The following will illustrate the deployment of EUC Access Point 2.5. Version 2.5 supports Horizon 7 and can be used instead of Windows Security servers. Using Access Point over Security servers has it benefits such as all connections to the internal View connection servers is done via 443 and there isnt a 1-1 pairing, but its not for everyone, the install and manageability might put people of.
Deployment guide can be found below, it relates to 2.0 but a lot of the deployment is the same.
For more information Carl Stalhood has done a fantastic blog on Access Points see here
Aside from Carl’s blog there isnt a lot of information out there so hopefully the following will add to it.
First you must create a Network Protocol Profile, you need this to add settings such as default gateway and subnet mask to the deployment. Open the vCenter Web Client - Host and clusters - vCenter - Datacentre - Manage - Network Protocol Profiles - Add
Add a IP range, gateway address and DNS server/s. Leave IP pool settings
Add any relevent IPv6 settings and DNS domain settings
Now deploy the downloaded .ovf file, in this example I will be using the VI client. Give the appliance and name and cluster location. Choose to either have 1, 2 or 3 NICs. In my example I will only be using the 1 NIC but its recommended to run the appliance in a DMZ so you will need more NICs. Depending on how many NICs you choose you then need to match the source network up with a destination network.
Add an IP address for the appliance along with root and admin account details. Using version 2.5 the deployment wizard allows you to add the Horizon details, previous version it had to be configured post deployment.
Adding the certificate thumbprint is critical. Open the certificate that will be present externally Properties - Details - Thumbprint
Copy the thumbprint into Horizon Server Thumbprint. You must add “sha1=” in front of the thumbprint. When you add this to the wizard it seems to add a hidden character between sha1= and the thumbprint. Make sure you move the cursor back along and make sure the hidden character is removed or the certificate will not be applied.
Power on the appliance and allow it to boot up. For me the IP address never applied as it conflicted with another address and it ended up with a DHCP address. To change the IP address post deployment log in as root and run the following
/opt/vmware/share/vami/vami_config_net
If you have any issues with deployment you can access the admin.log file by browsing the the following
/opt/vmware/gateway/logs
If all looks well you can browse the following
https://IP_address:9443/rest/swagger.yaml
You are now ready to test external View access. If the certificates need to be changed post deployment I have done another post here