Horizon 6.2 included a new feature when it was launched in early September – the EUC Access Gateway. This product is a hardened Linux appliance that has all of the features of the Security Server without the drawbacks of having to deploy Windows Servers into your DMZ. It will also eventually support Horizon Workspace/VMware Identity Manager.
This new Horizon component exposes the “cattle philosophy” of virtual machine management. If it stops working properly, or a new version comes out, its to be disposed of and redeployed. To facilitate this, the appliance is configured and managed using a REST API.
Unfortunately, working with this REST API isn’t exactly user friendly, especially if you’re only deploying one or two of these appliances. This API is also the only way to manage the appliance, and it does not have a VAMI interface or SSH access.
I’ve put together a PowerShell script that simplifies and automates the configuration of the EUC Access Gateway Appliances. You can download the script off of my Github site.
The script has the following functions:
- Get the appliance’s current Horizon View configuration
- Set the appliance’s Horizon View configuration
- Download the log bundle for troubleshooting
There are also placeholder parameters for configuring vIDM (which will be supported in future releases) and uploading SSL certificates.
The syntax for this script’s main features look like:
Set-EUCGateway -appliancename 10.1.1.2 -adminpassword P@ssw0rd -GetViewConfig
Set-EUCGateway -appliancename 10.1.1.2 -adminpassword P@ssw0rd -SetViewConfig -ViewEnablePCoIP -ViewPCoIPExternalIP 10.1.1.3 $ViewDisableBlast
Set-EUCGateway -appliancename 10.1.1.2 -adminpassword P@ssw0rd -GetLogBundle -LogBundleFolder c:\temp
If you have any issues deploying a config, use the script to download a log bundle and open the admin.log file. This file will tell you what configuration element was rejected.
I want to point out one troubleshooting note that my testers and I both experienced when developing this script. The REST API does not work until an admin password is set on the appliance. One thing we discovered is that there were times when the password would not be set despite one being provided during the deployment. If this happens, the script will fail when you try to get a config, set a config, or download the log bundle.
When this happens, you either need to delete the appliance and redeploy it or log into the appliance through the vSphere console and manually set the admin password.
Finally, I’d like to thank Andrew Morgan and Jarian Gibson for helping test this script and providing feedback that greatly improved the final product.