-
Notifications
You must be signed in to change notification settings - Fork 6
/
Copy pathUAGDeployTemplate.ini
191 lines (159 loc) · 5.44 KB
/
UAGDeployTemplate.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
[General]
#
# UAG virtual appliance unique name (between 1 and 32 characters).
# If name is not specified, the script will prompt for it.
#
name=[SERVERNAME]
#
# Full path filename of the UAG .ova virtual machine image
# The file can be obtained from VMware
#
source=C:\UAGDeploy\uag-2012.ova
#
# target refers to the vCenter username and address/hostname and the ESXi host for deployment
# Refer to the ovftool documentation for information about the target syntax.
# See https://www.vmware.com/support/developer/ovf/
# PASSWORD in upper case results in a password prompt during deployment so that passwords do not need
# to specified in this .INI file.
# In this example, the vCenter username is [email protected]
# the vCenter server is 192.168.0.21 (this can be a hostname or IP address)
# the ESXi hostname is esx1.myco.int (this can be a hostname or IP address)
#
target=vi://DOMAIN\USERNAME:PASSWORD@VSPHERE/DATACENTER/FOLDER/ESXI
#
# vSphere datastore name
#
ds=[DATASTORE]
#
# Disk provisioning mode. Refer to OVF Tool documentation for options.
#
diskMode=thin
#
# vSphere Network names. For pre 3.3 UAG versions, a vSphere Network Protocol Profile (NPP) must be associated with every referenced network name. This specifies
# network settings such as IPv4 subnet mask, gateway etc. UAG 3.3 and newer no longer uses NPPs and so for static IPv4 addresses a netmask0, netmask1 and netmask2
# value must be specified for each NIC. Normally a defaultGateway setting is also required.
#
netInternet=[NETWORKNAME]
netManagementNetwork=[NETWORKNAME]
netBackendNetwork=[NETWORKNAME]
deploymentOption=onenic-large
ip0=[IPADDRESS]
netmask0=[NETMASK]
defaultGateway=[GATEWAY]
#deploymentOption=twonic
#ip0=192.168.0.90
#netmask0=255.255.255.0
#ip1=192.168.0.91
#netmask1=255.255.255.0
#deploymentOption=threenic
#ip0=192.168.0.90
#netmask0=255.255.255.0
#ip1=192.168.0.91
#netmask1=255.255.255.0
#ip2=192.168.0.92
#netmask2=255.255.255.0
dns=[DNS1] [DNS2]
folder=[VM FOLDER PATH]
#syslogUrl=syslog://server.example.com:514
#
# Setting honorCipherOrder to true forces the TLS cipher order to be the order specified by the server. This can be set on
# UAG 2.7.2 and newer to force the Forward Secrecy ciphers to be presented first to improve security.
#
sshKeyAccessEnabled=false
fipsEnabled=false
sysLogType=UDP
uagName=[SERVERNAME]
clockSkewTolerance=600
locale=en_US
tls12Enabled=true
ipMode=STATICV4
requestTimeoutMsec=0
tls11Enabled=false
clientConnectionIdleTimeout=360
tls10Enabled=false
adminCertRolledBack=false
ntpServers=[NTPSERVER]
cookiesToBeCached=*
snmpEnabled=false
healthCheckURL=/favicon.ico
quiesceMode=false
sshEnabled=true
sshPasswordAccessEnabled=true
syslogUrl=[SYSLOGSERVER]
isCiphersSetByUser=false
tlsPortSharingEnabled=true
ceipEnabled=false
bodyReceiveTimeoutMsec=0
monitorInterval=60
maxConnectionsAllowedPerSession=16
cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
adminPasswordExpirationDays=0
httpConnectionTimeout=120
isTLS11SetByUser=false
sessionTimeout=36000000
ssl30Enabled=false
fallBackNtpServers=[NTPSERVER.2]
honorCipherOrder=true
[SSLCert]
#
# From UAG 3.0 and newer, you can specify the name of a .pfx or .12 format certificate file containing the required certificate and private key and
# any required intermediate certificates. In this case there is no need to use openssl commands to convert the .pfx/.p12 file into the
# associated PEM certificates file and PEM private key file.
#
pfxCerts=[CERTPATH]
#
# If there are multiple SSL certificates with private key in the .pfx file you also need to specify an alias name in order to select the required certificate.
# This is not necessary if there is only one SSL certificate with private key in the file
#
#pfxCertAlias=alias1
#
# The following pemCerts and pemPrivKey settings are only needed if you don't have a .pfx/.p12 file and want to directly use the two PEM format files.
#
# pemCerts refers to a PEM format file containing the SSL server certificate to be deployed. The file should also contain any
# required intermediate CA and root CA certificates.
#
#pemCerts=sslcerts.pem
#
# pemPrivKey refers to a file containing the RSA PRIVATE KEY for the SSL server certificate in the above certificate file.
#
#pemPrivKey=sslcertrsakey.pem
#
# From UAG 3.2 and newer, you can specify a certificate for the admin interface on port 9443. It is in the same format as [SSLCert] above.
#
[SSLCertAdmin]
pfxCerts=[CERTPATH]
#pemCerts=sslcerts.pem
#pemPrivKey=sslcertrsakey.pem
[Airwatch]
tunnelGatewayEnabled=true
apiServerUrl=
apiServerUsername=
apiServerPassword=
organizationGroupCode=
airwatchServerHostname=
ntlmAuthentication=false
healthCheckURL=/favicon.ico
airwatchOutboundProxy=false
reinitializeGatewayProcess=false
[AirwatchSecureEmailGateway]
memConfigurationID=
apiServerUsername=
trustedCert1=
trustedCert2=
ntlmAuthentication=false
healthCheckURL=/favicon.ico
apiServerUrl=
airwatchOutboundProxy=
apiServerPassword=
reinitializeGatewayProcess=
airwatchServerHostname=
[AirwatchContentGateway]
cgConfigId=
apiServerUsername=
trustedCert1=
ntlmAuthentication=false
apiServerUrl=
airwatchOutboundProxy=false
apiServerPassword=
reinitializeGatewayProcess=false
airwatchServerHostname=