The Umbrella Documentation Hub

Welcome to the Umbrella documentation hub. Here you'll find access to all of our Cisco Umbrella user guides.

Get Started    

Configure Virtual Appliances

Table of Contents

Prerequisites

Virtual appliances (VAs) are deployed. For more information, see Deploy Virtual Appliances.

Enter Configuration Mode on a VA Deployed on VMware, Hyper-V, or KVM

When you open the VA in your preferred hypervisor's console, and you'll see a configuration menu. As seen in the lower right corner, the system time is set to UTC by default. This will not affect your DNS, network, or hypervisor.

Note: To access the VA console efficiently, use a native application (such as VMware vSphere Client, VMware Remote Console, or RDP)

If you have deployed the VA in a network that supports DHCP, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IP. This IP address appears on the configuration as well as the Umbrella dashboard.

  1. Press Ctrl+B and when prompted, provide a password for configuration changes.
    Tip: Using the numbers lock or the number pad on your keyboard may return incorrect characters. You must change the password when you enter Configuration Mode. Your password must be at least eight characters long, include at least one lowercase character, one uppercase character, one digit, and one special character. Your password cannot be the same as your last password.
    Note: Umbrella<*OrgID*> should be set as the default password for the VA. Your Org ID can be retrieved from the dashboard URL in your address bar. For example, if your Org ID is 2406960, the default password for the VA would be Umbrella2406960. For more information about the Umbrella Org ID, see Find Your Organization ID.
  2. Optionally, enable remote configuration of this VA over SSH, enter config va ssh enable
  3. If you have enabled SSH, you can now remotely connect to the VA over SSH and enter Configuration Mode after authentication. Enter ssh [email protected]<VA’s IP address>
    Note: Configuration mode does not support concurrent access by more than two users.

Enter Configuration Mode on a VA Deployed in Azure, AWS, or Google Cloud Platform

A VA can be deployed in Azure with either a static IP address or a DHCP IP address. If you do not specify a static IP address at the time of deployment, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IP address. Umbrella lists this IP address as the name of the VA on the dashboard.

In the case of AWS and Google Cloud Platform, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IPO address. Umbrella lists this IP address as the name of the VA on the dashboard.

  1. Connect to the VA’s static or DHCP IP address over SSH. Enter ssh [email protected]<VA’s IP address>
    SSH access to the VA requires authentication:
  2. Enter the default password:
    To retrieve the default password, navigate to Deployments > Configuration > Sites and Active Directory and click Download Components.
    Umbrella prompts you to change the password the first time you log into Configuration Mode. Your password must be at least eight characters long, include at least one lowercase character, one uppercase character, one digit, and one special character. Your password cannot be the same as your last password.

Note: Configuration mode does not support concurrent access by more than two users.

Configure the VA Through Configuration Mode

Configuring the VA involves configuring the name, IP details, and local DNS servers. It is mandatory to configure the name and IP, netmask, and gateway (unless already configured). Failing to do this results in the VA not being able to register to Umbrella.

In addition to an IPv4 address, you can also configure the VA with an IPv6 address. Endpoints with an IPv6 address can use the VA for DNS resolution, and the internal IPv6 address of the endpoint will be reported in Umbrella. Active Directory integration is currently not supported for IPv6 endpoints.

Field
Description

Name*

The name associated with the VA in your Umbrella dashboard. This is a friendly name, similar to a hostname for a computer or server. If you have multiple hypervisor hosts, appending or prepending numbers or letters to indicate the local hypervisor host is advised.

  1. To configure the name, enter config va name <name>

IP, Netmask, and Gateway*

Give the VA a local, static IP address on the same network as your endpoints which will utilize the VAs for DNS resolution.
Note: Configuring an IPv4 address is mandatory. Configuring an IPv6 address is optional and will not overwrite the IPv4 address configuration.

  1. To configure the IP, Netmask, and Gateway for the VA, enter: config va interface <ipaddress> <netmask> <gateway>
  1. To configure an IPv6 address on your VA, enter: config va interface6 <ipv6 address>/<prefix> <ipv6-gateway>

For example: config va interface6 2011:0db8:85a3:1001:1000:8a2e:1370:7334/128 fe80::2222

Local DNS 1 through 6

Configure your local DNS servers that will receive DNS queries for internal domains. These are usually your Windows Servers with the DNS server role installed. You can enter IPv4 and/or IPv6 addresses here. For more information and commands to configure local DNS servers, see Configure Local DNS Servers on the VA.

*Mandatory parameters for the VA.

If you have entered the Configuration Mode over SSH, to validate status, enter config va status
If tests complete without error, the next step is to verify that the VA syncs within the Umbrella dashboard.

In Umbrella, navigate to Deployments > Configuration > Sites and Active Directory. You should see your VAs listed with the name you gave it earlier in the VA Console configuration.

Add a Second VA

Repeat the above steps to configure a second VA. A second VA is required for continuous operation, high availability, and automatic upgrades. As mentioned previously, do not clone the first VA. Umbrella will not recognize a cloned VA.

Warning

Umbrella VAs cannot be cloned. Ensure that your second VA is set up manually. Umbrella will not recognize a cloned VA.

Note: Azure AD Domain Services is currently not supported. For identity integration with the VA, the AD Connector and Domain Controllers should be deployed as VMs in Azure. Alternately, these components can be deployed on-premise provided there is an ExpressRoute or MPLS connection over which the AD Connector can communicate with the VA in Azure.


Deploy VAs in Nutanix <Configure Virtual Appliances > Local DNS Forwarding

Updated 11 days ago

Configure Virtual Appliances


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.