How to deploy VMware Access Point 2.8

The recently release VMware access point 2.8 has some changes in the deploy mechanism.
Previously the only way to deploy was via power shell and OVF but you had to use JSON to do changes after deployment.

In 2.8 you can now deploy it with a OVF template and you get access to a nifty admin web interface.
Access Point is packaged as an OVF and is deployed onto a vSphere ESX or ESXi host as a pre-configured virtual appliance.

Access Point kan be deployed in two primary methods.

The vSphere Client or vSphere Web Client can be used to deploy the Access Point OVF template. You are prompted for basic settings, including the NIC deployment configuration, IP address, and management interface passwords. After the OVF is deployed, log in to the Access Point admin user interface to configure Access Point system settings, set up secure edge services in multiple use cases, and configure authentication in the DMZ. See Deploy Using the OVF Template Wizard.
PowerShell scripts can be used to deploy Access Point and set up secure edge services in multiple use cases. You download the zip file, configure the PowerShell script for your environment, and run the script to deploy Access Point. See Using PowerShell to Deploy the Appliance.

So how to deploy it?
Load up your OVF template.screen-shot-2016-12-01-at-08-52-29

Select a name and location.screen-shot-2016-12-01-at-08-52-36

Select a resource
screen-shot-2016-12-01-at-08-52-43

Review your actions.
screen-shot-2016-12-01-at-08-53-02

Select a NIC configuration, this can be SIngle, Two or Three NIC.
screen-shot-2016-12-01-at-14-02-41

Select your storage flavour.screen-shot-2016-12-01-at-08-53-35

Set your networks, depend on the NIC choices you define your networks here, say DMZ, Management and LAN in case of a 3 NIC.
screen-shot-2016-12-01-at-08-53-45

Fill in your IP configurations, in IPMode it is necessary to choose a correct mode by filling in STATICV4 or STATICV6. You need to define your routes and forward rules if you are deploying a 2 or 3 Nic setup. With one Nic this is not needed.
Also fill in your root and admin passwords.

BE AWARE: If your password does not meet the required complexity, the deployment will accept it but you will be unable to login to the admin interface!

screen-shot-2016-12-01-at-08-54-28

Upload and let it deploy. When done you need to power up this sucker and check if all works.
On first boot it will customise the deployment on your inputted information.

screen-shot-2016-12-01-at-13-31-34

Log in to the Access Point admin user interface (UI) and configure the desktop and application resources to allow remote access from the Internet through Access Point and the authentication methods to use in the DMZ. The administration console URL is in the format https://<mycoAccessPointappliance.com:9443/admin/index.html.

Access

Access Point

BE AWARE: If your password does not meet the required complexity, the deployment will accept it but you will be unable to login to the admin interface!

This can be solved by resetting the Admin password via the console (If your root password works otherwise #redeploy)

echo 'adminPassword=P@ssw0rd' > /opt/vmware/gateway/conf/firstboot.properties
chown gateway /opt/vmware/gateway/conf/firstboot.properties
supervisorctl restart admin

When logged in you get two choices. Import Settings and Configure Manually
screen-shot-2016-12-01-at-14-41-55

See all nice options when you want to configure it manually:
screen-shot-2016-12-01-at-14-43-37

To configure Horizon, enable edge service settings:
screen-shot-2016-12-01-at-14-47-49

And fill in the required settings like the connection server url and the certificate thumbprint of that connection server.
screen-shot-2016-12-01-at-14-47-55

To enable blast tunneling, enable blast with a 443 url and enable tunnel with the same url.
Then disable the tunnel and blast url in the connection server.

To Enable the admin interface trough the access point you need to add this proxy pattern: /|/admin(.*)

So that’s it for now. The admin interface might be a nice add-on for people who are not into JSON or PowerShell.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.