AppM Gateway - One click deploy

Juriba offer a one click deploy template to create the desktop gateway infrastructure for use with AppM. The desktop gateway is used to facilitate access between the main AppM application and guest VM's by creating a set of resources which allows communication to Guest VM's on a private subnet. The one click deploy template creates a Container Instance, Azure Web App and all associated networking infrastructure to setup connectivity quickly and easily. However customers are not required to use the one click deploy template. If they want to consume the container images individually leveraging a different container engine/runtime the images can be pulled from here:

• AppM Gateway
  • Note that later versions of this image include guacamole-server (GUACD), use 127.0.0.1 within the AppM configuration.
• Guacd

Gateway infrastructure

Usage

1. To use the one click deploy template click the "Deploy to Azure" below:

• 
• 

2. Basics

   The initial tab allows you to select which Azure subscription you want to deploy into. You can also select an existing resource group or create a new one.

   • Region - This will be the geographical location of the resources. Any virtual machines will also need to be deployed into the matching region.
   • Juriba suggests creating a new resource group with a relevant name so that there is a clear separation for these Azure resources.

   

3. Networking

   The networking tab allows you to select an existing network or create a new virtual network. By default a new virtual network and subnets are created, however using the drop down menu you can select an existing network held within your Azure subscription. The virtual network requires two subnets, one for gateway webapp and one guest virtual machines. You can also amend the Network Security Group names on this page if required.

   • Juriba suggests creating a new network as the subnet settings will overwrite any existing subnets held within the network selected.

   - Any subnets on an existing network will be removed!

   

4. AppM Desktop Gateway

   The third panel askes for configuration relating to the configuration of the gateway.

   • AppM Website Address - This will be the web address you use to access AppM. This should not include anything after the first / within the url.
   • AppM Version - This is the version of AppM being run, currently this will always default to latest.
   • Gateway WebApp Name This is the name of the resource craated within azure that you want to use for your desktop gateway. By default this is exposed to the internet with the azurewebsites.net suffix. Once entered please click out of the entry box, this will start a check to ensure that address is available. If available you will see a green tick, otherwise you will receive an error message (examples below).
   • Juriba suggests that the Azure Web Application (Desktop Gateway) is configured with private networking or IP restrictions to further secure the gateway.

   

   

   The Encryption Key can be obtained from the main AppM application under System > Integrations > Desktop Gateways.

   Enter the details that you know here and then click update. You will need to append the address with "/vnc/tunnel". So if your Gateway WebApp address is mygatewaywebapp.azurewebsites.net then you will need to enter https://mygatewaywebapp.azurewebsites.net/vnc/tunnel for example. You wil not be able to test connection at this point as we have not completed the desktop gateway deployment. Once you have clicked update an encryption hex key will be created for you. Please enter this into the Encryption key fields.

   

   The final fields for Username and Password will need to be filled in. These details won't be needed for general AppM usage but may be needed when troubleshooting connectivity issues between AppM and Guest VM's. Please store these details securely should you need them in the future.

   

5. Review and create

   Once all details have been entered then click Review+create to deploy all objects.

   Once complete then you can view your Web App details from the Overview page.

   

   The web App will only accept connections from your AppM application. This be verified within the CORS section

   

6. Retrospectively update the encryption key

   Within the main AppM application under System > Integrations > Desktop Gateways please update with correct IP and test connectivity, if you are using the latest gateway container this ip can be set to 127.0.0.1. This should come back as successful. If you had to make a change to this then a new hex encryption key will be generated, be sure to update your gateway with this encryption key!

   

   If you need to change your Encryption Hex key or login details then these can be updated from the Configuration section of of your Web App.