the option you can configure here.

Next to the Horizon settings but also for instance some AirWatch settings like a per app tunnel and SEG settings. VMware Access Point is becoming more important in the VMware portfolio.

GUI

 

Let’s look a bit at the Horizon settings. the settings in the GUI are (you are not surprised) the same as in the PowerShell, you need to set the following settings;

  • Connection Server URL
  • Thumb Prints of the connection server (make sure they are the same on all the servers)
  • PCoIP External URL
  • Blast External URL

GUI

The Authentication settings, when you open them, show the options you have there. I had to configure Radius here so I wil show the Radius settings.

GUI

 

The Radius settings you need to set the following settings:

  • Authentication type
  • Shared secret
  • Number of authentication attempts allowed
  • Number of attempts to Radius server
  • Server timeout
  • Radius server host name
  • Authentication port : 1812

GUI

With all this in place you can logon to you Horizon environment and use a RADIUS token for two factor.

Conclusion

Deploying the Access Point with a GUI instead of a PowerShell script was a first one for me. I have to say that the GUI is nice to work with. It is easy to work with and shows the information swiftly. One small this that I would like to be changed is that the buttons show colour when you configured something. Now they don’t and it looks like you didn’t configure anything.

Hope this blog helps you, if you have questions please ask.

 

 


4 Responses

  1. Mark says:

    Great article as always Rob. Certainly the case that some admins like a GUI and some like the repeatability of command line so having a choice can only be a good thing. Your GUI feedback is also helpful.

    One correction I want to make though is that with either method, both DHCP and static IP addressing are supported. With PowerShell if you want DHCP you just leave out the IP addresses and it defaults to DHCP.

  2. Vish says:

    Great Article Rob,
    Access Point is now branded as “VMware Unified Access Gateway”, so might want to update the title.
    UAG v2.9 got released with support for some new use cases and enhancements for Admin UI

  1. March 31, 2017

    […] Read the entire article here, Deploy and configure VMware Access Point with the GUI […]

  2. November 1, 2017

    […] Rob Beekmans Access Point Admin GUI Guide […]

Leave a Reply

https://tracking.cirrusinsight.com/869c29e2-3a9b-48c5-9232-0b95e7993ae8/controlup-com-pixel-php