VMware Access Point (Unified Access Gateway) – Experiences from the field
VMware is working hard to make the Access Point their unified gateway. It has been rebranded VMware Unified Gateway since version 2.9. The GUI also enables VMware AirWatch components to be configured which makes it easier to configure than before. Experiences in the field show that development is going forward and that some features are not production ready yet. I thought it might be handy if I show two of those features in a short blog. In a previous blog I wrote about the new GUI to configure the access point, read about that right here – Deploy and configure VMware Access Point with the GUI.
There are two passwords to configure when deploying.
- root account password
- admin account password
The root account is the console login account, the admin account is what you need for e.g. the web-based GUI. When you deploy the Access Point/ Unified Access Gateway with the PowerShell script it will mention if the passwords are usable. The admin password is the tricky one, it needs special characters. When you deploy GUI-based it will not tell you if the password is usable, it will deploy.
When you try to logon to the web-based GUI you will not be able to do so. It will say the credentials are incorrect, leaving you wondering. If you deployed GUI-based and you face this issue, open the console, logon with root and reset the password according to the lines below.
The password in the screenshot is only there to show that the password has to contain non-standard characters, no need to hack my lab, this is not my password.
The commands you enter (three lines in total) are;
echo ‘adminPassword=<Password>’ > /opt/vmware/gateway/conf/firstboot.properties
chown gateway /opt/vmware/gateway/conf/firstboot.properties
supervisorctl restart admin
After the restart which the last command orders, the page is available again and you can log on instantly. Easy does it.
One Tip from the field, don’t deploy with the GUI but use PowerShell so that the password is checked.
Import / Export
With the GUI you also have the ability to export the configuration in .JSON format. This file can be imported as a backup file or in other Unified Access Gateways to make easy configuration. Of course when you deploy with a PowerShell script you don’t need this import/export, the settings are done in the script.
When you want to configure the Unified Access Gateway with the GUI make sure the browser you work with is NOT Internet Explorer, I’ve seen many freaky things working with IE. I tend to use Chrome to configure.
So the error that I got was that the import failed due to the shared secret. When however I created the shared secret entry myself and then did the import all went well. The GUI is pretty new and the import and export is intended to make deployment easier as well as be a backup of the configuration.
The primary deployment method for the Unified Access Gateway is still PowerShell, the GUI did not change any of that – yet. With PowerShell you have consistency as the settings are in the file. With the GUI deployment you are facing several manual steps to get the appliance up and running. It’s doable but I would not recommend it for a production environment, I’ve been testing a lot and the experiences change.
Deploy the Unified Gateway with the PowerShell script and manage it with the GUI
one small tip is that you need to make sure you network profile is setup correctly as the Unified Access gateway is depending on that. You are not able to set the default gateway in the PowerShell script or the GUI, it will need to get that from the Network profile. If you can’t fix it on that side you can fix it manually from the appliance console. Log in with root and open YaST. open the network settings and pick routing to set the default gateway. The problem with this is that every time you redeploy you need to do this again. So get your network in order to make sure deployment is a breeze.
Hope this little blog helps some of you.. have a great day kaikki