How to Deploy VMware UAG to Azure
You’ve downloaded the Azure Unified Access Gateway Appliance from VMware, you’ve downloaded the UAG Powershell scripts along with it and all you are getting are errors when deploying. Let me show you what worked for me. [Spoiler Alert: I had to update all of the PowerShell scripts from VMware, so now you don’t have to!]
Step one of this process is to download the UAG appliance and grab the PowerShell script bundle. You can find the latest VMware code on VMware’s site (be sure to choose the Azure-based one) and grab the updated PowerShell script from my GitHub repo.
This new PS1 file will be the file you use to kick off the other scripts from the VMware download. You can just dump it with the other PS files from VMware (overwriting the existing UAGDeployAZ.PS1 if you want).
Once all the files have been downloaded, you then have to make sure you are running at least PowerShell version 6. For me, I opted for PowerShell v7. You can find that on GitHub as well.
https://github.com/PowerShell/PowerShell/releases/tag/v7.1.0-preview.5
You can verify your PowerShell version with the following command
$PSVersionTable.PSVersion
You then need to download the updated AZ Modules and Set Execution Policies.
#Be sure to Run PowerShell as an Administrator
if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
'Az modules installed at the same time is not supported.')
} else {
Install-Module -Name Az -AllowClobber -Scope AllUsers
}
# This Sets Execution policy to allow running the PS files you just downloaded from the internet.
Set-ExecutionPolicy Bypass -Scope Process
#This sets up the Aliases if necessary
Enable-AzureRmAlias -Scope CurrentUser
Once complete, you now need to authenticate with Azure. This will also happen directly from the Deployment script but I found connecting beforehand allowed me to troubleshoot a little better.
Connect-AzAccount
This will bring up dialog instructing you to go to https://microsoft.com/devicelogin to log in with your credentials and enter the code from the dialog string. [If you have ever activated a Streaming service on Roku, this will seem familiar]. If successful, you will see the following screen:
You are now authenticated and connected to the Azure cloud via your PowerShell session.
For Azure prerequisites, we had to create the following objects in Azure manually:
1) Storage Account
2) External IP address object
3) Security Group object for Firewall Rules
4) VM Network object
With these in place, we then had to upload the UAG VHD to Azure using the following PowerShell commands. Be sure to replace ‘uagstorecarlouagtest’ with the name of the Storage Account you created above. Also, the Path and filenames should match the versions you downloaded.
$imageURI = "https://uagstorecarlouagtest.blob.core.windows.net/vhds/euc-unified-access-gateway-3.9.0.0-15751318_OVF10.vhd" $imagePath = "D:\UAG\euc-unified-access-gateway-3.9.0.0-15751318_OVF10.vhd" Add-AzVhd -ResourceGroupName uagrg -LocalFilePath $imagePath -Destination $imageURI -NumberOfUploaderThreads 32
With all the pieces in place, you can now proceed to set up the standard UAG deployment ini file. For Azure, there is a new [Azure] section which requires the following new pieces of information:
Subscription ID, Resource Group Name, Location, Storage Account Name, Azure Network Name, SubnetName, Network Security Group Name
It may seem like a lot of steps compared to a normal UAG deployment but once you have all the pieces, it was really straight-forward and fast. The configuration above is a pretty barebones install (single NIC) but like a normal UAG deployment, you can further extend the INI file to include IP information and Horizon configurations as well.
Happy Cloud Deployment!
– Carlo