How to Deploy VMware UAG to Azure

The slow march to the Cloud!

You’ve downloaded the Azure Unified Access Gateway Appliance from VMware, you’ve downloaded the UAG Powershell scripts along with it and all you are getting are errors when deploying. Let me show you what worked for me. [Spoiler Alert: I had to update all of the PowerShell scripts from VMware, so now you don’t have to!]

Step one of this process is to download the UAG appliance and grab the PowerShell script bundle. You can find the latest VMware code on VMware’s site (be sure to choose the Azure-based one) and grab the updated PowerShell script from my GitHub repo.

This new PS1 file will be the file you use to kick off the other scripts from the VMware download. You can just dump it with the other PS files from VMware (overwriting the existing UAGDeployAZ.PS1 if you want).

GitHub Usage

Since GitHub is a crowdsourcing platform, feel free to submit Pull Requests if you see better ways of doing the PowerShell. I’m no expert and did my best to update a functional script but I am sure more elegance could be added to the routines.

Once all the files have been downloaded, you then have to make sure you are running at least PowerShell version 6. For me, I opted for PowerShell v7. You can find that on GitHub as well.
https://github.com/PowerShell/PowerShell/releases/tag/v7.1.0-preview.5

You can verify your PowerShell version with the following command
$PSVersionTable.PSVersion

You then need to download the updated AZ Modules and Set Execution Policies.

#Be sure to Run PowerShell as an Administrator
if ($PSVersionTable.PSEdition -eq 'Desktop' -and (Get-Module -Name AzureRM -ListAvailable)) {
    Write-Warning -Message ('Az module not installed. Having both the AzureRM and ' +
      'Az modules installed at the same time is not supported.')
} else {
    Install-Module -Name Az -AllowClobber -Scope AllUsers
}
# This Sets Execution policy to allow running the PS files you just downloaded from the internet.
Set-ExecutionPolicy Bypass -Scope Process
#This sets up the Aliases if necessary
Enable-AzureRmAlias -Scope CurrentUser

Once complete, you now need to authenticate with Azure. This will also happen directly from the Deployment script but I found connecting beforehand allowed me to troubleshoot a little better.
Connect-AzAccount

This will bring up dialog instructing you to go to https://microsoft.com/devicelogin to log in with your credentials and enter the code from the dialog string. [If you have ever activated a Streaming service on Roku, this will seem familiar]. If successful, you will see the following screen:

You are now authenticated and connected to the Azure cloud via your PowerShell session.

For Azure prerequisites, we had to create the following objects in Azure manually:
1) Storage Account
2) External IP address object
3) Security Group object for Firewall Rules
4) VM Network object

With these in place, we then had to upload the UAG VHD to Azure using the following PowerShell commands. Be sure to replace ‘uagstorecarlouagtest’ with the name of the Storage Account you created above. Also, the Path and filenames should match the versions you downloaded.

$imageURI = "https://uagstorecarlouagtest.blob.core.windows.net/vhds/euc-unified-access-gateway-3.9.0.0-15751318_OVF10.vhd"
$imagePath = "D:\UAG\euc-unified-access-gateway-3.9.0.0-15751318_OVF10.vhd"
Add-AzVhd -ResourceGroupName uagrg -LocalFilePath $imagePath -Destination $imageURI -NumberOfUploaderThreads 32
You can use the Storage Explorer in Azure to verify path and upload

With all the pieces in place, you can now proceed to set up the standard UAG deployment ini file. For Azure, there is a new [Azure] section which requires the following new pieces of information:
Subscription ID, Resource Group Name, Location, Storage Account Name, Azure Network Name, SubnetName, Network Security Group Name

It may seem like a lot of steps compared to a normal UAG deployment but once you have all the pieces, it was really straight-forward and fast. The configuration above is a pretty barebones install (single NIC) but like a normal UAG deployment, you can further extend the INI file to include IP information and Horizon configurations as well.

Happy Cloud Deployment!
Carlo

TAGS