7.0
Table Of Contents
- Deploying and Configuring Access Point
- Contents
- Deploying and Configuring Access Point
- Introduction to Access Point
- System Requirements and Deployment
- Configuring Access Point
- Collecting Logs from the Access Point Appliance
- Setting Up Smart Card Authentication
- Setting Up Two-Factor Authentication
- Index
Configuring Access Point 3
You use the Access Point REST API to configure Access Point.
IMPORTANT After deployment, the first configuration task is to configure the clock (UTC) on the
Access Point appliance so that the appliance has the correct time. For example, open a console window on
the Access Point virtual machine and use arrow buttons to select the correct time zone. Also verify that the
ESXi host's time is synchronized with an NTP server, and verify that VMware Tools, which is running in the
appliance virtual machine, synchronizes the time on the virtual machine with the time on the ESXi host. Use
vCenter Server, rather than the REST API for this configuration task.
This chapter includes the following topics:
n
“Using the Access Point REST API,” on page 31
n
“Configuring TLS/SSL Certificates for Access Point Appliances,” on page 40
n
“Configuring the Secure Gateways Used with the View Edge Service,” on page 44
Using the Access Point REST API
To change or add configuration settings after you deploy the Access Point appliance, you can either use the
Access Point REST API or you can deploy the appliance again, using different settings.
The specification for the Access Point REST API is available at the following URL on the virtual machine
where Access Point is installed: https://access-point-appliance.example.com:9443/rest/swagger.yaml
You can use any REST client application, such as curl or postman. For example, the following command uses
a curl client to retrieve the Access Point configuration:
curl -k -u 'admin:P@ssw0rd' https://access-point-appliance.example.com:
9443/rest/v1/config/settings
In this example, P@ssw0rd is the password for the admin user and access-point-appliance.example.com is the
fully qualified domain name of the Access Point appliance. As a best practice with regards to security, you
can omit the password for the admin user from any scripts. When the password is omitted, the curl
command prompts you for the password and ensures that no passwords are inadvertently stored in script
files.
You also use JSON requests to invoke the Access Point REST API and make configuration changes. The
following example shows a configuration JSON for the View edge service. You could use the PUT method
for this request:
{
"identifier": "VIEW",
"enabled": true,
"proxyDestinationUrl": "https://192.0.2.1",
VMware, Inc.
31