Page tree

Contents

To deploy on-prem host in the VMware vCenter using ovftool, complete the following:
  1. Log in to the Cloud Services Portal.
  2. Go to Administration -> Downloads.

  3. On the Downloads page, click Download Package for OVA in the On-Prem Hosts section.

  4. Choose an applicable package from the drop-down menu. Note that if you are deploying the Data Connector on-prem host, choose the high-capacity 750 GB OVA package.

  5. Click Download Package for VM, and then save the package on your system.
  6. Prepare the YML and JSON files for the on-prem host deployment. You can either download the sample YML and JSON templates and modify them, or create your own files. Note that you update the API access key in the YML file and the network configuration in the JSON file.
    For instructions about how to modify the YML and JSON files and to download sample YML and JSON templates, see Appendix B: YML and JSON Templates.
  7. After you have updated the YML and JSON templates or created new files, open any Linux terminal and use the VMware OVF Tool to execute the following commands to encode the cloud configuration for user data in base64 format:
    For Linux systems:
     userdata=$(cat userdata_file | base64 -w0)
     metadata=$(cat metadata_file)

    For Mac systems:

     userdata=$(cat userdata_file | base64)
     metadata=$(cat metadata_file)

    where userdata_file and metadata_file are the actual file names.

  8. Optionally, if you want to add multiple network interfaces to the on-prem host, you can modify the VMX configuration, as follows. For information about multiple interfaces, see Multiple Network Interfaces for On-Prem Hosts.
    ovftool --allowExtraConfig bloxone_vA.B.C.ova bloxone_dual_nics.vmx

    Then, add the required interface configuration to the VMX configuration: echo 'ethernet0.networkName = "wan"' >> bloxone_dual_nics.vmx echo 'ethernet1.networkName = "lan"' >> bloxone_dual_nics.vmx echo 'ethernet1.present = "true"' >> bloxone_dual_nics.vmx echo 'ethernet1.virtualDev = "vmxnet3"' >> bloxone_dual_nics.vmx echo 'ethernet1.connectionType = "bridged"' >> bloxone_dual_nics.vmx echo 'ethernet1.startConnected = "true"' >> bloxone_dual_nics.vmx echo 'ethernet1.addressType = "generated"' >> bloxone_dual_nics.vmx

    After you modify the VMX configuration, execute the following commands:
    ovftool "--net:wan=mgmt-nw" "--net:lan=local-nw" \
        --allowAllExtraConfig \
        --extraConfig:guestinfo.cloudinit.userdata="${userdata}" \
        --extraConfig:guestinfo.cloudinit.metadata="${metadata}" \
        ... \ # other required args
        --sourceType=VMX bloxone_dual_nics.vmx \
        "vi://${VCENTER_USER}:${VCENTER_PASS}@${VCENTER_HOST}/<Datacenter>/host/<Cluster>"
    You can pack the image back to OVA by executing the following command:
    ovftool --allowExtraConfig bloxone_dual_nics.vmx bloxone_vA.B.C-dual_nics.ova

    Note

    If you do not provide metadata for the interfaces, only the first Ethernet interface is enabled with the DHCP mode. You must add interface configuration using the metadata network-config.

  9. To deploy the on-prem host, execute the following commands:
     ovftool --acceptAllEulas --skipManifestCheck --allowAllExtraConfig --sourceType=OVA
     --powerOn --datastore="<datastore name>" --name="<name for the proxy>"
     --net:"lan"="<standard switch ID>"
     --extraConfig:guestinfo.cloudinit.userdata="${userdata}"
     --extraConfig:guestinfo.cloudinit.metadata="${metadata}" ngp_onprem_vx.x.xx.ova
     vi://<username>:<password>@<ESXi server IP>

    where
    datastore name = The name of your datastore on which you want to deploy the on-prem host.
    name for the proxy = The name of the on-prem host.
    standard switch ID = The name of the vSphere standard switch that provides connectivity between the
    on-prem host and external networks.
    ngp_onprem_vx.x.xx.ova = The name of the on-prem host OVA file; x.x.xx is the version number of this file.
    username password = This is the username and password for logging in to the ESXi server.
    ESXi server IP = The IP address of the ESXi server on which you have configured the VM for deploying
    the on-prem host.

  10. You have now successfully deployed  on-prem host. It might take a couple minutes for the proxy and BloxOne Threat Defense Cloud to connect. Once connected, the proxy starts collecting information from your on-premises devices and transmits the data to BloxOne Threat Defense Cloud.

  11. For on-prem host to function properly in OVA deployments on ESXi servers, ensure that you enable the Synchronize guest time with host option during the deployment and that your ESXi host is synchronized with the NTP server. If you do not select the Synchronize guest time with host option (or if this option is disabled), the on-prem host synchronizes with the Ubuntu NTP servers: ntp.ubuntu.com and ubuntu.pool.ntp.org. When you disable this option, ensure that you open the UDP 123 port for time synchronization with the Ubuntu NTP servers. For more information, see Synchronizing Time on the ESXi Servers.

  12. To check the current status of the on-prem host, you can go to Manage -> On-Prem Hosts in the Cloud Services Portal. For more information about the host status, see Viewing On-Prem Host Status.


  • No labels

This page has no comments.