The Umbrella User Guide Developer Hub

Welcome to the Umbrella User Guide developer hub. You'll find comprehensive guides and documentation to help you start working with Umbrella User Guide as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    

Configure Virtual Appliances

Prerequisites

Virtual appliances (VAs) are deployed. For more information, see Deploy Virtual Appliances.

Enter Configuration Mode on a VA Deployed on VMware, Hyper-V, or KVM

Open the VA in your preferred hypervisor's console, and you'll see a configuration menu. As seen in the lower right corner, the system time is set to UTC by default. This will not affect your DNS, network, or hypervisor.

To access the VA console efficiently, use a native application (such as VMware vSphere Client, VMware Remote Console, or RDP)

If you have deployed the VA in a network that supports DHCP, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IP. This IP address appears on the configuration as well as the Umbrella dashboard.

  1. Press Ctrl+B and when prompted, provide a password for configuration changes.
    Tip: Using the numbers lock or the number pad on your keyboard may return incorrect characters. You must change the password when you enter Configuration Mode. Your password must be at least eight characters long, include at least one lowercase character, one uppercase character, one digit, and one special character. Your password cannot be the same as your last password.
    Note: Umbrella<*OrgID*> should be set as the default password for the VA. Your Org ID can be retrieved from the dashboard URL in your address bar. For example, if your Org ID is 2406960, the default password for the VA would be Umbrella2406960. For more information about the Umbrella Org ID, see Find Your Organization ID.
  2. Optionally, enable remote configuration of this VA over SSH, enter config va ssh enable
  3. If you have enabled SSH, you can now remotely connect to the VA over SSH and enter Configuration Mode after authentication. Enter ssh [email protected]<VA’s IP address>
    Note: Configuration mode does not support concurrent access by more than two users.

Enter Configuration Mode on a VA Deployed in Azure, AWS, Or Google Cloud Platform

A VA can be deployed in Azure with either a static IP address or a DHCP IP address. If you do not specify a static IP address at the time of deployment, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IP address. Umbrella lists this IP address as the name of the VA on the dashboard.

In the case of AWS and Google Cloud Platform, the VA is automatically assigned a DHCP IP address and registers to Umbrella using this IPO address. Umbrella lists this IP address as the name of the VA on the dashboard.

  1. Connect to the VA’s static or DHCP IP address over SSH. Enter ssh [email protected]<VA’s IP address>

SSH access to the VA requires authentication:

  • Enter the default password:
    To retrieve the default password, navigate to Deployments > Configuration > Sites and Active Directory and click Download Components.
    Umbrella prompts you to change the password the first time you log into Configuration Mode.

Your password must be at least eight characters long, include at least one lowercase character, one uppercase character, one digit, and one special character. Your password cannot be the same as your last password.

Note: Configuration mode does not support concurrent access by more than two users.

Configure the VA Through Configuration Mode

Configuring the VA involves configuring the name, IP details, and local DNS servers. It is mandatory to configure the name and IP, netmask, and gateway (unless already configured). Failing to do this results in the VA not being able to register to Umbrella.

In addition to an IPv4 address, you can also configure the VA with an IPv6 address. Endpoints with an IPv6 address can use the VA for DNS resolution, and the internal IPv6 address of the endpoint will be reported in Umbrella. Active Directory integration is currently not supported for IPv6 endpoints.

Field
Description

Name*

The name associated with the VA in your Umbrella dashboard. This is a friendly name, similar to a hostname for a computer or server. If you have multiple hypervisor hosts, appending or prepending numbers or letters to indicate the local hypervisor host is advised.

  1. To configure the name, enter config va name <name>

IP, Netmask, and Gateway*

Give the VA a local, static IP address on the same network as your endpoints which will utilize the VAs for DNS resolution.
Note: Configuring an IPv4 address is mandatory. Configuring an IPv6 address is optional and will not overwrite the IPv4 address configuration.

  1. To configure the IP, Netmask, and Gateway for the VA, enter: config va interface <ipaddress> <netmask> <gateway>
  1. To configure an IPv6 address on your VA, enter: config va interface6 <ipv6 address>/<prefix> <ipv6-gateway>

For example: config va interface6 2011:0db8:85a3:1001:1000:8a2e:1370:7334/128 fe80::2222

Local DNS 1 through 6

Enter the local IPs of your existing local DNS servers. Often these are your Windows Servers with the DNS Server role installed. These are the servers that will receive the local DNS queries. You can enter IPv4 and/or IPv6 addresses here. For more information, see Local DNS Forwarding.

  1. To configure up to six local DNS servers, enter config va localdns <localdns1> <localdns2> … <localdns6>

Note: Each configuration overrides any previous configuration.

*Mandatory parameters for the VA.

If you have entered the Configuration Mode over SSH, to validate status, enter config va status

If tests complete without error, the next step is to verify that the VA syncs within the Umbrella dashboard.

In Umbrella, navigate to Deployments > Configuration > Sites and Active Directory. You should see your VAs listed with the name you gave it earlier in the VA Console configuration.

Troubleshooting

Did the VA register correctly and shows no errors? Skip this section and repeat steps for the second VA.

For a VA deployed on VMware or Hyper-V, if you receive any error messages, press Tab to navigate to the test and then press Enter/Return to pop up the error for more information. In the following example, the VA is unable to reach Umbrella through 443/TCP to register with the Umbrella dashboard.

If you can identify and resolve the issue—almost always a firewall issue—tests will continue to run in the background and the test will subsequently succeed without intervention. If you'd like to ensure the tests are run successfully, reboot the VA. Navigate to the System Menu by pressing CTRL+S.

If you're unable to determine the reason for the VA errors, double-check that your firewall rules meet Prerequisites, or contact Support.

Repeat Steps for the Second VA

Repeat the above steps to configure a second VA. A second VA is required for continuous operation, high availability, and automatic upgrades. As mentioned previously, do not clone the first VA. Umbrella will not recognize a cloned VA.

Warning

Umbrella VAs cannot be cloned. Ensure that your second VA is set up manually. Umbrella will not recognize a cloned VA.

Note: Azure AD Domain Services is currently not supported. For identity integration with the VA, the AD Connector and Domain Controllers should be deployed as VMs in Azure. Alternately, these components can be deployed on-premise provided there is an ExpressRoute or MPLS connection over which the AD Connector can communicate with the VA in Azure.


Deploy VAs in KVM < Configure Virtual Appliances > Local DNS Forwarding

Updated 4 months ago

Configure Virtual Appliances


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.