Deploy VAs in KVM
Two virtual appliances (VAs) are required for each Umbrella site. It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.
Table of Contents
Prerequisites
- Full Admin user role. For more information, see Manage Accounts.
- For information about the requirements for deploying Umbrella VAs, see Prerequisites.
- A Linux system with qemu-utils package installed
- Only VAs running 2.5 or above can be deployed in KVM
- VA deployment is supported only on KVM on supported Red Hat Linux and Ubuntu Linux versions
(Optional) Configure Authentication for the Virtual Appliances
- For more information, see Configure Authentication for Virtual Appliances.
Procedural Overview
1. Create the qcow2 files for KVM
Download the software package for the Umbrella Virtual Appliance.
When you download the software package for the VA and if you did not configure API key credentials for your AD Connectors and VAs, Umbrella displays a warning message. We recommend that you configure API keys for your AD Connectors and Umbrella VAs. For more information, see Configure Authentication for Virtual Appliances.
a. Navigate to Deployments > Configuration > Sites and Active Directory and click Download.
b. Click Download for VA VMWare ESXi.
Umbrella generates and downloads a .tar file unique to your deployment.
This tar file includes:
- an .ova template containing the virtual hard disks that need to be deployed on KVM
- a signature file
- a Cisco public certificate to validate the signature
- a readme file
c. Extract the contents of the tar file using the command
tar –xvf <
.
To verify the integrity of the downloaded file, validate the signature by following the instructions provided in the readme file. When successful, you should see a message saying “Verified OK."d. Extract the downloaded.ova file to retrieve the vmdk files.
e. Use the qemu-img convert commands to convert each of the vmdk files to the qcow2 format.
qemu-img convert -f vmdk -O qcow2 forwarder-va.vmdk forwarder-va.qcow2
qemu-img convert -f vmdk -O qcow2 dynamic.vmdk dynamic.qcow2
f. Copy both the qcow2 files on your Linux system running KVM.
Note: Deploying the VA results in a modification of the source qcow2 files. Thus, you must copy the qcow2 files each time you deploy a new VA.
2. Launch the Virtual Appliance on KVM
a. Open the Virtual Machine Manager on your Linux system running KVM and click Create a new virtual machine.
b. In the first step of the wizard, choose Import existing disk image.
c. Provide the existing storage path to your forwarder-va.qcow2. Set the OS type to Linux and click Forward.
d. Set the memory and CPU settings to at least 1 CPU and 1 GB RAM and click Forward.
e. In the last step of the wizard, select Customize configuration before install and then click Finish.
f. Select Add Hardware.
g. Select Storage, add or create custom storage, add the dynamic disk, and then click Finish.
You should then see two disks.
h. Click Begin installation to create the VA.
i. If your network supports DHCP, the VA will get auto-configured with a DHCP IP address and will register to Umbrella using this IP. You can configure the VA on KVM through two mechanisms:
- Press Ctrl+B on the VA console and entering the Configuration mode.
Or - Initiate an SSH connection to the DHCP IP—this IP can be retrieved from the Umbrella dashboard—and enter Configuration mode.
You can now configure the VA. For information about configuring VAs, see Configure Virtual Appliances.
Deploy VAs in Google Cloud Platform < Deploy VAs in KVM > Deploy VAs in Nutanix
Updated about 2 months ago